-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
d015c8c
commit b414c1f
Showing
130 changed files
with
5,400 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2023-6964", | ||
"description": "The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-04-09T18:59:15.108Z", | ||
"dateReserved": "2023-12-19T20:20:23.614Z", | ||
"dateUpdated": "2024-08-02T08:50:06.683Z", | ||
"digest": "bfccc16a6d328cb12da3bb62a4fc7cbcadf0ad463f9d5d15e01b76adc39585ed" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "kadence-blocks", | ||
"packageType": "wordpress-plugin", | ||
"product": "Gutenberg Blocks by Kadence Blocks – Page Builder Features", | ||
"repo": "https://plugins.svn.wordpress.org/kadence-blocks", | ||
"vendor": "britner", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.2.12", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-0598", | ||
"description": "The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://advisory.abay.sh/cve-2024-0598", | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-04-09T18:59:07.479Z", | ||
"dateReserved": "2024-01-16T15:02:21.160Z", | ||
"dateUpdated": "2024-08-01T18:11:35.656Z", | ||
"digest": "0117b74712562c950d9d7dd64f1c29d86f9f1562ee6c35992ce9f951cd2bcc7a" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "kadence-blocks", | ||
"packageType": "wordpress-plugin", | ||
"product": "Gutenberg Blocks by Kadence Blocks – Page Builder Features", | ||
"repo": "https://plugins.svn.wordpress.org/kadence-blocks", | ||
"vendor": "britner", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.2.18", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wpscan", | ||
"cveId": "CVE-2024-10010", | ||
"description": "The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-12T06:00:09.430Z", | ||
"dateReserved": "2024-10-15T21:29:44.420Z", | ||
"dateUpdated": "2024-12-12T15:10:49.393Z", | ||
"digest": "396c7a7ece0d7f5cf905f53c2d10e8c578cf324eaf4699412d6e2e56fcc66de8" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "learnpress", | ||
"packageType": "wordpress-plugin", | ||
"product": "LearnPress", | ||
"repo": "https://plugins.svn.wordpress.org/learnpress", | ||
"versions": [ | ||
{ | ||
"lessThan": "4.2.7.2", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
}, | ||
"references": [ | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68991289-acfa-4ab9-9852-755e5f1eda33?source=cve" | ||
} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "gitlab", | ||
"cveId": "CVE-2024-10043", | ||
"description": "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://gitlab.com/gitlab-org/gitlab/-/issues/499577", | ||
"https://hackerone.com/reports/2774817" | ||
], | ||
"solutions": [ | ||
"Upgrade to versions 17.4.6, 17.5.4, 17.6.2 or above." | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-12T12:02:29.814Z", | ||
"dateReserved": "2024-10-16T16:30:46.408Z", | ||
"dateUpdated": "2024-12-12T15:44:38.834Z", | ||
"digest": "cc8d392a3e8240200719a3b7e3c387953acfa7686f7feff28c8c8db7fc7d957c" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"cpes": [ | ||
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", | ||
"cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*" | ||
], | ||
"product": "GitLab Enterprise", | ||
"vendor": "GitLab", | ||
"versions": [ | ||
{ | ||
"lessThan": "17.4.6", | ||
"status": "affected", | ||
"version": "14.3", | ||
"versionType": "semver" | ||
}, | ||
{ | ||
"lessThan": "17.5.4", | ||
"status": "affected", | ||
"version": "17.5", | ||
"versionType": "semver" | ||
}, | ||
{ | ||
"lessThan": "17.6.2", | ||
"status": "affected", | ||
"version": "17.6", | ||
"versionType": "semver" | ||
} | ||
] | ||
}, | ||
{ | ||
"collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", | ||
"packageName": "gitlab-ee", | ||
"packageType": "deb", | ||
"product": "GitLab Enterprise", | ||
"vendor": "GitLab", | ||
"versions": [ | ||
{ | ||
"lessThan": "17.4.6", | ||
"status": "affected", | ||
"version": "14.3", | ||
"versionType": "deb" | ||
}, | ||
{ | ||
"lessThan": "17.5.4", | ||
"status": "affected", | ||
"version": "17.5", | ||
"versionType": "deb" | ||
}, | ||
{ | ||
"lessThan": "17.6.2", | ||
"status": "affected", | ||
"version": "17.6", | ||
"versionType": "deb" | ||
} | ||
] | ||
}, | ||
{ | ||
"collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee", | ||
"packageName": "gitlab-ee", | ||
"packageType": "rpm", | ||
"product": "GitLab Enterprise", | ||
"vendor": "GitLab", | ||
"versions": [ | ||
{ | ||
"lessThan": "17.4.6", | ||
"status": "affected", | ||
"version": "14.3", | ||
"versionType": "rpm" | ||
}, | ||
{ | ||
"lessThan": "17.5.4", | ||
"status": "affected", | ||
"version": "17.5", | ||
"versionType": "rpm" | ||
}, | ||
{ | ||
"lessThan": "17.6.2", | ||
"status": "affected", | ||
"version": "17.6", | ||
"versionType": "rpm" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10111", | ||
"description": "The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-12T03:23:10.001Z", | ||
"dateReserved": "2024-10-17T22:56:59.678Z", | ||
"dateUpdated": "2024-12-12T15:55:19.489Z", | ||
"digest": "e491fa557f2b21c5984f6ec8124ccce7103baab1c7c9e3eab1beba845cd287f9" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "miniorange-login-with-eve-online-google-facebook", | ||
"packageType": "wordpress-plugin", | ||
"product": "OAuth Single Sign On – SSO (OAuth Client)", | ||
"repo": "https://plugins.svn.wordpress.org/miniorange-login-with-eve-online-google-facebook", | ||
"vendor": "cyberlord92", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "6.26.3", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.