Skip to content

Commit

Permalink
updates 2024-12-13
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Dec 13, 2024
1 parent d015c8c commit b414c1f
Show file tree
Hide file tree
Showing 130 changed files with 5,400 additions and 63 deletions.
9 changes: 7 additions & 2 deletions data/anchore/2023/CVE-2023-24407.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"vendor": "WpDevArt",
"versions": [
{
"lessThanOrEqual": "3.2.3",
"lessThan": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
Expand All @@ -36,6 +36,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3a5c4f2-22f6-45df-bf76-9dfa1d2f5f41?source=cve"
}
]
}
}
9 changes: 7 additions & 2 deletions data/anchore/2023/CVE-2023-49196.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"vendor": "Pagelayer Team",
"versions": [
{
"lessThanOrEqual": "1.7.7",
"lessThan": "1.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
Expand All @@ -36,6 +36,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a0c8ecc-f0a1-41fa-a5f7-2d65d610efc0?source=cve"
}
]
}
}
45 changes: 45 additions & 0 deletions data/anchore/2023/CVE-2023-6964.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2023-6964",
"description": "The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve"
],
"upstream": {
"datePublished": "2024-04-09T18:59:15.108Z",
"dateReserved": "2023-12-19T20:20:23.614Z",
"dateUpdated": "2024-08-02T08:50:06.683Z",
"digest": "bfccc16a6d328cb12da3bb62a4fc7cbcadf0ad463f9d5d15e01b76adc39585ed"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*"
],
"packageName": "kadence-blocks",
"packageType": "wordpress-plugin",
"product": "Gutenberg Blocks by Kadence Blocks – Page Builder Features",
"repo": "https://plugins.svn.wordpress.org/kadence-blocks",
"vendor": "britner",
"versions": [
{
"lessThan": "3.2.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
46 changes: 46 additions & 0 deletions data/anchore/2024/CVE-2024-0598.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-0598",
"description": "The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://advisory.abay.sh/cve-2024-0598",
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve"
],
"upstream": {
"datePublished": "2024-04-09T18:59:07.479Z",
"dateReserved": "2024-01-16T15:02:21.160Z",
"dateUpdated": "2024-08-01T18:11:35.656Z",
"digest": "0117b74712562c950d9d7dd64f1c29d86f9f1562ee6c35992ce9f951cd2bcc7a"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*"
],
"packageName": "kadence-blocks",
"packageType": "wordpress-plugin",
"product": "Gutenberg Blocks by Kadence Blocks – Page Builder Features",
"repo": "https://plugins.svn.wordpress.org/kadence-blocks",
"vendor": "britner",
"versions": [
{
"lessThan": "3.2.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
48 changes: 48 additions & 0 deletions data/anchore/2024/CVE-2024-10010.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"additionalMetadata": {
"cna": "wpscan",
"cveId": "CVE-2024-10010",
"description": "The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/"
],
"upstream": {
"datePublished": "2024-12-12T06:00:09.430Z",
"dateReserved": "2024-10-15T21:29:44.420Z",
"dateUpdated": "2024-12-12T15:10:49.393Z",
"digest": "396c7a7ece0d7f5cf905f53c2d10e8c578cf324eaf4699412d6e2e56fcc66de8"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*"
],
"packageName": "learnpress",
"packageType": "wordpress-plugin",
"product": "LearnPress",
"repo": "https://plugins.svn.wordpress.org/learnpress",
"versions": [
{
"lessThan": "4.2.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68991289-acfa-4ab9-9852-755e5f1eda33?source=cve"
}
]
}
}
111 changes: 111 additions & 0 deletions data/anchore/2024/CVE-2024-10043.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
{
"additionalMetadata": {
"cna": "gitlab",
"cveId": "CVE-2024-10043",
"description": "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://gitlab.com/gitlab-org/gitlab/-/issues/499577",
"https://hackerone.com/reports/2774817"
],
"solutions": [
"Upgrade to versions 17.4.6, 17.5.4, 17.6.2 or above."
],
"upstream": {
"datePublished": "2024-12-12T12:02:29.814Z",
"dateReserved": "2024-10-16T16:30:46.408Z",
"dateUpdated": "2024-12-12T15:44:38.834Z",
"digest": "cc8d392a3e8240200719a3b7e3c387953acfa7686f7feff28c8c8db7fc7d957c"
}
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
],
"product": "GitLab Enterprise",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.4.6",
"status": "affected",
"version": "14.3",
"versionType": "semver"
},
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5",
"versionType": "semver"
},
{
"lessThan": "17.6.2",
"status": "affected",
"version": "17.6",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
"packageName": "gitlab-ee",
"packageType": "deb",
"product": "GitLab Enterprise",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.4.6",
"status": "affected",
"version": "14.3",
"versionType": "deb"
},
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5",
"versionType": "deb"
},
{
"lessThan": "17.6.2",
"status": "affected",
"version": "17.6",
"versionType": "deb"
}
]
},
{
"collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
"packageName": "gitlab-ee",
"packageType": "rpm",
"product": "GitLab Enterprise",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.4.6",
"status": "affected",
"version": "14.3",
"versionType": "rpm"
},
{
"lessThan": "17.5.4",
"status": "affected",
"version": "17.5",
"versionType": "rpm"
},
{
"lessThan": "17.6.2",
"status": "affected",
"version": "17.6",
"versionType": "rpm"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
7 changes: 6 additions & 1 deletion data/anchore/2024/CVE-2024-10104.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bbe6b57-9c50-4515-aa62-a9d9a41bf4ce?source=cve"
}
]
}
}
45 changes: 45 additions & 0 deletions data/anchore/2024/CVE-2024-10111.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-10111",
"description": "The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve"
],
"upstream": {
"datePublished": "2024-12-12T03:23:10.001Z",
"dateReserved": "2024-10-17T22:56:59.678Z",
"dateUpdated": "2024-12-12T15:55:19.489Z",
"digest": "e491fa557f2b21c5984f6ec8124ccce7103baab1c7c9e3eab1beba845cd287f9"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:*:wordpress:*:*"
],
"packageName": "miniorange-login-with-eve-online-google-facebook",
"packageType": "wordpress-plugin",
"product": "OAuth Single Sign On – SSO (OAuth Client)",
"repo": "https://plugins.svn.wordpress.org/miniorange-login-with-eve-online-google-facebook",
"vendor": "cyberlord92",
"versions": [
{
"lessThanOrEqual": "6.26.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
7 changes: 6 additions & 1 deletion data/anchore/2024/CVE-2024-10146.json
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/078b58df-ca2f-4c44-896b-f0e0f7d3bf2b?source=cve"
}
]
}
}
7 changes: 6 additions & 1 deletion data/anchore/2024/CVE-2024-10473.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1c526d-b751-4461-9e54-e7704ca8ddc3?source=cve"
}
]
}
}
Loading

0 comments on commit b414c1f

Please sign in to comment.