diff --git a/data/anchore/2022/CVE-2022-4974.json b/data/anchore/2022/CVE-2022-4974.json index 9c818d59..eebe1a6f 100644 --- a/data/anchore/2022/CVE-2022-4974.json +++ b/data/anchore/2022/CVE-2022-4974.json @@ -1611,6 +1611,7 @@ "packageName": "quick-contact-form", "packageType": "wordpress-plugin", "product": "Quick Contact Form", + "repo": "https://plugins.svn.wordpress.org/quick-contact-form", "vendor": "fullworks", "versions": [ { @@ -2026,6 +2027,7 @@ "packageName": "quick-paypal-payments", "packageType": "wordpress-plugin", "product": "Quick Paypal Payments", + "repo": "https://plugins.svn.wordpress.org/quick-paypal-payments", "vendor": "fullworks", "versions": [ { diff --git a/data/anchore/2023/CVE-2023-22701.json b/data/anchore/2023/CVE-2023-22701.json new file mode 100644 index 00000000..ebf4e4d7 --- /dev/null +++ b/data/anchore/2023/CVE-2023-22701.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-22701", + "description": "Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ebook-store/vulnerability/wordpress-ebook-store-plugin-5-775-broken-authentication-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:shopfiles:ebook_store:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ebook-store", + "packageType": "wordpress-plugin", + "product": "Ebook Store", + "repo": "https://plugins.svn.wordpress.org/ebook-store", + "vendor": "Shopfiles Ltd", + "versions": [ + { + "lessThan": "5.78", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4b17cce-bb52-4125-8c85-6da15517275f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-22708.json b/data/anchore/2023/CVE-2023-22708.json new file mode 100644 index 00000000..cae53650 --- /dev/null +++ b/data/anchore/2023/CVE-2023-22708.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-22708", + "description": "Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/kraken-image-optimizer/vulnerability/wordpress-kraken-io-image-optimizer-plugin-2-6-7-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Kraken.io Image Optimizer plugin to the latest available version (at least 2.6.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kraken:kraken.io_image_optimizer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kraken-image-optimizer", + "packageType": "wordpress-plugin", + "product": "Kraken.io Image Optimizer", + "repo": "https://plugins.svn.wordpress.org/kraken-image-optimizer", + "vendor": "Karim Salman", + "versions": [ + { + "lessThan": "2.6.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2497837d-dec6-4a1d-be88-5c0e659eeb46?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23715.json b/data/anchore/2023/CVE-2023-23715.json new file mode 100644 index 00000000..d1a3631f --- /dev/null +++ b/data/anchore/2023/CVE-2023-23715.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23715", + "description": "Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/jobboardwp/vulnerability/wordpress-jobboardwp-job-board-listings-and-submissions-plugin-1-2-2-idor-leading-to-job-removal-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress JobBoardWP – Job Board Listings and Submissions plugin to the latest available version (at least 1.2.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ultimatemember:jobboardwp:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "jobboardwp", + "packageType": "wordpress-plugin", + "product": "JobBoardWP – Job Board Listings and Submissions", + "repo": "https://plugins.svn.wordpress.org/jobboardwp", + "vendor": "JobBoardWP", + "versions": [ + { + "lessThan": "1.2.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50cc1a15-bb73-4c60-b610-e0c3bf1ef841?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23726.json b/data/anchore/2023/CVE-2023-23726.json new file mode 100644 index 00000000..f8d43a98 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23726.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23726", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/tickera-event-ticketing-system/vulnerability/wordpress-tickera-wordpress-event-ticketing-plugin-3-5-1-0-csrf-leading-to-post-status-change-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Tickera plugin to the latest available version (at least 3.5.1.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "tickera-event-ticketing-system", + "packageType": "wordpress-plugin", + "product": "Tickera", + "repo": "https://plugins.svn.wordpress.org/tickera-event-ticketing-system", + "vendor": "Tickera.com", + "versions": [ + { + "lessThan": "3.5.1.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23814.json b/data/anchore/2023/CVE-2023-23814.json new file mode 100644 index 00000000..aa5ff5e2 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23814.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23814", + "description": "Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/cp-multi-view-calendar/vulnerability/wordpress-calendar-event-multi-view-plugin-1-4-13-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress CP Multi View Event Calendar plugin to the latest available version (at least 1.4.15)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cp_multi_view_event_calendar_project:cp_multi_view_event_calendar:*:*:*:*:wordpress:wordpress:*:*", + "cpe:2.3:a:dwbooster:calendar_event_multi_view:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "cp-multi-view-calendar", + "packageType": "wordpress-plugin", + "product": "CP Multi View Event Calendar", + "repo": "https://plugins.svn.wordpress.org/cp-multi-view-calendar", + "vendor": "CodePeople", + "versions": [ + { + "lessThan": "1.4.15", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23823.json b/data/anchore/2023/CVE-2023-23823.json new file mode 100644 index 00000000..e421e7c5 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23823.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23823", + "description": "Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/enhanced-text-widget/vulnerability/wordpress-enhanced-text-widget-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themecheck:enhanced_text_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "enhanced-text-widget", + "packageType": "wordpress-plugin", + "product": "Enhanced Text Widget", + "repo": "https://plugins.svn.wordpress.org/enhanced-text-widget", + "vendor": "Clever Widgets", + "versions": [ + { + "lessThan": "1.5.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7487f72c-9852-4651-a848-239d4882bbf8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23825.json b/data/anchore/2023/CVE-2023-23825.json new file mode 100644 index 00000000..34161ddf --- /dev/null +++ b/data/anchore/2023/CVE-2023-23825.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23825", + "description": "Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-gutenberg/vulnerability/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-broken-access-control-csrf-on-import-wpforms-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Gutenberg Blocks plugin to the latest available version (at least 2.3.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ultimate-addons-for-gutenberg", + "packageType": "wordpress-plugin", + "product": "Spectra", + "repo": "https://plugins.svn.wordpress.org/ultimate-addons-for-gutenberg", + "vendor": "Brainstorm Force", + "versions": [ + { + "lessThan": "2.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b225e5e-7207-4af4-b023-ad23fd540d56?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23834.json b/data/anchore/2023/CVE-2023-23834.json new file mode 100644 index 00000000..c319402e --- /dev/null +++ b/data/anchore/2023/CVE-2023-23834.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23834", + "description": "Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-gutenberg/vulnerability/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-broken-access-control-csrf-on-activate-plugin-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Gutenberg Blocks plugin to the latest available version (at least 2.3.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ultimate-addons-for-gutenberg", + "packageType": "wordpress-plugin", + "product": "Spectra", + "repo": "https://plugins.svn.wordpress.org/ultimate-addons-for-gutenberg", + "vendor": "Brainstorm Force", + "versions": [ + { + "lessThan": "2.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e828fbc-d465-4d69-b7d6-42e2ad87f73d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23886.json b/data/anchore/2023/CVE-2023-23886.json new file mode 100644 index 00000000..8d3c4734 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23886.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23886", + "description": "Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-recentcomments/vulnerability/wordpress-wp-recentcomments-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:mg12:wp-recentcomments:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-recentcomments", + "packageType": "wordpress-plugin", + "product": "WP-RecentComments", + "repo": "https://plugins.svn.wordpress.org/wp-recentcomments", + "vendor": "mg12", + "versions": [ + { + "lessThanOrEqual": "2.2.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3becd450-b0de-466a-9721-b156a2ba1de3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23893.json b/data/anchore/2023/CVE-2023-23893.json new file mode 100644 index 00000000..4292d9eb --- /dev/null +++ b/data/anchore/2023/CVE-2023-23893.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23893", + "description": "Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/giveasap/vulnerability/wordpress-simple-giveaways-plugin-2-45-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ibenic:simple_giveaways:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "giveasap", + "packageType": "wordpress-plugin", + "product": "Simple Giveaways", + "repo": "https://plugins.svn.wordpress.org/giveasap", + "vendor": "Igor Benic", + "versions": [ + { + "lessThan": "2.46.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/721f8943-5d59-41ee-935e-999dff2e590d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23895.json b/data/anchore/2023/CVE-2023-23895.json new file mode 100644 index 00000000..de0f9041 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23895.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23895", + "description": "Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-time-slots-booking-form/vulnerability/wordpress-wp-time-slots-booking-form-plugin-1-1-82-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Time Slots Booking Form plugin to the latest available version (at least 1.1.83)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:codepeople:wp_time_slots_booking_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-time-slots-booking-form", + "packageType": "wordpress-plugin", + "product": "WP Time Slots Booking Form", + "repo": "https://plugins.svn.wordpress.org/wp-time-slots-booking-form", + "vendor": "CodePeople", + "versions": [ + { + "lessThan": "1.1.83", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a748589-51e5-4e3c-930c-d073d5cc94bf?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23975.json b/data/anchore/2023/CVE-2023-23975.json new file mode 100644 index 00000000..11c54c45 --- /dev/null +++ b/data/anchore/2023/CVE-2023-23975.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23975", + "description": "Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/quick-event-manager/vulnerability/wordpress-quick-event-manager-plugin-9-7-4-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Quick Event Manager plugin to the latest available version (at least 9.7.5)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "quick-event-manager", + "packageType": "wordpress-plugin", + "product": "Quick Event Manager", + "repo": "https://plugins.svn.wordpress.org/quick-event-manager", + "vendor": "Fullworks", + "versions": [ + { + "lessThan": "9.7.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53199f3c-80d1-4c4e-93ef-8a234ba8ba85?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-24375.json b/data/anchore/2023/CVE-2023-24375.json new file mode 100644 index 00000000..71e294a7 --- /dev/null +++ b/data/anchore/2023/CVE-2023-24375.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-24375", + "description": "Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin to the latest available version (at least 7.6.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:miniorange:wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\):*:*:*:*:*:wordpress:*:*" + ], + "packageName": "miniorange-login-openid", + "packageType": "wordpress-plugin", + "product": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)", + "repo": "https://plugins.svn.wordpress.org/miniorange-login-openid", + "vendor": "miniOrange", + "versions": [ + { + "lessThan": "7.6.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ffb9a8e-b08f-451b-bdb5-268d7b618b66?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-24407.json b/data/anchore/2023/CVE-2023-24407.json new file mode 100644 index 00000000..68f2079f --- /dev/null +++ b/data/anchore/2023/CVE-2023-24407.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-24407", + "description": "Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/booking-calendar/vulnerability/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-3-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Booking calendar, Appointment Booking System plugin to the latest available version (at least 3.2.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdevart:booking_calendar:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "booking-calendar", + "packageType": "wordpress-plugin", + "product": "Booking calendar, Appointment Booking System", + "repo": "https://plugins.svn.wordpress.org/booking-calendar", + "vendor": "WpDevArt", + "versions": [ + { + "lessThanOrEqual": "3.2.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25035.json b/data/anchore/2023/CVE-2023-25035.json new file mode 100644 index 00000000..511cc3f9 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25035.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25035", + "description": "Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/quick-contact-form/vulnerability/wordpress-quick-contact-form-plugin-8-0-3-1-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Quick Contact Form plugin to the latest available version (at least 8.0.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fullworksplugins:quick_contact_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "quick-contact-form", + "packageType": "wordpress-plugin", + "product": "Quick Contact Form", + "repo": "https://plugins.svn.wordpress.org/quick-contact-form", + "vendor": "Fullworks", + "versions": [ + { + "lessThan": "8.0.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25037.json b/data/anchore/2023/CVE-2023-25037.json new file mode 100644 index 00000000..19739f7f --- /dev/null +++ b/data/anchore/2023/CVE-2023-25037.json @@ -0,0 +1,50 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25037", + "description": "Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/booking-calendar-contact-form/vulnerability/wordpress-booking-calendar-contact-form-plugin-1-2-34-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Booking Calendar Contact Form plugin to the latest available version (at least 1.2.35)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:booking_calendar_project:booking_calendar:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:codepeople:booking_calendar_contact_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "booking-calendar-contact-form", + "packageType": "wordpress-plugin", + "product": "Booking Calendar Contact Form", + "repo": "https://plugins.svn.wordpress.org/booking-calendar-contact-form", + "vendor": "CodePeople", + "versions": [ + { + "lessThan": "1.2.35", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241?source=cve" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25067.json b/data/anchore/2023/CVE-2023-25067.json new file mode 100644 index 00000000..f16dc63c --- /dev/null +++ b/data/anchore/2023/CVE-2023-25067.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25067", + "description": "Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through 1.45.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/opening-hours/vulnerability/wordpress-we-re-open-plugin-1-45-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress We’re Open! plugin to the latest available version (at least 1.46)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:designextreme:we\\'re_open\\!:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "opening-hours", + "packageType": "wordpress-plugin", + "product": "We’re Open!", + "repo": "https://plugins.svn.wordpress.org/opening-hours", + "vendor": "Noah Hearle, Design Extreme", + "versions": [ + { + "lessThan": "1.46", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e0a227-670d-40d8-ba82-6602ab57bc4a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25454.json b/data/anchore/2023/CVE-2023-25454.json new file mode 100644 index 00000000..c7038be4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25454.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25454", + "description": "Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/protected-posts-logout-button/vulnerability/wordpress-protected-posts-logout-button-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Protected Posts Logout Button plugin to the latest available version (at least 1.4.6)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:mindutopia:protected_posts_logout_button:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "protected-posts-logout-button", + "packageType": "wordpress-plugin", + "product": "Protected Posts Logout Button", + "repo": "https://plugins.svn.wordpress.org/protected-posts-logout-button", + "vendor": "Nate Reist", + "versions": [ + { + "lessThan": "1.4.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25455.json b/data/anchore/2023/CVE-2023-25455.json new file mode 100644 index 00000000..cf360a6b --- /dev/null +++ b/data/anchore/2023/CVE-2023-25455.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25455", + "description": "Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin to the latest available version (at least 7.6.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:miniorange:wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\):*:*:*:*:*:wordpress:*:*" + ], + "packageName": "miniorange-login-openid", + "packageType": "wordpress-plugin", + "product": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)", + "repo": "https://plugins.svn.wordpress.org/miniorange-login-openid", + "vendor": "miniOrange", + "versions": [ + { + "lessThan": "7.6.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25486.json b/data/anchore/2023/CVE-2023-25486.json new file mode 100644 index 00000000..bc138eb6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25486.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25486", + "description": "Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-clone-by-wp-academy/vulnerability/wordpress-clone-plugin-2-3-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Clone plugin to the latest available version (at least 2.3.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:backupbliss:clone:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-clone-by-wp-academy", + "packageType": "wordpress-plugin", + "product": "Clone", + "repo": "https://plugins.svn.wordpress.org/wp-clone-by-wp-academy", + "vendor": "Migrate", + "versions": [ + { + "lessThan": "2.3.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25714.json b/data/anchore/2023/CVE-2023-25714.json new file mode 100644 index 00000000..5fee72d4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25714.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25714", + "description": "Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/quick-paypal-payments/vulnerability/wordpress-quick-paypal-payments-plugin-5-7-25-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Quick Paypal Payments plugin to the latest available version (at least 5.7.26)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fullworksplugins:quick_paypal_payments:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "quick-paypal-payments", + "packageType": "wordpress-plugin", + "product": "Quick Paypal Payments", + "repo": "https://plugins.svn.wordpress.org/quick-paypal-payments", + "vendor": "Fullworks", + "versions": [ + { + "lessThan": "5.7.26", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25959.json b/data/anchore/2023/CVE-2023-25959.json new file mode 100644 index 00000000..c94afab6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25959.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25959", + "description": "Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/apollo13-framework-extensions/vulnerability/wordpress-apollo13-framework-extensions-plugin-1-8-10-broken-access-control?_s_id=cve" + ], + "solutions": [ + "No patched version is available. We notified the vendor about the vulnerability on 2023 Jan 12th." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:apollo13themes:apollo13_framework_extensions:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "apollo13-framework-extensions", + "packageType": "wordpress-plugin", + "product": "Apollo13 Framework Extensions", + "repo": "https://plugins.svn.wordpress.org/apollo13-framework-extensions", + "vendor": "Apollo13Themes", + "versions": [ + { + "lessThan": "1.9.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e122d75b-0bde-4886-a8e0-d07a535fc967?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25966.json b/data/anchore/2023/CVE-2023-25966.json new file mode 100644 index 00000000..9f77bc03 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25966.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25966", + "description": "Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-plugin-5-1-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Filebird plugin to the latest available version (at least 5.1.5)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "filebird", + "packageType": "wordpress-plugin", + "product": "Filebird", + "repo": "https://plugins.svn.wordpress.org/filebird", + "vendor": "Ninja Team", + "versions": [ + { + "lessThan": "5.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-25993.json b/data/anchore/2023/CVE-2023-25993.json new file mode 100644 index 00000000..36a7b6a3 --- /dev/null +++ b/data/anchore/2023/CVE-2023-25993.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-25993", + "description": "Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/top-10/vulnerability/wordpress-top-10-popular-posts-plugin-for-wordpress-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Top 10 plugin to the latest available version (at least 3.2.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:top_10_project:top_10:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:webberzone:top_10:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "top-10", + "packageType": "wordpress-plugin", + "product": "Top 10", + "repo": "https://plugins.svn.wordpress.org/top-10", + "vendor": "WebberZone", + "versions": [ + { + "lessThan": "3.2.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14e832ec-7181-44d9-8d26-2f77e6111763?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-26520.json b/data/anchore/2023/CVE-2023-26520.json new file mode 100644 index 00000000..8ae9aeb0 --- /dev/null +++ b/data/anchore/2023/CVE-2023-26520.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-26520", + "description": "Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/advanced-text-widget/vulnerability/wordpress-advanced-text-widget-plugin-2-1-2-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:advanced_text_widget_project:advanced_text_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "advanced-text-widget", + "packageType": "wordpress-plugin", + "product": "Advanced Text Widget", + "repo": "https://plugins.svn.wordpress.org/advanced-text-widget", + "vendor": "Max Chirkov", + "versions": [ + { + "lessThanOrEqual": "2.1.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-26522.json b/data/anchore/2023/CVE-2023-26522.json new file mode 100644 index 00000000..dd864dea --- /dev/null +++ b/data/anchore/2023/CVE-2023-26522.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-26522", + "description": "Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-repost/vulnerability/wordpress-wp-repost-plugin-0-1-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:onewebsite:wp_repost:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-repost", + "packageType": "wordpress-plugin", + "product": "WP Repost", + "repo": "https://plugins.svn.wordpress.org/wp-repost", + "vendor": "OneWebsite", + "versions": [ + { + "lessThanOrEqual": "0.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-27454.json b/data/anchore/2023/CVE-2023-27454.json new file mode 100644 index 00000000..1badbcf6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-27454.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-27454", + "description": "Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/rife-elementor-extensions/vulnerability/wordpress-rife-elementor-extensions-templates-plugin-1-1-10-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Rife Elementor Extensions & Templates plugin to the latest available version (at least 1.2.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:apollo13themes:rife_elementor_extensions_\\&_templates:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "rife-elementor-extensions", + "packageType": "wordpress-plugin", + "product": "Rife Elementor Extensions & Templates", + "repo": "https://plugins.svn.wordpress.org/rife-elementor-extensions", + "vendor": "Apollo13Themes", + "versions": [ + { + "lessThan": "1.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-27625.json b/data/anchore/2023/CVE-2023-27625.json new file mode 100644 index 00000000..742ec993 --- /dev/null +++ b/data/anchore/2023/CVE-2023-27625.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-27625", + "description": "Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/site-reviews/vulnerability/wordpress-site-reviews-plugin-6-5-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Site Reviews plugin to the latest available version (at least 6.6.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:geminilabs:site_reviews:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "site-reviews", + "packageType": "wordpress-plugin", + "product": "Site Reviews", + "repo": "https://plugins.svn.wordpress.org/site-reviews", + "vendor": "Paul Ryley", + "versions": [ + { + "lessThan": "6.6.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d94f6cdd-8232-4e0c-b510-0e755c280b58?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-27626.json b/data/anchore/2023/CVE-2023-27626.json new file mode 100644 index 00000000..fd7fb510 --- /dev/null +++ b/data/anchore/2023/CVE-2023-27626.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-27626", + "description": "Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/stock-ticker/vulnerability/wordpress-stock-ticker-plugin-3-23-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Stock Ticker plugin to the latest available version (at least 3.23.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:urosevic:stock_ticker:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "stock-ticker", + "packageType": "wordpress-plugin", + "product": "Stock Ticker", + "repo": "https://plugins.svn.wordpress.org/stock-ticker", + "vendor": "Aleksandar Urošević", + "versions": [ + { + "lessThan": "3.23.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e81c4d77-5459-4f56-b339-8da0877a6663?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-28689.json b/data/anchore/2023/CVE-2023-28689.json new file mode 100644 index 00000000..b8c72e43 --- /dev/null +++ b/data/anchore/2023/CVE-2023-28689.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-28689", + "description": "Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/js-jobs/vulnerability/wordpress-js-job-manager-plugin-2-0-0-broken-access-control?_s_id=cve" + ], + "solutions": [ + "No patched version available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:joomsky:js_job_manager:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "js-jobs", + "packageType": "wordpress-plugin", + "product": "JS Job Manager", + "repo": "https://plugins.svn.wordpress.org/js-jobs", + "vendor": "JoomSky", + "versions": [ + { + "lessThan": "2.0.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55604ee9-7343-472c-9a29-035d18b266ab?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-29173.json b/data/anchore/2023/CVE-2023-29173.json new file mode 100644 index 00000000..23976ff0 --- /dev/null +++ b/data/anchore/2023/CVE-2023-29173.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-29173", + "description": "Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/product-category-tree/vulnerability/wordpress-product-category-tree-plugin-2-5-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awesometogi:product-category-tree:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:awesometogi:product_category_tree:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "product-category-tree", + "packageType": "wordpress-plugin", + "product": "Product Category Tree", + "repo": "https://plugins.svn.wordpress.org/product-category-tree", + "vendor": "AWESOME TOGI", + "versions": [ + { + "lessThanOrEqual": "2.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88840d66-1644-4af0-b811-41f0e9fe2c0c?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-29429.json b/data/anchore/2023/CVE-2023-29429.json new file mode 100644 index 00000000..e9695afb --- /dev/null +++ b/data/anchore/2023/CVE-2023-29429.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-29429", + "description": "Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-2-3-2-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress User Registration plugin to the latest available version (at least 2.3.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "user-registration", + "packageType": "wordpress-plugin", + "product": "User Registration", + "repo": "https://plugins.svn.wordpress.org/user-registration", + "vendor": "WPEverest", + "versions": [ + { + "lessThan": "2.3.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a671128a-74e6-4f92-94af-9e5e37ed7b7a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-30748.json b/data/anchore/2023/CVE-2023-30748.json new file mode 100644 index 00000000..bef561e5 --- /dev/null +++ b/data/anchore/2023/CVE-2023-30748.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-30748", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/easy-appointments/vulnerability/wordpress-easy-appointments-plugin-3-10-7-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.11.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:easy_appointments_project:easy_appointments:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "easy-appointments", + "packageType": "wordpress-plugin", + "product": "Easy Appointments", + "repo": "https://plugins.svn.wordpress.org/easy-appointments", + "vendor": "Nikola Loncar", + "versions": [ + { + "lessThan": "3.11.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfe8d13b-f387-4c82-ba9f-efadda18c882?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-30873.json b/data/anchore/2023/CVE-2023-30873.json new file mode 100644 index 00000000..65152ca2 --- /dev/null +++ b/data/anchore/2023/CVE-2023-30873.json @@ -0,0 +1,49 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-30873", + "description": "Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-1-9-8-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Docs plugin to the latest available version (at least 1.9.9)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fahad_mahmood:wp_docs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-docs", + "packageType": "wordpress-plugin", + "product": "WP Docs", + "repo": "https://plugins.svn.wordpress.org/wp-docs", + "vendor": "Fahad Mahmood", + "versions": [ + { + "lessThan": "1.9.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45a870f4-7ad1-447b-81ea-5d9e9b67b1bb?source=cve" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6003b1bf-b176-4ca9-9de2-58133259e0f6?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-31073.json b/data/anchore/2023/CVE-2023-31073.json new file mode 100644 index 00000000..b3f3328a --- /dev/null +++ b/data/anchore/2023/CVE-2023-31073.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-31073", + "description": "Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/shortcode-to-display-post-and-user-data/vulnerability/wordpress-shortcode-to-display-post-and-user-data-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Display custom fields in the frontend – Post and User Profile Fields plugin to the latest available version (at least 1.2.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:vegacorp:display_custom_fields_in_the_frontend_-_post_and_user_profile_fields:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "shortcode-to-display-post-and-user-data", + "packageType": "wordpress-plugin", + "product": "Display custom fields in the frontend – Post and User Profile Fields", + "repo": "https://plugins.svn.wordpress.org/shortcode-to-display-post-and-user-data", + "vendor": "Jose Vega", + "versions": [ + { + "lessThan": "1.2.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf3b629-c1a2-4fdd-b7fc-d3550bd30857?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-32117.json b/data/anchore/2023/CVE-2023-32117.json new file mode 100644 index 00000000..14e79993 --- /dev/null +++ b/data/anchore/2023/CVE-2023-32117.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-32117", + "description": "Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-1-99-unauthenticated-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Integrate Google Drive plugin to the latest available version (at least 1.2.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:softlabdb:integrate_google_drive:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "integrate-google-drive", + "packageType": "wordpress-plugin", + "product": "Integrate Google Drive", + "repo": "https://plugins.svn.wordpress.org/integrate-google-drive", + "vendor": "SoftLab", + "versions": [ + { + "lessThan": "1.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fe8b2c8-3bb1-463a-a64c-15d7bcc29985?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-32126.json b/data/anchore/2023/CVE-2023-32126.json new file mode 100644 index 00000000..656ef534 --- /dev/null +++ b/data/anchore/2023/CVE-2023-32126.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-32126", + "description": "Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/salert/vulnerability/wordpress-salert-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress SALERT plugin to the latest available version (at least 1.2.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpoperation:salert_-_fake_sales_notification_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "salert", + "packageType": "wordpress-plugin", + "product": "SALERT", + "repo": "https://plugins.svn.wordpress.org/salert", + "vendor": "WPoperation", + "versions": [ + { + "lessThan": "1.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e45ae8-e5b5-460b-80f8-de562ae7c56a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-32293.json b/data/anchore/2023/CVE-2023-32293.json new file mode 100644 index 00000000..0a45519e --- /dev/null +++ b/data/anchore/2023/CVE-2023-32293.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-32293", + "description": "Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wrc-pricing-tables/vulnerability/wordpress-wrc-pricing-tables-plugin-2-3-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:realwebcare:wrc_pricing_tables:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wrc-pricing-tables", + "packageType": "wordpress-plugin", + "product": "WRC Pricing Tables", + "repo": "https://plugins.svn.wordpress.org/wrc-pricing-tables", + "vendor": "Realwebcare", + "versions": [ + { + "lessThan": "2.3.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-41953.json b/data/anchore/2023/CVE-2023-41953.json new file mode 100644 index 00000000..eb3d6934 --- /dev/null +++ b/data/anchore/2023/CVE-2023-41953.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-41953", + "description": "Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-user-avatar/vulnerability/wordpress-profilepress-plugin-4-13-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ProfilePress plugin to the latest available version (at least 4.13.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:profilepress:profilepress:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:profilepress:user_registration\\,_login_form\\,_user_profile_\\&_membership:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-user-avatar", + "packageType": "wordpress-plugin", + "product": "ProfilePress", + "repo": "https://plugins.svn.wordpress.org/wp-user-avatar", + "vendor": "ProfilePress Membership Team", + "versions": [ + { + "lessThan": "4.13.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e103f59a-00fa-4d4c-b4fc-834754886d49?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47698.json b/data/anchore/2023/CVE-2023-47698.json new file mode 100644 index 00000000..1a1c4d8d --- /dev/null +++ b/data/anchore/2023/CVE-2023-47698.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47698", + "description": "Missing Authorization vulnerability in Artisan Workshop Japanized For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through 2.6.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-6-4-multiple-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Japanized For WooCommerce plugin to the latest available version (at least 2.6.5)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:artisanworkshop:japanized_for_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woocommerce-for-japan", + "packageType": "wordpress-plugin", + "product": "Japanized For WooCommerce", + "repo": "https://plugins.svn.wordpress.org/woocommerce-for-japan", + "vendor": "Artisan Workshop", + "versions": [ + { + "lessThan": "2.6.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fc675e8-8ba1-40b0-829e-7a48d5eb586d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47760.json b/data/anchore/2023/CVE-2023-47760.json new file mode 100644 index 00000000..5b03e953 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47760.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47760", + "description": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-2-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Essential Blocks for Gutenberg plugin to the latest available version (at least 4.2.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "essential-blocks", + "packageType": "wordpress-plugin", + "product": "Essential Blocks for Gutenberg", + "repo": "https://plugins.svn.wordpress.org/essential-blocks", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "4.2.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2136e1c-5f69-434d-bdc7-72a144da744b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47761.json b/data/anchore/2023/CVE-2023-47761.json new file mode 100644 index 00000000..9e60b9e0 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47761.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47761", + "description": "Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through 2.0.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/simple-301-redirects/vulnerability/wordpress-simple-301-redirects-by-betterlinks-plugin-2-0-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Simple 301 Redirects by BetterLinks plugin to the latest available version (at least 2.0.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "simple-301-redirects", + "packageType": "wordpress-plugin", + "product": "Simple 301 Redirects by BetterLinks", + "repo": "https://plugins.svn.wordpress.org/simple-301-redirects", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "2.0.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddacd612-0cd5-4b07-9184-bec6f1adbb4c?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47762.json b/data/anchore/2023/CVE-2023-47762.json new file mode 100644 index 00000000..164ffc6a --- /dev/null +++ b/data/anchore/2023/CVE-2023-47762.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47762", + "description": "Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/betterdocs/vulnerability/wordpress-betterdocs-plugin-2-5-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress BetterDocs plugin to the latest available version (at least 2.5.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:betterdocs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "betterdocs", + "packageType": "wordpress-plugin", + "product": "BetterDocs", + "repo": "https://plugins.svn.wordpress.org/betterdocs", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "2.5.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47763.json b/data/anchore/2023/CVE-2023-47763.json new file mode 100644 index 00000000..be967a34 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47763.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47763", + "description": "Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.31.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-31-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.32)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp_custom_admin_interface_project:wp_custom_admin_interface:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-custom-admin-interface", + "packageType": "wordpress-plugin", + "product": "WP Custom Admin Interface", + "repo": "https://plugins.svn.wordpress.org/wp-custom-admin-interface", + "vendor": "Martin Gibson", + "versions": [ + { + "lessThan": "7.32", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b040f47-b126-4640-9fc5-bda8650f6c69?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47764.json b/data/anchore/2023/CVE-2023-47764.json new file mode 100644 index 00000000..1ab23ab7 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47764.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47764", + "description": "Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ditty-news-ticker/vulnerability/wordpress-ditty-plugin-3-1-24-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Ditty plugin to the latest available version (at least 3.1.25)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ditty-news-ticker", + "packageType": "wordpress-plugin", + "product": "Ditty", + "repo": "https://plugins.svn.wordpress.org/ditty-news-ticker", + "vendor": "Metaphor Creations", + "versions": [ + { + "lessThan": "3.1.25", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08630dfd-df43-4a5a-8fc7-ba8ff753db3d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47780.json b/data/anchore/2023/CVE-2023-47780.json new file mode 100644 index 00000000..3a90c79f --- /dev/null +++ b/data/anchore/2023/CVE-2023-47780.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47780", + "description": "Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through 5.1.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/easyazon/vulnerability/wordpress-easyazon-amazon-associates-affiliate-plugin-plugin-5-1-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:flowdee:easyazon:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:getaawp:easyazon:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "easyazon", + "packageType": "wordpress-plugin", + "product": "EasyAzon", + "repo": "https://plugins.svn.wordpress.org/easyazon", + "vendor": "EasyAzon", + "versions": [ + { + "lessThan": "5.1.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91ba93de-4c5f-4611-8296-adfc85c8dd2b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47805.json b/data/anchore/2023/CVE-2023-47805.json new file mode 100644 index 00000000..373ef598 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47805.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47805", + "description": "Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-cafe/vulnerability/wordpress-wpcafe-plugin-2-2-19-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themewinter:wpcafe:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-cafe", + "packageType": "wordpress-plugin", + "product": "WPCafe", + "repo": "https://plugins.svn.wordpress.org/wp-cafe", + "vendor": "Themewinter", + "versions": [ + { + "lessThan": "2.2.23", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4261bc62-a091-408b-8643-e6fa61d62103?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47820.json b/data/anchore/2023/CVE-2023-47820.json new file mode 100644 index 00000000..5b679f26 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47820.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47820", + "description": "Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-like-button/vulnerability/wordpress-wp-like-button-plugin-1-7-0-broken-access-control-csrf-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:crudlab:wp_like_button:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-like-button", + "packageType": "wordpress-plugin", + "product": "WP Like Button", + "repo": "https://plugins.svn.wordpress.org/wp-like-button", + "vendor": "CRUDLab", + "versions": [ + { + "lessThanOrEqual": "1.7.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da550fd7-3c1a-4b07-afc0-2366e0f5cccd?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47822.json b/data/anchore/2023/CVE-2023-47822.json new file mode 100644 index 00000000..4adf7767 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47822.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47822", + "description": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/mp3-music-player-by-sonaar/vulnerability/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-4-10-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin to the latest available version (at least 4.10.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sonaar:mp3_audio_player_for_music\\,_radio_\\&_podcast:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mp3-music-player-by-sonaar", + "packageType": "wordpress-plugin", + "product": "MP3 Audio Player for Music, Radio & Podcast by Sonaar", + "repo": "https://plugins.svn.wordpress.org/mp3-music-player-by-sonaar", + "vendor": "Sonaar Music", + "versions": [ + { + "lessThan": "4.10.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcb9d95-acb4-4405-b785-1e5eace10dc9?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47823.json b/data/anchore/2023/CVE-2023-47823.json new file mode 100644 index 00000000..33fc5a0b --- /dev/null +++ b/data/anchore/2023/CVE-2023-47823.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47823", + "description": "Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/formcraft-form-builder/vulnerability/wordpress-formcraft-contact-form-builder-for-wordpress-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress FormCraft plugin to the latest available version (at least 1.2.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:formcrafts:formcraft:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:ncrafts:formcraft:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "formcraft-form-builder", + "packageType": "wordpress-plugin", + "product": "FormCraft", + "repo": "https://plugins.svn.wordpress.org/formcraft-form-builder", + "vendor": "nCrafts", + "versions": [ + { + "lessThan": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47826.json b/data/anchore/2023/CVE-2023-47826.json new file mode 100644 index 00000000..9067497f --- /dev/null +++ b/data/anchore/2023/CVE-2023-47826.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47826", + "description": "Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/restaurant-cafe-addon-for-elementor/vulnerability/wordpress-restaurant-cafe-addon-for-elementor-plugin-1-5-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Restaurant & Cafe Addon for Elementor plugin to the latest available version (at least 1.5.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:nicheaddons:restaurant_\\&_cafe_addon_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "restaurant-cafe-addon-for-elementor", + "packageType": "wordpress-plugin", + "product": "Restaurant & Cafe Addon for Elementor", + "repo": "https://plugins.svn.wordpress.org/restaurant-cafe-addon-for-elementor", + "vendor": "NicheAddons", + "versions": [ + { + "lessThan": "1.5.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad003d57-a573-473e-80a9-5bf60d42a707?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47832.json b/data/anchore/2023/CVE-2023-47832.json new file mode 100644 index 00000000..b20d678c --- /dev/null +++ b/data/anchore/2023/CVE-2023-47832.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47832", + "description": "Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:searchiq:searchiq:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "searchiq", + "packageType": "wordpress-plugin", + "product": "SearchIQ", + "repo": "https://plugins.svn.wordpress.org/searchiq", + "vendor": "searchiq", + "versions": [ + { + "lessThan": "4.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3001829b-f63b-4b99-91a0-53d615ac96c1?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47836.json b/data/anchore/2023/CVE-2023-47836.json new file mode 100644 index 00000000..493a940b --- /dev/null +++ b/data/anchore/2023/CVE-2023-47836.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47836", + "description": "Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through 2.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-meta-and-date-remover/vulnerability/wordpress-wp-meta-and-date-remover-plugin-2-2-1-broken-access-control-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:prasadkirpekar:wp_meta_and_date_remover:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-meta-and-date-remover", + "packageType": "wordpress-plugin", + "product": "WP Meta and Date Remover", + "repo": "https://plugins.svn.wordpress.org/wp-meta-and-date-remover", + "vendor": "Prasad Kirpekar", + "versions": [ + { + "lessThan": "2.3.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/faa9ad87-44b2-47b3-a05c-52e59af7255a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47841.json b/data/anchore/2023/CVE-2023-47841.json new file mode 100644 index 00000000..79acd0a4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47841.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47841", + "description": "Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-1-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Analytify plugin to the latest available version (at least 5.2.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-analytify", + "packageType": "wordpress-plugin", + "product": "Analytify", + "repo": "https://plugins.svn.wordpress.org/wp-analytify", + "vendor": "Analytify", + "versions": [ + { + "lessThan": "5.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47847.json b/data/anchore/2023/CVE-2023-47847.json new file mode 100644 index 00000000..4b55a788 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47847.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47847", + "description": "Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/paytr-taksit-tablosu-woocommerce/vulnerability/wordpress-paytr-taksit-tablosu-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. This plugin has been closed as of November 17, 2023 and is not available for download. This closure is temporary, pending a full review." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:paytr:paytr_taksit_tablosu_-_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "paytr-taksit-tablosu-woocommerce", + "packageType": "wordpress-plugin", + "product": "PayTR Taksit Tablosu", + "repo": "https://plugins.svn.wordpress.org/paytr-taksit-tablosu-woocommerce", + "vendor": "PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.", + "versions": [ + { + "lessThan": "1.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bfefe86-b25e-4ffe-9beb-28dc22a99d62?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47869.json b/data/anchore/2023/CVE-2023-47869.json new file mode 100644 index 00000000..4de7d720 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47869.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47869", + "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:gvectors:wpforo:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wpforo", + "packageType": "wordpress-plugin", + "product": "wpForo Forum", + "repo": "https://plugins.svn.wordpress.org/wpforo", + "vendor": "gVectors Team", + "versions": [ + { + "lessThan": "2.2.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47871.json b/data/anchore/2023/CVE-2023-47871.json new file mode 100644 index 00000000..73414cb9 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47871.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47871", + "description": "Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/contact-form-to-any-api/vulnerability/wordpress-contact-form-to-any-api-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:itpathsolutions:contact_form_to_any_api:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "contact-form-to-any-api", + "packageType": "wordpress-plugin", + "product": "Contact Form to Any API", + "repo": "https://plugins.svn.wordpress.org/contact-form-to-any-api", + "vendor": "IT Path Solutions", + "versions": [ + { + "lessThan": "1.1.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a7c647-4c57-499a-8e46-ca273985bd6d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48324.json b/data/anchore/2023/CVE-2023-48324.json new file mode 100644 index 00000000..b7212078 --- /dev/null +++ b/data/anchore/2023/CVE-2023-48324.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48324", + "description": "Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-helpdesk-plugin-6-1-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Awesome Support plugin to the latest available version (at least 6.1.5)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awesomesupport:awesome_support_wordpress_helpdesk_\\&_support:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "awesome-support", + "packageType": "wordpress-plugin", + "product": "Awesome Support", + "repo": "https://plugins.svn.wordpress.org/awesome-support", + "vendor": "Awesome Support Team", + "versions": [ + { + "lessThan": "6.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dec91d7-19cf-480d-871c-427cd1e691a6?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48740.json b/data/anchore/2023/CVE-2023-48740.json new file mode 100644 index 00000000..3db46a96 --- /dev/null +++ b/data/anchore/2023/CVE-2023-48740.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48740", + "description": "Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/easy-facebook-likebox/vulnerability/wordpress-easy-social-feed-plugin-6-5-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Easy Social Feed plugin to the latest available version (at least 6.5.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:free:wordpress:*:*" + ], + "packageName": "easy-facebook-likebox", + "packageType": "wordpress-plugin", + "product": "Easy Social Feed", + "repo": "https://plugins.svn.wordpress.org/easy-facebook-likebox", + "vendor": "Easy Social Feed", + "versions": [ + { + "lessThan": "6.5.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48774.json b/data/anchore/2023/CVE-2023-48774.json new file mode 100644 index 00000000..c085eff9 --- /dev/null +++ b/data/anchore/2023/CVE-2023-48774.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48774", + "description": "Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ideapush/vulnerability/wordpress-ideapush-plugin-8-53-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:northernbeacheswebsites:ideapush:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ideapush", + "packageType": "wordpress-plugin", + "product": "IdeaPush", + "repo": "https://plugins.svn.wordpress.org/ideapush", + "vendor": "Martin Gibson", + "versions": [ + { + "lessThan": "8.58", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5811fc63-da34-43cb-ae33-a34a8795bb72?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48776.json b/data/anchore/2023/CVE-2023-48776.json new file mode 100644 index 00000000..8d6846ac --- /dev/null +++ b/data/anchore/2023/CVE-2023-48776.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48776", + "description": "Missing Authorization vulnerability in Thomas Scholl canvasio3D Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through 2.5.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/canvasio3d-light/vulnerability/wordpress-canvasio3d-light-plugin-2-4-6-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:virtuellwerk:canvasio3d_light:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "canvasio3d-light", + "packageType": "wordpress-plugin", + "product": "canvasio3D Light", + "repo": "https://plugins.svn.wordpress.org/canvasio3d-light", + "vendor": "Thomas Scholl", + "versions": [ + { + "lessThanOrEqual": "2.5.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11795557-74c0-469a-9751-adc759f9214b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49154.json b/data/anchore/2023/CVE-2023-49154.json new file mode 100644 index 00000000..165ed485 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49154.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49154", + "description": "Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/button-generation/vulnerability/wordpress-button-generator-easily-button-builder-plugin-2-3-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "button-generation", + "packageType": "wordpress-plugin", + "product": "Button Generator – easily Button Builder", + "repo": "https://plugins.svn.wordpress.org/button-generation", + "vendor": "Wow-Company", + "versions": [ + { + "lessThan": "2.3.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73dd286e-5338-42d2-9928-1e14150ccf56?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49156.json b/data/anchore/2023/CVE-2023-49156.json new file mode 100644 index 00000000..7a1327d4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49156.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49156", + "description": "Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through 1.4.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/godaddy-email-marketing-sign-up-forms/vulnerability/wordpress-godaddy-email-marketing-plugin-1-4-3-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:godaddy:godaddy_email_marketing:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "godaddy-email-marketing-sign-up-forms", + "packageType": "wordpress-plugin", + "product": "GoDaddy Email Marketing", + "repo": "https://plugins.svn.wordpress.org/godaddy-email-marketing-sign-up-forms", + "vendor": "GoDaddy", + "versions": [ + { + "lessThanOrEqual": "1.4.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d9d19e-a080-40e9-8a71-01888393f618?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49192.json b/data/anchore/2023/CVE-2023-49192.json new file mode 100644 index 00000000..e0586657 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49192.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49192", + "description": "Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.6.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/enhanced-text-widget/vulnerability/wordpress-enhanced-text-widget-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themecheck:enhanced_text_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "enhanced-text-widget", + "packageType": "wordpress-plugin", + "product": "Enhanced Text Widget", + "repo": "https://plugins.svn.wordpress.org/enhanced-text-widget", + "vendor": "Clever Widgets", + "versions": [ + { + "lessThan": "1.6.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25122475-fc2c-4a8c-90d3-f4a85fb3a8cc?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49193.json b/data/anchore/2023/CVE-2023-49193.json new file mode 100644 index 00000000..39274603 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49193.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49193", + "description": "Missing Authorization vulnerability in NerdPress Social Pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Pug: from n/a through 1.30.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/social-pug/vulnerability/wordpress-grow-social-plugin-1-20-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:devpups:social_pug:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "social-pug", + "packageType": "wordpress-plugin", + "product": "Social Pug", + "repo": "https://plugins.svn.wordpress.org/social-pug", + "vendor": "NerdPress", + "versions": [ + { + "lessThan": "1.30.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22b17fcb-0c97-462d-b67c-6da2919478d5?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49196.json b/data/anchore/2023/CVE-2023-49196.json new file mode 100644 index 00000000..fa4c386d --- /dev/null +++ b/data/anchore/2023/CVE-2023-49196.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49196", + "description": "Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/pagelayer/vulnerability/wordpress-pagelayer-plugin-1-7-7-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress PageLayer plugin to the latest available version (at least 1.7.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:pagelayer:pagelayer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "pagelayer", + "packageType": "wordpress-plugin", + "product": "PageLayer", + "repo": "https://plugins.svn.wordpress.org/pagelayer", + "vendor": "Pagelayer Team", + "versions": [ + { + "lessThanOrEqual": "1.7.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49756.json b/data/anchore/2023/CVE-2023-49756.json new file mode 100644 index 00000000..9148eaa4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49756.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49756", + "description": "Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-plugin-3-3-44-authenticated-notice-dismissal-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-event-solution", + "packageType": "wordpress-plugin", + "product": "Eventin", + "repo": "https://plugins.svn.wordpress.org/wp-event-solution", + "vendor": "Themewinter", + "versions": [ + { + "lessThan": "3.3.53", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f256036d-11e8-4311-baa0-d15193c72da0?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49757.json b/data/anchore/2023/CVE-2023-49757.json new file mode 100644 index 00000000..253ff655 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49757.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49757", + "description": "Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awesomesupport:awesome_support_wordpress_helpdesk_\\&_support:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "awesome-support", + "packageType": "wordpress-plugin", + "product": "Awesome Support", + "repo": "https://plugins.svn.wordpress.org/awesome-support", + "vendor": "Awesome Support Team", + "versions": [ + { + "lessThan": "6.1.11", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd9f1385-6457-4bc9-9c75-0fcd399a5956?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49758.json b/data/anchore/2023/CVE-2023-49758.json new file mode 100644 index 00000000..2d913026 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49758.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49758", + "description": "Missing Authorization vulnerability in Veribo, Roland Murg WP Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through 2.0.19.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-booking-system/vulnerability/wordpress-wp-booking-system-plugin-2-0-19-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Booking System plugin to the latest available version (at least 2.0.19.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpbookingsystem:wp_booking_system:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-booking-system", + "packageType": "wordpress-plugin", + "product": "WP Booking System", + "repo": "https://plugins.svn.wordpress.org/wp-booking-system", + "vendor": "Veribo, Roland Murg", + "versions": [ + { + "lessThan": "2.0.19.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/805c46ec-0b8a-4a40-bfc9-5d2d8d43a17b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49831.json b/data/anchore/2023/CVE-2023-49831.json new file mode 100644 index 00000000..24ec62e1 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49831.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49831", + "description": "Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-5-2-3-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress RegistrationMagic plugin to the latest available version (at least 5.2.3.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "custom-registration-form-builder-with-submission-manager", + "packageType": "wordpress-plugin", + "product": "RegistrationMagic", + "repo": "https://plugins.svn.wordpress.org/custom-registration-form-builder-with-submission-manager", + "vendor": "Metagauss User Registration Forms", + "versions": [ + { + "lessThan": "5.2.3.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d041b14-0d05-4bfe-bd5c-7e06d7b108b8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49832.json b/data/anchore/2023/CVE-2023-49832.json new file mode 100644 index 00000000..a5d347f0 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49832.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49832", + "description": "Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.10.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/site-reviews/vulnerability/wordpress-site-reviews-plugin-6-10-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Site Reviews plugin to the latest available version (at least 6.10.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:geminilabs:site_reviews:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "site-reviews", + "packageType": "wordpress-plugin", + "product": "Site Reviews", + "repo": "https://plugins.svn.wordpress.org/site-reviews", + "vendor": "Paul Ryley", + "versions": [ + { + "lessThan": "6.10.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49835.json b/data/anchore/2023/CVE-2023-49835.json new file mode 100644 index 00000000..3b73156f --- /dev/null +++ b/data/anchore/2023/CVE-2023-49835.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49835", + "description": "Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/post-duplicator/vulnerability/wordpress-post-duplicator-plugin-2-31-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Post Duplicator plugin to the latest available version (at least 2.32)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:metaphorcreations:post_duplicator:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "post-duplicator", + "packageType": "wordpress-plugin", + "product": "Post Duplicator", + "repo": "https://plugins.svn.wordpress.org/post-duplicator", + "vendor": "Metaphor Creations", + "versions": [ + { + "lessThan": "2.32", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5665931-8da9-44db-a5b1-46acebf14f3b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49850.json b/data/anchore/2023/CVE-2023-49850.json new file mode 100644 index 00000000..26efe0b6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49850.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49850", + "description": "Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through 2.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-simple-html-sitemap/vulnerability/wordpress-wp-simple-html-sitemap-plugin-2-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:freelancer-coder:wordpress_simple_html_sitemap:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-simple-html-sitemap", + "packageType": "wordpress-plugin", + "product": "WP Simple HTML Sitemap", + "repo": "https://plugins.svn.wordpress.org/wp-simple-html-sitemap", + "vendor": "Ashish Ajani", + "versions": [ + { + "lessThan": "2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eff4cb35-492b-448a-8d16-b9210917c567?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49856.json b/data/anchore/2023/CVE-2023-49856.json new file mode 100644 index 00000000..b4f9ee5e --- /dev/null +++ b/data/anchore/2023/CVE-2023-49856.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49856", + "description": "Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/smart-forms/vulnerability/wordpress-smart-forms-plugin-2-6-84-authenticated-arbitrary-options-change-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:rednao:smart_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "smart-forms", + "packageType": "wordpress-plugin", + "product": "Smart Forms", + "repo": "https://plugins.svn.wordpress.org/smart-forms", + "vendor": "RedNao", + "versions": [ + { + "lessThan": "2.6.85", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ac48cd9-1de5-4840-b3f3-dc24ca52442e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49857.json b/data/anchore/2023/CVE-2023-49857.json new file mode 100644 index 00000000..5b66097f --- /dev/null +++ b/data/anchore/2023/CVE-2023-49857.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49857", + "description": "Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-2?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awesomesupport:awesome_support_wordpress_helpdesk_\\&_support:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "awesome-support", + "packageType": "wordpress-plugin", + "product": "Awesome Support", + "repo": "https://plugins.svn.wordpress.org/awesome-support", + "vendor": "Awesome Support Team", + "versions": [ + { + "lessThanOrEqual": "6.1.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49861.json b/data/anchore/2023/CVE-2023-49861.json new file mode 100644 index 00000000..402e3733 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49861.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-49861", + "description": "Missing Authorization vulnerability in socialmediafeather Social Media Feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through 2.1.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/social-media-feather/vulnerability/wordpress-social-media-feather-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sharethis:social_media_feather:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "social-media-feather", + "packageType": "wordpress-plugin", + "product": "Social Media Feather", + "repo": "https://plugins.svn.wordpress.org/social-media-feather", + "vendor": "socialmediafeather", + "versions": [ + { + "lessThan": "2.1.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4154aa02-7fa1-4858-bea7-092ec4a508ac?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50375.json b/data/anchore/2023/CVE-2023-50375.json new file mode 100644 index 00000000..67e288fc --- /dev/null +++ b/data/anchore/2023/CVE-2023-50375.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50375", + "description": "Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/google-language-translator/vulnerability/wordpress-translate-wordpress-google-language-translator-plugin-6-0-19-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Google Language Translator plugin to the latest available version (at least 6.0.20)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:gtranslate:google_language_translator:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "google-language-translator", + "packageType": "wordpress-plugin", + "product": "Google Language Translator", + "repo": "https://plugins.svn.wordpress.org/google-language-translator", + "vendor": "Translate AI Multilingual Solutions", + "versions": [ + { + "lessThan": "6.0.20", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91e7e93d-348b-40d7-b803-5dbd7c6a684a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50876.json b/data/anchore/2023/CVE-2023-50876.json new file mode 100644 index 00000000..40754ef3 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50876.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50876", + "description": "Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/molongui-authorship/vulnerability/wordpress-molongui-plugin-4-7-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Molongui plugin to the latest available version (at least 4.7.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:amitzy:molongui:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:amitzy:molongui_authorship:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "molongui-authorship", + "packageType": "wordpress-plugin", + "product": "Molongui", + "repo": "https://plugins.svn.wordpress.org/molongui-authorship", + "vendor": "Molongui", + "versions": [ + { + "lessThan": "4.7.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50882.json b/data/anchore/2023/CVE-2023-50882.json new file mode 100644 index 00000000..8f864ced --- /dev/null +++ b/data/anchore/2023/CVE-2023-50882.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50882", + "description": "Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-user-avatar/vulnerability/wordpress-profilepress-plugin-4-13-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ProfilePress plugin to the latest available version (at least 4.13.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:profilepress:profilepress:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:profilepress:user_registration\\,_login_form\\,_user_profile_\\&_membership:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-user-avatar", + "packageType": "wordpress-plugin", + "product": "ProfilePress", + "repo": "https://plugins.svn.wordpress.org/wp-user-avatar", + "vendor": "ProfilePress Membership Team", + "versions": [ + { + "lessThanOrEqual": "4.13.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50884.json b/data/anchore/2023/CVE-2023-50884.json new file mode 100644 index 00000000..04559a9f --- /dev/null +++ b/data/anchore/2023/CVE-2023-50884.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50884", + "description": "Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.1.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/lastudio-element-kit/vulnerability/wordpress-la-studio-element-kit-for-elementor-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress LA-Studio Element Kit for Elementor plugin to the latest available version (at least 1.1.6)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:la-studioweb:element_kit_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "lastudio-element-kit", + "packageType": "wordpress-plugin", + "product": "LA-Studio Element Kit for Elementor", + "repo": "https://plugins.svn.wordpress.org/lastudio-element-kit", + "vendor": "LA-Studio", + "versions": [ + { + "lessThan": "1.1.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/523f7a8a-d06d-4778-be14-d0b7ca32dab3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50887.json b/data/anchore/2023/CVE-2023-50887.json new file mode 100644 index 00000000..cae6235b --- /dev/null +++ b/data/anchore/2023/CVE-2023-50887.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50887", + "description": "Missing Authorization vulnerability in UserFeedback Team User Feedback allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through 1.0.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/userfeedback-lite/vulnerability/wordpress-user-feedback-plugin-1-0-10-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress User Feedback plugin to the latest available version (at least 1.0.11)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:monsterinsights:user_feedback:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "userfeedback-lite", + "packageType": "wordpress-plugin", + "product": "User Feedback", + "repo": "https://plugins.svn.wordpress.org/userfeedback-lite", + "vendor": "UserFeedback Team", + "versions": [ + { + "lessThan": "1.0.11", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50899.json b/data/anchore/2023/CVE-2023-50899.json new file mode 100644 index 00000000..d6c6be65 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50899.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50899", + "description": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/woocommerce-catalog-enquiry/vulnerability/wordpress-product-catalog-enquiry-for-woocommerce-by-multivendorx-plugin-5-0-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin to the latest available version (at least 5.0.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wc-marketplace:wc_catalog_enquiry:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woocommerce-catalog-enquiry", + "packageType": "wordpress-plugin", + "product": "Product Catalog Enquiry for WooCommerce by MultiVendorX", + "repo": "https://plugins.svn.wordpress.org/woocommerce-catalog-enquiry", + "vendor": "MultiVendorX", + "versions": [ + { + "lessThan": "5.0.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03177018-94cb-4e14-9476-e2d369414c38?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50903.json b/data/anchore/2023/CVE-2023-50903.json new file mode 100644 index 00000000..d62edce7 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50903.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50903", + "description": "Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/metform/vulnerability/wordpress-metform-elementor-contact-form-builder-plugin-3-4-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Metform Elementor Contact Form Builder plugin to the latest available version (at least 3.4.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "metform", + "packageType": "wordpress-plugin", + "product": "Metform Elementor Contact Form Builder", + "repo": "https://plugins.svn.wordpress.org/metform", + "vendor": "Wpmet", + "versions": [ + { + "lessThan": "3.4.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6425d39-cc8b-4130-8f67-2d6de7954934?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50904.json b/data/anchore/2023/CVE-2023-50904.json new file mode 100644 index 00000000..5a0ea029 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50904.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-50904", + "description": "Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-8-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Poll Maker plugin to the latest available version (at least 4.8.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "poll-maker", + "packageType": "wordpress-plugin", + "product": "Poll Maker", + "repo": "https://plugins.svn.wordpress.org/poll-maker", + "vendor": "Poll Maker Team", + "versions": [ + { + "lessThan": "4.8.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/345097c7-8f0e-46ed-9a1d-7c8a4a589e3f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51353.json b/data/anchore/2023/CVE-2023-51353.json new file mode 100644 index 00000000..728f7a1e --- /dev/null +++ b/data/anchore/2023/CVE-2023-51353.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51353", + "description": "Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/popup-by-supsystic/vulnerability/wordpress-popup-by-supsystic-plugin-1-10-19-broken-access-control-vulnerability-2?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Popup by Supsystic plugin to the latest available version (at least 1.10.20)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "popup-by-supsystic", + "packageType": "wordpress-plugin", + "product": "Popup by Supsystic", + "repo": "https://plugins.svn.wordpress.org/popup-by-supsystic", + "vendor": "supsystic.com", + "versions": [ + { + "lessThanOrEqual": "1.10.19", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51355.json b/data/anchore/2023/CVE-2023-51355.json new file mode 100644 index 00000000..69cde019 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51355.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51355", + "description": "Missing Authorization vulnerability in MultiVendorX WC Marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Marketplace: from n/a through 4.0.23.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/dc-woocommerce-multi-vendor/vulnerability/wordpress-multivendorx-plugin-4-0-23-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WC Marketplace plugin to the latest available version (at least 4.0.24)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:multivendorx:multivendorx:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wc-marketplace:multivendor_marketplace_solution_for_woocommerce_-_wc_marketplace:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "dc-woocommerce-multi-vendor", + "packageType": "wordpress-plugin", + "product": "WC Marketplace", + "repo": "https://plugins.svn.wordpress.org/dc-woocommerce-multi-vendor", + "vendor": "MultiVendorX", + "versions": [ + { + "lessThan": "4.0.24", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cdc0096-8e21-4b82-b9d0-961f48907a09?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51357.json b/data/anchore/2023/CVE-2023-51357.json new file mode 100644 index 00000000..879f1a48 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51357.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51357", + "description": "Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/enhanced-e-commerce-for-woocommerce-store/vulnerability/wordpress-track-google-analytics-4-facebook-pixel-conversions-api-via-google-tag-manager-for-woocommerce-plugin-6-5-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Conversios.io plugin to the latest available version (at least 6.5.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:conversios:google_analytics_integration_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:tatvic:conversios.io:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "enhanced-e-commerce-for-woocommerce-store", + "packageType": "wordpress-plugin", + "product": "Conversios.io", + "repo": "https://plugins.svn.wordpress.org/enhanced-e-commerce-for-woocommerce-store", + "vendor": "Conversios", + "versions": [ + { + "lessThan": "6.5.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae007dc0-9ac7-459d-bfe6-bcde87028b14?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51359.json b/data/anchore/2023/CVE-2023-51359.json new file mode 100644 index 00000000..e5a0e049 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51359.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51359", + "description": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-2-0-multiple-contributor-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Essential Blocks for Gutenberg plugin to the latest available version (at least 4.2.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "essential-blocks", + "packageType": "wordpress-plugin", + "product": "Essential Blocks for Gutenberg", + "repo": "https://plugins.svn.wordpress.org/essential-blocks", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "4.2.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eca703ec-645c-4d12-ae57-75db14e08f3e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51360.json b/data/anchore/2023/CVE-2023-51360.json new file mode 100644 index 00000000..6ddb25e4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51360.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51360", + "description": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-2-0-multiple-subscriber-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Essential Blocks for Gutenberg plugin to the latest available version (at least 4.2.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "essential-blocks", + "packageType": "wordpress-plugin", + "product": "Essential Blocks for Gutenberg", + "repo": "https://plugins.svn.wordpress.org/essential-blocks", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThanOrEqual": "4.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51362.json b/data/anchore/2023/CVE-2023-51362.json new file mode 100644 index 00000000..dce2021c --- /dev/null +++ b/data/anchore/2023/CVE-2023-51362.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-51362", + "description": "Missing Authorization vulnerability in Premio All-in-one Floating Contact Form – My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form – My Sticky Elements: from n/a through 2.1.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/mystickyelements/vulnerability/wordpress-mystickyelements-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress All-in-one Floating Contact Form – My Sticky Elements plugin to the latest available version (at least 2.1.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mystickyelements", + "packageType": "wordpress-plugin", + "product": "All-in-one Floating Contact Form – My Sticky Elements", + "repo": "https://plugins.svn.wordpress.org/mystickyelements", + "vendor": "Premio", + "versions": [ + { + "lessThan": "2.1.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4098a47-986c-4b2c-b27a-18ff81da0f58?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12174.json b/data/anchore/2024/CVE-2024-12174.json new file mode 100644 index 00000000..e7df744e --- /dev/null +++ b/data/anchore/2024/CVE-2024-12174.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "tenable", + "cveId": "CVE-2024-12174", + "description": "An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.tenable.com/security/tns-2024-19" + ], + "solutions": [ + "Tenable has released Security Center 6.5.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center https://tenable%20has%20released%20security%20center%206.5.0%20to%20address%20these%20issues.%20the%20installation%20files%20can%20be%20obtained%20from%20the%20tenable%20downloads%20portal:%20https//www.tenable.com/downloads/security-center" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*" + ], + "platforms": [ + "Linux" + ], + "product": "Security Center", + "vendor": "Tenable", + "versions": [ + { + "lessThan": "6.5.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32875.json b/data/anchore/2024/CVE-2024-32875.json index 83348dce..b60f9461 100644 --- a/data/anchore/2024/CVE-2024-32875.json +++ b/data/anchore/2024/CVE-2024-32875.json @@ -19,6 +19,7 @@ "packageName": "github.com/gohugoio/hugo", "packageType": "go-module", "product": "hugo", + "repo": "https://github.com/gohugoio/hugo", "vendor": "gohugoio", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-46901.json b/data/anchore/2024/CVE-2024-46901.json new file mode 100644 index 00000000..f5a57197 --- /dev/null +++ b/data/anchore/2024/CVE-2024-46901.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-46901", + "description": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*" + ], + "product": "Apache Subversion", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.14.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-52385.json b/data/anchore/2024/CVE-2024-52385.json new file mode 100644 index 00000000..22ce0f51 --- /dev/null +++ b/data/anchore/2024/CVE-2024-52385.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-52385", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/team-showcase-supreme/vulnerability/wordpress-team-member-multi-language-supported-team-plugin-7-1-limited-local-file-inclusion-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmart:team_member_-_team_with_slider:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "team-showcase-supreme", + "packageType": "wordpress-plugin", + "product": "Team Member", + "repo": "https://plugins.svn.wordpress.org/team-showcase-supreme", + "vendor": "Sk. Abul Hasan", + "versions": [ + { + "lessThanOrEqual": "7.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5cd81b-3182-45fb-a93a-471ecf770e42?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-52586.json b/data/anchore/2024/CVE-2024-52586.json new file mode 100644 index 00000000..b64a838f --- /dev/null +++ b/data/anchore/2024/CVE-2024-52586.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-52586", + "description": "eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/elabftw/elabftw/security/advisories/GHSA-pvxr-39g3-m28c" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*" + ], + "packageName": "elabftw/elabftw", + "product": "elabftw", + "repo": "https://github.com/elabftw/elabftw", + "vendor": "elabftw", + "versions": [ + { + "lessThan": "5.1.9", + "status": "affected", + "version": "4.6.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-52599.json b/data/anchore/2024/CVE-2024-52599.json new file mode 100644 index 00000000..adaca2dd --- /dev/null +++ b/data/anchore/2024/CVE-2024-52599.json @@ -0,0 +1,64 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-52599", + "description": "Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5", + "https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7", + "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5", + "https://tuleap.net/plugins/tracker/?aid=40459" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*" + ], + "packageName": "enalean/tuleap", + "product": "tuleap", + "repo": "https://github.com/enalean/tuleap", + "vendor": "Enalean", + "versions": [ + { + "lessThan": "16.1.99.50", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + }, + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*" + ], + "packageName": "enalean/tuleap", + "product": "tuleap enterprise", + "repo": "https://github.com/enalean/tuleap", + "vendor": "Enalean", + "versions": [ + { + "lessThan": "16.1-4", + "status": "affected", + "version": "16.1", + "versionType": "custom" + }, + { + "lessThan": "16.0-7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53814.json b/data/anchore/2024/CVE-2024-53814.json new file mode 100644 index 00000000..f09aa586 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53814.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53814", + "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-4-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Analytify plugin to the latest available version (at least 5.5.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-analytify", + "packageType": "wordpress-plugin", + "product": "Analytify", + "repo": "https://plugins.svn.wordpress.org/wp-analytify", + "vendor": "Analytify", + "versions": [ + { + "lessThanOrEqual": "5.4.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53816.json b/data/anchore/2024/CVE-2024-53816.json new file mode 100644 index 00000000..fc2396e3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53816.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53816", + "description": "Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/tutor-lms-elementor-addons/vulnerability/wordpress-tutor-lms-elementor-addons-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Tutor LMS Elementor Addons plugin to the latest available version (at least 2.1.6)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themeum:tutor_lms_elementor_addons:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "tutor-lms-elementor-addons", + "packageType": "wordpress-plugin", + "product": "Tutor LMS Elementor Addons", + "repo": "https://plugins.svn.wordpress.org/tutor-lms-elementor-addons", + "vendor": "Themeum", + "versions": [ + { + "lessThanOrEqual": "2.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53818.json b/data/anchore/2024/CVE-2024-53818.json new file mode 100644 index 00000000..3c07cdf6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53818.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53818", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ultimate-post/vulnerability/wordpress-postx-plugin-4-1-15-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress PostX plugin to the latest available version (at least 4.1.16)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpxpo:postx:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ultimate-post", + "packageType": "wordpress-plugin", + "product": "PostX", + "repo": "https://plugins.svn.wordpress.org/ultimate-post", + "vendor": "Post Grid Team by WPXPO", + "versions": [ + { + "lessThanOrEqual": "4.1.15", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53819.json b/data/anchore/2024/CVE-2024-53819.json new file mode 100644 index 00000000..f2235130 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53819.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53819", + "description": "Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-plugin-20-8-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Client Invoicing by Sprout Invoices plugin to the latest available version (at least 20.8.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:webventures:client_invoicing_by_sprout_invoices:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sprout-invoices", + "packageType": "wordpress-plugin", + "product": "Client Invoicing by Sprout Invoices", + "repo": "https://plugins.svn.wordpress.org/sprout-invoices", + "vendor": "Sprout Invoices", + "versions": [ + { + "lessThanOrEqual": "20.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53947.json b/data/anchore/2024/CVE-2024-53947.json new file mode 100644 index 00000000..3871a1b2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53947.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-53947", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:python:*:*" + ], + "packageName": "apache-superset", + "packageType": "python", + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "4.1.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53948.json b/data/anchore/2024/CVE-2024-53948.json new file mode 100644 index 00000000..433ba0ac --- /dev/null +++ b/data/anchore/2024/CVE-2024-53948.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-53948", + "description": "Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:python:*:*" + ], + "packageName": "apache-superset", + "packageType": "python", + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "4.1.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53949.json b/data/anchore/2024/CVE-2024-53949.json new file mode 100644 index 00000000..84e9137e --- /dev/null +++ b/data/anchore/2024/CVE-2024-53949.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-53949", + "description": "Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.\n\n issue affects Apache Superset: from 2.0.0 before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:python:*:*" + ], + "packageName": "apache-superset", + "packageType": "python", + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "4.1.0", + "status": "affected", + "version": "2.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54147.json b/data/anchore/2024/CVE-2024-54147.json new file mode 100644 index 00000000..7fb64ea4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54147.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-54147", + "description": "Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers) may have all GraphQL request and response headers and bodies fully compromised including authorization tokens. The attack also allows obtaining full access to any signed-in Altair GraphQL Cloud account and replacing payment checkout pages with a malicious website. Version 8.0.5 fixes the issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/altair-graphql/altair/blob/004f645d1cae032787fccf7166dc193b775e9660/packages/altair-electron/src/app/index.ts#L162-L170", + "https://github.com/altair-graphql/altair/security/advisories/GHSA-8v9h-hxp5-9jcx" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:altairgraphql:altair:*:*:*:*:*:*:*:*" + ], + "packageName": "altair-graphql/altair", + "product": "altair", + "repo": "https://github.com/altair-graphql/altair", + "vendor": "altair-graphql", + "versions": [ + { + "lessThan": "8.0.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54149.json b/data/anchore/2024/CVE-2024-54149.json new file mode 100644 index 00000000..2b92b52a --- /dev/null +++ b/data/anchore/2024/CVE-2024-54149.json @@ -0,0 +1,51 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-54149", + "description": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22", + "https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:wintercms:winter:*:*:*:*:*:php:*:*" + ], + "packageName": "winter/wn-cms-module", + "packageType": "php-composer", + "product": "winter", + "repo": "https://github.com/wintercms/winter", + "vendor": "wintercms", + "versions": [ + { + "lessThan": "1.2.7", + "status": "affected", + "version": "1.2.0", + "versionType": "custom" + }, + { + "lessThan": "1.1.11", + "status": "affected", + "version": "1.1.0", + "versionType": "custom" + }, + { + "lessThan": "1.0.476", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54151.json b/data/anchore/2024/CVE-2024-54151.json new file mode 100644 index 00000000..84f4f211 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54151.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-54151", + "description": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to \"public\", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/directus/directus/commit/ce0397d16cf767b5293cd57f626c5349b5732a21", + "https://github.com/directus/directus/security/advisories/GHSA-849r-qrwj-8rv4" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://registry.npmjs.org", + "cpes": [ + "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*", + "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:node.js:*:*" + ], + "packageName": "directus", + "packageType": "npm", + "product": "directus", + "repo": "https://github.com/directus/directus", + "vendor": "directus", + "versions": [ + { + "lessThan": "11.3.0", + "status": "affected", + "version": "11.0.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54223.json b/data/anchore/2024/CVE-2024-54223.json new file mode 100644 index 00000000..20b46543 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54223.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54223", + "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-plugin-1-7-1-html-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ARForms Form Builder wordpress plugin to the latest available version (at least 1.7.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:reputeinfosystems:arforms_form_builder:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:reputeinfosystems:contact_form\\,_survey_\\&_popup_form_plugin_for_wordpress_-_arforms_form_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "arforms-form-builder", + "packageType": "wordpress-plugin", + "product": "ARForms Form Builder", + "repo": "https://plugins.svn.wordpress.org/arforms-form-builder", + "vendor": "Contact Form - Repute InfoSystems", + "versions": [ + { + "lessThanOrEqual": "1.7.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54224.json b/data/anchore/2024/CVE-2024-54224.json new file mode 100644 index 00000000..2659f269 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54224.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54224", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/element-ready-lite/vulnerability/wordpress-elementsready-addons-for-elementor-plugin-6-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ElementsReady Addons for Elementor wordpress plugin to the latest available version (at least 6.4.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:quomodosoft:elementsready:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "element-ready-lite", + "packageType": "wordpress-plugin", + "product": "ElementsReady Addons for Elementor", + "repo": "https://plugins.svn.wordpress.org/element-ready-lite", + "vendor": "QuomodoSoft", + "versions": [ + { + "lessThanOrEqual": "6.4.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54254.json b/data/anchore/2024/CVE-2024-54254.json new file mode 100644 index 00000000..3a2bb465 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54254.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54254", + "description": "Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/cf7-message-filter/vulnerability/wordpress-message-filter-for-contact-form-7-plugin-1-6-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version available. No reply from the vendor." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kofimokome:message_filter_for_contact_form_7:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "cf7-message-filter", + "packageType": "wordpress-plugin", + "product": "Message Filter for Contact Form 7", + "repo": "https://plugins.svn.wordpress.org/cf7-message-filter", + "vendor": "Kofi Mokome", + "versions": [ + { + "lessThanOrEqual": "1.6.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54255.json b/data/anchore/2024/CVE-2024-54255.json new file mode 100644 index 00000000..9edce207 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54255.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54255", + "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/login-sidebar-widget/vulnerability/wordpress-login-widget-with-shortcode-plugin-6-1-2-open-redirection-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:login_widget_with_shortcode_project:login_widget_with_shortcode:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "login-sidebar-widget", + "packageType": "wordpress-plugin", + "product": "Login Widget With Shortcode", + "repo": "https://plugins.svn.wordpress.org/login-sidebar-widget", + "vendor": "aviplugins.com", + "versions": [ + { + "lessThanOrEqual": "6.1.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54260.json b/data/anchore/2024/CVE-2024-54260.json new file mode 100644 index 00000000..74618e97 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54260.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54260", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/news-kit-elementor-addons/vulnerability/wordpress-news-kit-elementor-addons-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:blazethemes:news_kit_elementor_addons:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "news-kit-elementor-addons", + "packageType": "wordpress-plugin", + "product": "News Kit Elementor Addons", + "repo": "https://plugins.svn.wordpress.org/news-kit-elementor-addons", + "vendor": "BlazeThemes", + "versions": [ + { + "lessThanOrEqual": "1.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-5504.json b/data/anchore/2024/CVE-2024-5504.json index 2c57e59e..e4aaf63d 100644 --- a/data/anchore/2024/CVE-2024-5504.json +++ b/data/anchore/2024/CVE-2024-5504.json @@ -21,6 +21,7 @@ "packageName": "rife-elementor-extensions", "packageType": "wordpress-plugin", "product": "Rife Elementor Extensions & Templates", + "repo": "https://plugins.svn.wordpress.org/rife-elementor-extensions", "vendor": "apollo13themes", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-55601.json b/data/anchore/2024/CVE-2024-55601.json new file mode 100644 index 00000000..4070dd93 --- /dev/null +++ b/data/anchore/2024/CVE-2024-55601.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-55601", + "description": "Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gohugoio/hugo/commit/54398f8d572c689f9785d59e907fd910a23401b0", + "https://github.com/gohugoio/hugo/releases/tag/v0.139.4", + "https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx", + "https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:gohugo:hugo:*:*:*:*:*:go:*:*" + ], + "packageName": "github.com/gohugoio/hugo", + "packageType": "go-module", + "product": "hugo", + "repo": "https://github.com/gohugoio/hugo", + "vendor": "gohugoio", + "versions": [ + { + "lessThan": "0.139.4", + "status": "affected", + "version": "0.123.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file