-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Josh Bressers <[email protected]>
- Loading branch information
1 parent
cd3ee13
commit b2bf061
Showing
33 changed files
with
1,465 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10453", | ||
"description": "The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/elementor/tags/3.25.9/assets/js/editor.js", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/f23604b7-5a7f-4be7-bc73-cb4facdd1e73?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-21T09:23:56.216Z", | ||
"dateReserved": "2024-10-28T10:34:23.548Z", | ||
"dateUpdated": "2024-12-21T09:23:56.216Z", | ||
"digest": "fbf3cc022cc8e0782c5f89fafb98c9e92152b9e6237ed02587fd9f7a51b4ebf5" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:*:wordpress:*:*", | ||
"cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:pro:wordpress:*:*", | ||
"cpe:2.3:a:elementor:page_builder:*:*:*:*:*:wordpress:*:*", | ||
"cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "elementor", | ||
"product": "Elementor Website Builder – More Than Just a Page Builder", | ||
"vendor": "elemntor", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "3.25.10", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wpscan", | ||
"cveId": "CVE-2024-10555", | ||
"description": "The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wpscan.com/vulnerability/fcc97635-e939-4cb4-9851-6f6ac4f6ad47/" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-20T06:00:02.298Z", | ||
"dateReserved": "2024-10-30T19:24:51.511Z", | ||
"dateUpdated": "2024-12-20T16:18:14.404Z", | ||
"digest": "b6b1616ceb145c19179dbdfeeddcb08075334a35e7c2d3b93a2682957e32e163" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "maxbuttons", | ||
"product": "WordPress Button Plugin MaxButtons", | ||
"versions": [ | ||
{ | ||
"lessThan": "9.8.1", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wpscan", | ||
"cveId": "CVE-2024-10706", | ||
"description": "The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wpscan.com/vulnerability/01193420-9a4c-4961-93b6-aa2e37e36be1/" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-20T06:00:03.975Z", | ||
"dateReserved": "2024-11-01T18:06:01.715Z", | ||
"dateUpdated": "2024-12-20T16:13:51.124Z", | ||
"digest": "83e6634fc4f124ccfbae940d84ad21e579006f6bc7b69d7978dfe2c8b04a01e6" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*", | ||
"cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "download-manager", | ||
"product": "Download Manager", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.3.03", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wpscan", | ||
"cveId": "CVE-2024-11108", | ||
"description": "The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wpscan.com/vulnerability/7790af9d-621b-474c-b28c-c774e2a292bb/" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-20T06:00:04.403Z", | ||
"dateReserved": "2024-11-11T21:55:01.923Z", | ||
"dateUpdated": "2024-12-20T16:11:45.944Z", | ||
"digest": "c43535e60ea4760163ea0699bb06e111bea972a2e7c23b3ad57357d2093de112" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:cryoutcreations:serious_slider:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "cryout-serious-slider", | ||
"product": "Serious Slider", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.2.7", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11196", | ||
"description": "The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/multi-column-tag-map/tags/17.0.33/mctagmap_functions.php#L1176", | ||
"https://plugins.trac.wordpress.org/browser/multi-column-tag-map/tags/17.0.33/mctagmap_functions.php#L1179", | ||
"https://plugins.trac.wordpress.org/browser/multi-column-tag-map/tags/17.0.33/mctagmap_functions.php#L135", | ||
"https://wordpress.org/plugins/multi-column-tag-map/#developers", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb41862a-0cde-46f0-bd86-5a04e76f7345?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-21T07:03:02.065Z", | ||
"dateReserved": "2024-11-13T20:26:57.801Z", | ||
"dateUpdated": "2024-12-21T07:03:02.065Z", | ||
"digest": "340256d29854785ad52e8415101d103777f4a05e3a6e29ea64a9c48280a07f98" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:multi-column_tag_map_project:multi-column_tag_map:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "multi-column-tag-map", | ||
"product": "Multi-column Tag Map", | ||
"vendor": "tugbucket", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "17.0.33", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11287", | ||
"description": "The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/ebook-store/trunk/functions.php#L827", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/001289a3-a1a9-441f-b399-e9b699094e1a?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-21T07:02:58.343Z", | ||
"dateReserved": "2024-11-15T20:21:08.450Z", | ||
"dateUpdated": "2024-12-21T07:02:58.343Z", | ||
"digest": "a18f3545e03420657df8599be365d91c5dcf8102caae465c016eb2d7093d743f" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:shopfiles:ebook_store:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "ebook-store", | ||
"product": "Ebook Store", | ||
"vendor": "motovnet", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "5.8001", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11297", | ||
"description": "The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wordpress.org/plugins/page-and-post-restriction/", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d12ab8c-d5d0-4e02-986e-e894fae073e5?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-20T06:59:07.444Z", | ||
"dateReserved": "2024-11-16T00:54:57.625Z", | ||
"dateUpdated": "2024-12-20T15:57:37.358Z", | ||
"digest": "8f2404fcbcf7d2e0380e931a4876244081ba62f1fdbf930b499c9d41e8046c99" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:miniorange:page_restriction:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "page-and-post-restriction", | ||
"product": "Page Restriction WordPress (WP) – Protect WP Pages/Post", | ||
"vendor": "cyberlord92", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "1.3.6", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11688", | ||
"description": "The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/latex2html/trunk/inc/html/manual.php", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d9af8b-1168-462d-a767-d16ee660f646?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-21T09:23:55.806Z", | ||
"dateReserved": "2024-11-25T16:19:08.508Z", | ||
"dateUpdated": "2024-12-21T09:23:55.806Z", | ||
"digest": "46fa9889fd134c3ec136e1955e60f5afa31337a38a8fa89a03dccad379dc8f61" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:latex2html:latex2html:*:*:*:*:*:*:*:*" | ||
], | ||
"packageName": "latex2html", | ||
"product": "LaTeX2HTML", | ||
"vendor": "van-abel", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "2.5.5", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
Oops, something went wrong.