-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
9d32bcb
commit c8af256
Showing
48 changed files
with
1,921 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wpscan", | ||
"cveId": "CVE-2024-10892", | ||
"description": "The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wpscan.com/vulnerability/ff1f5b84-a8cf-4574-a713-53d35739c6cb/" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T06:00:16.137Z", | ||
"dateReserved": "2024-11-05T18:26:45.843Z", | ||
"dateUpdated": "2024-12-18T15:10:31.241Z", | ||
"digest": "700fe76bcb6d55b03d99e6fc03f0917852942b346a69f9827a3c408f48140b48" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "cost-calculator-builder", | ||
"packageType": "wordpress-plugin", | ||
"product": "Cost Calculator Builder", | ||
"repo": "https://plugins.svn.wordpress.org/cost-calculator-builder", | ||
"vendor": "stylemixthemes", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.2.43", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11254", | ||
"description": "The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93/includes/disqus.html?rev=3024147#L34", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/5da82149-c827-4574-8269-b2b798edca59?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T03:22:05.525Z", | ||
"dateReserved": "2024-11-15T10:03:40.779Z", | ||
"dateUpdated": "2024-12-18T16:35:04.395Z", | ||
"digest": "beb572e898580c52c899b149f913c269b1bf8fe885ee055e13688927b8136f56" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:ampforwp:accelerated_mobile_pages:*:*:*:*:*:wordpress:*:*", | ||
"cpe:2.3:a:magazine3:amp_for_wp:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "accelerated-mobile-pages", | ||
"packageType": "wordpress-plugin", | ||
"product": "AMP for WP – Accelerated Mobile Pages", | ||
"repo": "https://plugins.svn.wordpress.org/accelerated-mobile-pages", | ||
"vendor": "mohammed_kaludi", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.1.2", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11291", | ||
"description": "The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3206206/paid-member-subscriptions", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/e207f1a3-2ca5-46d1-91a9-89652451266c?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T11:09:31.646Z", | ||
"dateReserved": "2024-11-15T21:37:54.832Z", | ||
"dateUpdated": "2024-12-18T16:29:54.185Z", | ||
"digest": "80d42db5428bd90c7210fc77c735642e09f9101659e8566d2fb9bea37c6221b8" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "paid-member-subscriptions", | ||
"packageType": "wordpress-plugin", | ||
"product": "Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction", | ||
"repo": "https://plugins.svn.wordpress.org/paid-member-subscriptions", | ||
"vendor": "madalinungureanu", | ||
"versions": [ | ||
{ | ||
"lessThan": "2.13.5", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11295", | ||
"description": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3205648/simple-page-access-restriction", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed92806e-5d75-4a23-a588-821e9ada1b32?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T07:02:46.168Z", | ||
"dateReserved": "2024-11-15T23:54:25.258Z", | ||
"dateUpdated": "2024-12-18T16:33:27.786Z", | ||
"digest": "b2dbbc3642edb147de02aa0790a9b92c951ed47a6f373f6c38e0827f333abe6c" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:pluginsandsnippets:simple_page_access_restriction:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "simple-page-access-restriction", | ||
"packageType": "wordpress-plugin", | ||
"product": "Simple Page Access Restriction", | ||
"repo": "https://plugins.svn.wordpress.org/simple-page-access-restriction", | ||
"vendor": "pluginsandsnippets", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.0.30", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12061", | ||
"description": "The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208546%40events-addon-for-elementor&new=3208546%40events-addon-for-elementor&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/f59d9d8a-467a-4920-963a-da45f1f4462f?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T03:22:07.346Z", | ||
"dateReserved": "2024-12-02T20:40:21.531Z", | ||
"dateUpdated": "2024-12-18T16:33:59.336Z", | ||
"digest": "d6d2201b0a475b98bec6bc22ce4766d82dea737618099ca04f29d44d654f62c6" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:nicheaddons:events_addon_for_elementor:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "events-addon-for-elementor", | ||
"packageType": "wordpress-plugin", | ||
"product": "Events Addon for Elementor", | ||
"repo": "https://plugins.svn.wordpress.org/events-addon-for-elementor", | ||
"vendor": "nicheaddons", | ||
"versions": [ | ||
{ | ||
"lessThan": "2.2.4", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12259", | ||
"description": "The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204501%40computer-repair-shop&new=3204501%40computer-repair-shop&sfp_email=&sfph_mail=", | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206568%40computer-repair-shop&new=3206568%40computer-repair-shop&sfp_email=&sfph_mail=#file548", | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208270%40computer-repair-shop&new=3208270%40computer-repair-shop&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/80997d2f-3e16-48f6-969b-58844cb83d53?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T03:22:05.906Z", | ||
"dateReserved": "2024-12-05T16:30:27.926Z", | ||
"dateUpdated": "2024-12-18T16:34:53.057Z", | ||
"digest": "f91e0fa51e7614fe2a4b1ea446545a2f0430fead300e1f15946bd867e0a86eff" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:webfulcreations:computer_repair_shop:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "computer-repair-shop", | ||
"packageType": "wordpress-plugin", | ||
"product": "CRM WordPress Plugin – RepairBuddy", | ||
"repo": "https://plugins.svn.wordpress.org/computer-repair-shop", | ||
"vendor": "sweetdaisy86", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.8122", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12432", | ||
"description": "The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208130%40wpc-shop-as-customer&new=3208130%40wpc-shop-as-customer&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/048625e8-10b7-418d-a13b-329f1d7e0171?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T03:22:00.850Z", | ||
"dateReserved": "2024-12-10T17:11:11.238Z", | ||
"dateUpdated": "2024-12-18T16:35:53.912Z", | ||
"digest": "b98d5c7bd9e5c0609f97ec1cfc0dbedd5de4308ea3403df8d7467987c04defd2" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wpclever:wpc_shop_as_a_customer_for_woocommerce:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "wpc-shop-as-customer", | ||
"packageType": "wordpress-plugin", | ||
"product": "WPC Shop as a Customer for WooCommerce", | ||
"repo": "https://plugins.svn.wordpress.org/wpc-shop-as-customer", | ||
"vendor": "wpclever", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.2.9", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12596", | ||
"description": "The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3208662/lifterlms/trunk/includes/abstracts/llms-abstract-controller-user-engagements.php", | ||
"https://plugins.trac.wordpress.org/changeset/3208662/lifterlms/trunk/includes/controllers/class.llms.controller.certificates.php", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e75a03b-7552-4228-a4d0-13c78d20f6d5?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-18T03:22:06.256Z", | ||
"dateReserved": "2024-12-12T22:14:08.110Z", | ||
"dateUpdated": "2024-12-18T16:34:43.867Z", | ||
"digest": "9cb9f3bc8b21efdda84c1a41d383e0125061f2051d407e49bf20c0c13499de24" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "lifterlms", | ||
"packageType": "wordpress-plugin", | ||
"product": "LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes", | ||
"repo": "https://plugins.svn.wordpress.org/lifterlms", | ||
"vendor": "chrisbadgett", | ||
"versions": [ | ||
{ | ||
"lessThan": "7.8.6", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
Oops, something went wrong.