more updates 2024-11-04

Signed-off-by: Weston Steimel <[email protected]>
anchore · Nov 4, 2024 · 2dedcd1 · 2dedcd1
1 parent d13752d
commit 2dedcd1
Show file tree

Hide file tree

Showing 42 changed files with 1,929 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-38690.json b/data/anchore/2024/CVE-2024-38690.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38690",
+    "description": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 1.8.4 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "ipanorama-360-virtual-tour-builder-lite",
+        "packageType": "wordpress-plugin",
+        "product": "iPanorama 360 WordPress Virtual Tour Builder",
+        "repo": "https://plugins.svn.wordpress.org/ipanorama-360-virtual-tour-builder-lite",
+        "vendor": "Avirtum",
+        "versions": [
+          {
+            "lessThan": "1.8.4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2547355-cfc0-4a87-9bab-32753bd456ad?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38695.json b/data/anchore/2024/CVE-2024-38695.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38695",
+    "description": "Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-15-6-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 15.7 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:northernbeacheswebsites:gotowebinar:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "wp-gotowebinar",
+        "packageType": "wordpress-plugin",
+        "product": "WP GoToWebinar",
+        "repo": "https://plugins.svn.wordpress.org/wp-gotowebinar",
+        "vendor": "Martin Gibson",
+        "versions": [
+          {
+            "lessThan": "15.7",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8314f607-5904-4da8-b2a2-5d77e2edc764?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38705.json b/data/anchore/2024/CVE-2024-38705.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38705",
+    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/elementinvader-addons-for-elementor/wordpress-elementinvader-addons-for-elementor-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 1.2.5 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:elementinvader:elementinvader_addons_for_elementor:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "elementinvader-addons-for-elementor",
+        "packageType": "wordpress-plugin",
+        "product": "ElementInvader Addons for Elementor",
+        "repo": "https://plugins.svn.wordpress.org/elementinvader-addons-for-elementor",
+        "vendor": "ElementInvader",
+        "versions": [
+          {
+            "lessThan": "1.2.5",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18a58071-b394-4dc0-9759-6373a5f22f47?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38707.json b/data/anchore/2024/CVE-2024-38707.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38707",
+    "description": "Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-4-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 4.0.5 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "embedpress",
+        "packageType": "wordpress-plugin",
+        "product": "EmbedPress",
+        "repo": "https://plugins.svn.wordpress.org/embedpress",
+        "vendor": "WPDeveloper",
+        "versions": [
+          {
+            "lessThan": "4.0.5",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f507cec5-d66c-4cb0-8c35-a985aaee1283?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38719.json b/data/anchore/2024/CVE-2024-38719.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38719",
+    "description": "Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/auto-post-thumbnail/wordpress-auto-featured-image-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 4.1.3 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:cm-wp:auto_featured_image:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "auto-post-thumbnail",
+        "packageType": "wordpress-plugin",
+        "product": "Auto Featured Image (Auto Post Thumbnail)",
+        "repo": "https://plugins.svn.wordpress.org/auto-post-thumbnail",
+        "vendor": "Creative Motion",
+        "versions": [
+          {
+            "lessThan": "4.1.3",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aecf61bc-4d89-41ba-b99f-669193be64d1?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38721.json b/data/anchore/2024/CVE-2024-38721.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38721",
+    "description": "Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/eazydocs/wordpress-eazydocs-plugin-2-5-0-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 2.5.1 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "eazydocs",
+        "packageType": "wordpress-plugin",
+        "product": "EazyDocs",
+        "repo": "https://plugins.svn.wordpress.org/eazydocs",
+        "vendor": "spider-themes",
+        "versions": [
+          {
+            "lessThan": "2.5.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f925833e-06d6-4175-8dca-5cb7baec9364?source=cve"
+      }
+    ]
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38726.json b/data/anchore/2024/CVE-2024-38726.json
@@ -0,0 +1,41 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38726",
+    "description": "Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-33-arbitrary-content-deletion-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 1.0.34 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:pickplugins:product_designer:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "product-designer",
+        "packageType": "wordpress-plugin",
+        "product": "Product Designer",
+        "repo": "https://plugins.svn.wordpress.org/product-designer",
+        "vendor": "PickPlugins",
+        "versions": [
+          {
+            "lessThan": "1.0.34",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-38727.json b/data/anchore/2024/CVE-2024-38727.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2024-38727",
+    "description": "Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/vulnerability/seraphinite-post-docx-source/wordpress-seraphinite-post-docx-source-plugin-2-16-9-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 2.16.10 or a higher version."
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:s-sols:seraphinite_post_.docx_source:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "seraphinite-post-docx-source",
+        "packageType": "wordpress-plugin",
+        "product": "Seraphinite Post .DOCX Source",
+        "repo": "https://plugins.svn.wordpress.org/seraphinite-post-docx-source",
+        "vendor": "Seraphinite Solutions",
+        "versions": [
+          {
+            "lessThan": "2.16.10",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2620da78-3d78-40c5-a125-09d93993cac8?source=cve"
+      }
+    ]
+  }
+}