From 2dedcd145fd42adfc7fcb863d0dc012ec6688b99 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 4 Nov 2024 18:50:13 +0000 Subject: [PATCH] more updates 2024-11-04 Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-38690.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38695.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38705.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38707.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38719.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38721.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38726.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-38727.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38733.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38737.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38745.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38769.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38771.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38774.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38777.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38783.json | 48 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-38794.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39625.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39635.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39639.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39640.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39654.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-39664.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43136.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43157.json | 47 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43208.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43209.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43229.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43253.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43268.json | 43 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-43290.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47302.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47308.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47311.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47314.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47318.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47358.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47359.json | 47 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47361.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47362.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47630.json | 46 +++++++++++++++++++++++++ data/anchore/2024/CVE-2024-48045.json | 47 ++++++++++++++++++++++++++ 42 files changed, 1929 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-38690.json create mode 100644 data/anchore/2024/CVE-2024-38695.json create mode 100644 data/anchore/2024/CVE-2024-38705.json create mode 100644 data/anchore/2024/CVE-2024-38707.json create mode 100644 data/anchore/2024/CVE-2024-38719.json create mode 100644 data/anchore/2024/CVE-2024-38721.json create mode 100644 data/anchore/2024/CVE-2024-38726.json create mode 100644 data/anchore/2024/CVE-2024-38727.json create mode 100644 data/anchore/2024/CVE-2024-38733.json create mode 100644 data/anchore/2024/CVE-2024-38737.json create mode 100644 data/anchore/2024/CVE-2024-38745.json create mode 100644 data/anchore/2024/CVE-2024-38769.json create mode 100644 data/anchore/2024/CVE-2024-38771.json create mode 100644 data/anchore/2024/CVE-2024-38774.json create mode 100644 data/anchore/2024/CVE-2024-38777.json create mode 100644 data/anchore/2024/CVE-2024-38783.json create mode 100644 data/anchore/2024/CVE-2024-38794.json create mode 100644 data/anchore/2024/CVE-2024-39625.json create mode 100644 data/anchore/2024/CVE-2024-39635.json create mode 100644 data/anchore/2024/CVE-2024-39639.json create mode 100644 data/anchore/2024/CVE-2024-39640.json create mode 100644 data/anchore/2024/CVE-2024-39654.json create mode 100644 data/anchore/2024/CVE-2024-39664.json create mode 100644 data/anchore/2024/CVE-2024-43136.json create mode 100644 data/anchore/2024/CVE-2024-43157.json create mode 100644 data/anchore/2024/CVE-2024-43208.json create mode 100644 data/anchore/2024/CVE-2024-43209.json create mode 100644 data/anchore/2024/CVE-2024-43229.json create mode 100644 data/anchore/2024/CVE-2024-43253.json create mode 100644 data/anchore/2024/CVE-2024-43268.json create mode 100644 data/anchore/2024/CVE-2024-43290.json create mode 100644 data/anchore/2024/CVE-2024-47302.json create mode 100644 data/anchore/2024/CVE-2024-47308.json create mode 100644 data/anchore/2024/CVE-2024-47311.json create mode 100644 data/anchore/2024/CVE-2024-47314.json create mode 100644 data/anchore/2024/CVE-2024-47318.json create mode 100644 data/anchore/2024/CVE-2024-47358.json create mode 100644 data/anchore/2024/CVE-2024-47359.json create mode 100644 data/anchore/2024/CVE-2024-47361.json create mode 100644 data/anchore/2024/CVE-2024-47362.json create mode 100644 data/anchore/2024/CVE-2024-47630.json create mode 100644 data/anchore/2024/CVE-2024-48045.json diff --git a/data/anchore/2024/CVE-2024-38690.json b/data/anchore/2024/CVE-2024-38690.json new file mode 100644 index 00000000..19d0dcfd --- /dev/null +++ b/data/anchore/2024/CVE-2024-38690.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38690", + "description": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.4 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ipanorama-360-virtual-tour-builder-lite", + "packageType": "wordpress-plugin", + "product": "iPanorama 360 WordPress Virtual Tour Builder", + "repo": "https://plugins.svn.wordpress.org/ipanorama-360-virtual-tour-builder-lite", + "vendor": "Avirtum", + "versions": [ + { + "lessThan": "1.8.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2547355-cfc0-4a87-9bab-32753bd456ad?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38695.json b/data/anchore/2024/CVE-2024-38695.json new file mode 100644 index 00000000..316bd09a --- /dev/null +++ b/data/anchore/2024/CVE-2024-38695.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38695", + "description": "Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-15-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 15.7 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:northernbeacheswebsites:gotowebinar:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-gotowebinar", + "packageType": "wordpress-plugin", + "product": "WP GoToWebinar", + "repo": "https://plugins.svn.wordpress.org/wp-gotowebinar", + "vendor": "Martin Gibson", + "versions": [ + { + "lessThan": "15.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8314f607-5904-4da8-b2a2-5d77e2edc764?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38705.json b/data/anchore/2024/CVE-2024-38705.json new file mode 100644 index 00000000..6805f0ba --- /dev/null +++ b/data/anchore/2024/CVE-2024-38705.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38705", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/elementinvader-addons-for-elementor/wordpress-elementinvader-addons-for-elementor-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.2.5 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:elementinvader:elementinvader_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "elementinvader-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "ElementInvader Addons for Elementor", + "repo": "https://plugins.svn.wordpress.org/elementinvader-addons-for-elementor", + "vendor": "ElementInvader", + "versions": [ + { + "lessThan": "1.2.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18a58071-b394-4dc0-9759-6373a5f22f47?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38707.json b/data/anchore/2024/CVE-2024-38707.json new file mode 100644 index 00000000..87c6e512 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38707.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38707", + "description": "Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.0.5 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "embedpress", + "packageType": "wordpress-plugin", + "product": "EmbedPress", + "repo": "https://plugins.svn.wordpress.org/embedpress", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "4.0.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f507cec5-d66c-4cb0-8c35-a985aaee1283?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38719.json b/data/anchore/2024/CVE-2024-38719.json new file mode 100644 index 00000000..8f813cbd --- /dev/null +++ b/data/anchore/2024/CVE-2024-38719.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38719", + "description": "Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/auto-post-thumbnail/wordpress-auto-featured-image-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.1.3 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cm-wp:auto_featured_image:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "auto-post-thumbnail", + "packageType": "wordpress-plugin", + "product": "Auto Featured Image (Auto Post Thumbnail)", + "repo": "https://plugins.svn.wordpress.org/auto-post-thumbnail", + "vendor": "Creative Motion", + "versions": [ + { + "lessThan": "4.1.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aecf61bc-4d89-41ba-b99f-669193be64d1?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38721.json b/data/anchore/2024/CVE-2024-38721.json new file mode 100644 index 00000000..92d64a71 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38721.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38721", + "description": "Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/eazydocs/wordpress-eazydocs-plugin-2-5-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.5.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eazydocs", + "packageType": "wordpress-plugin", + "product": "EazyDocs", + "repo": "https://plugins.svn.wordpress.org/eazydocs", + "vendor": "spider-themes", + "versions": [ + { + "lessThan": "2.5.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f925833e-06d6-4175-8dca-5cb7baec9364?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38726.json b/data/anchore/2024/CVE-2024-38726.json new file mode 100644 index 00000000..a498d7c2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38726.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38726", + "description": "Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-33-arbitrary-content-deletion-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.0.34 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:pickplugins:product_designer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "product-designer", + "packageType": "wordpress-plugin", + "product": "Product Designer", + "repo": "https://plugins.svn.wordpress.org/product-designer", + "vendor": "PickPlugins", + "versions": [ + { + "lessThan": "1.0.34", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38727.json b/data/anchore/2024/CVE-2024-38727.json new file mode 100644 index 00000000..fbf1c5c6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38727.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38727", + "description": "Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/seraphinite-post-docx-source/wordpress-seraphinite-post-docx-source-plugin-2-16-9-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.16.10 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:s-sols:seraphinite_post_.docx_source:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "seraphinite-post-docx-source", + "packageType": "wordpress-plugin", + "product": "Seraphinite Post .DOCX Source", + "repo": "https://plugins.svn.wordpress.org/seraphinite-post-docx-source", + "vendor": "Seraphinite Solutions", + "versions": [ + { + "lessThan": "2.16.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2620da78-3d78-40c5-a125-09d93993cac8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38733.json b/data/anchore/2024/CVE-2024-38733.json new file mode 100644 index 00000000..c7310844 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38733.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38733", + "description": "Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-11-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.0.13 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:mekshq:meks_video_importer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "meks-video-importer", + "packageType": "wordpress-plugin", + "product": "Meks Video Importer", + "repo": "https://plugins.svn.wordpress.org/meks-video-importer", + "vendor": "Meks", + "versions": [ + { + "lessThan": "1.0.13", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb19be3-8783-4474-a258-285e3b90f1e0?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38737.json b/data/anchore/2024/CVE-2024-38737.json new file mode 100644 index 00000000..6df68681 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38737.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38737", + "description": "Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0422-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 24.0712 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:catzsoft:redi_restaurant_reservation:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "redi-restaurant-reservation", + "packageType": "wordpress-plugin", + "product": "ReDi Restaurant Reservation", + "repo": "https://plugins.svn.wordpress.org/redi-restaurant-reservation", + "vendor": "Reservation Diary", + "versions": [ + { + "lessThan": "24.0712", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41aa5b3d-4ffd-4251-965a-a5131e925a54?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38745.json b/data/anchore/2024/CVE-2024-38745.json new file mode 100644 index 00000000..5058a8b7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38745.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38745", + "description": "Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-12-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.2.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:rymera:wholesale_suite:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woocommerce-wholesale-prices", + "packageType": "wordpress-plugin", + "product": "Wholesale Suite", + "repo": "https://plugins.svn.wordpress.org/woocommerce-wholesale-prices", + "vendor": "Rymera Web Co", + "versions": [ + { + "lessThan": "2.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd191128-86c8-4530-b5cf-6681899b9474?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38769.json b/data/anchore/2024/CVE-2024-38769.json new file mode 100644 index 00000000..74be7f3f --- /dev/null +++ b/data/anchore/2024/CVE-2024-38769.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38769", + "description": "Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-11-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.1.12 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "arconix-shortcodes", + "packageType": "wordpress-plugin", + "product": "Arconix Shortcodes", + "repo": "https://plugins.svn.wordpress.org/arconix-shortcodes", + "vendor": "Tyche Softwares", + "versions": [ + { + "lessThan": "2.1.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3aca44-0d47-4285-93e5-5cf147b5800e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38771.json b/data/anchore/2024/CVE-2024-38771.json new file mode 100644 index 00000000..1ab4e229 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38771.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38771", + "description": "Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/atarim-visual-collaboration/wordpress-atarim-plugin-4-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.0.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:atarim:atarim:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "atarim-visual-collaboration", + "packageType": "wordpress-plugin", + "product": "Atarim", + "repo": "https://plugins.svn.wordpress.org/atarim-visual-collaboration", + "vendor": "Atarim", + "versions": [ + { + "lessThan": "4.0.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/829a19fc-f262-4b67-b499-76580779eb9a?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38774.json b/data/anchore/2024/CVE-2024-38774.json new file mode 100644 index 00000000..30895be5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38774.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38774", + "description": "Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/sg-security/wordpress-security-optimizer-plugin-1-5-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.5.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:siteground:security_optimizer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sg-security", + "packageType": "wordpress-plugin", + "product": "SiteGround Security", + "repo": "https://plugins.svn.wordpress.org/sg-security", + "vendor": "SiteGround", + "versions": [ + { + "lessThan": "1.5.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/679da7c0-98b9-4da0-bf1f-5c991e8a8111?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38777.json b/data/anchore/2024/CVE-2024-38777.json new file mode 100644 index 00000000..31d0f758 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38777.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38777", + "description": "Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/anti-spam/wordpress-titan-anti-spam-security-plugin-7-3-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 7.3.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cm-wp:titan_anti-spam_\\&_security:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "anti-spam", + "packageType": "wordpress-plugin", + "product": "Titan Anti-spam & Security", + "repo": "https://plugins.svn.wordpress.org/anti-spam", + "vendor": "CreativeMotion", + "versions": [ + { + "lessThan": "7.3.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed18e919-eec9-4907-93d4-a95d9a95395b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38783.json b/data/anchore/2024/CVE-2024-38783.json new file mode 100644 index 00000000..3c8eb4d5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38783.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38783", + "description": "Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/arconix-faq/wordpress-arconix-faq-plugin-1-9-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.9.5 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tychesoftwares:arconix_faq:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:tychesoftwares:print_invoice_\\&_delivery_notes_for_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "arconix-faq", + "packageType": "wordpress-plugin", + "product": "Arconix FAQ", + "repo": "https://plugins.svn.wordpress.org/arconix-faq", + "vendor": "Tyche Softwares", + "versions": [ + { + "lessThan": "1.9.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f76181a-8fb4-4f0e-b84c-0dabc482261d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38794.json b/data/anchore/2024/CVE-2024-38794.json new file mode 100644 index 00000000..b4682101 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38794.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38794", + "description": "Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/post-type-archive-mapping/wordpress-custom-query-blocks-plugin-5-2-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 5.3.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:mediaron:custom_query_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "post-type-archive-mapping", + "packageType": "wordpress-plugin", + "product": "Custom Query Blocks", + "repo": "https://plugins.svn.wordpress.org/post-type-archive-mapping", + "vendor": "MediaRon LLC", + "versions": [ + { + "lessThan": "5.3.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16fd140b-c976-4425-8ac5-a524b8cf1a42?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39625.json b/data/anchore/2024/CVE-2024-39625.json new file mode 100644 index 00000000..eed46209 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39625.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39625", + "description": "Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-24-unauthenticated-message-duplication-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.1.25 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "icegram", + "packageType": "wordpress-plugin", + "product": "Icegram", + "repo": "https://plugins.svn.wordpress.org/icegram", + "vendor": "icegram", + "versions": [ + { + "lessThan": "3.1.25", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5782d6-f36b-4b7d-b6c0-b9329fb8725c?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39635.json b/data/anchore/2024/CVE-2024-39635.json new file mode 100644 index 00000000..a74f3c10 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39635.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39635", + "description": "Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.2.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "youzify", + "packageType": "wordpress-plugin", + "product": "Youzify", + "repo": "https://plugins.svn.wordpress.org/youzify", + "vendor": "KaineLabs", + "versions": [ + { + "lessThan": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8390dc5-24db-4d39-ba26-eaa87d260f1c?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39639.json b/data/anchore/2024/CVE-2024-39639.json new file mode 100644 index 00000000..064df1b1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39639.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39639", + "description": "Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-file-upload/wordpress-wordpress-file-upload-plugin-4-24-7-broken-access-control-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.24.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-file-upload", + "packageType": "wordpress-plugin", + "product": "WordPress File Upload", + "repo": "https://plugins.svn.wordpress.org/wp-file-upload", + "vendor": "Nickolas Bossinas", + "versions": [ + { + "lessThan": "4.24.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fd93c96-36e9-4e9b-a7ef-b4dc6b7221a8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39640.json b/data/anchore/2024/CVE-2024-39640.json new file mode 100644 index 00000000..acc81fd6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39640.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39640", + "description": "Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/insta-gallery/wordpress-social-feed-gallery-plugin-4-3-9-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.4.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:quadlayers:wp_social_feed_gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "insta-gallery", + "packageType": "wordpress-plugin", + "product": "WP Social Feed Gallery", + "repo": "https://plugins.svn.wordpress.org/insta-gallery", + "vendor": "QuadLayers", + "versions": [ + { + "lessThan": "4.4.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e32504a-0365-4ff7-9637-11ee04441a17?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39654.json b/data/anchore/2024/CVE-2024-39654.json new file mode 100644 index 00000000..f0cbe6f0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39654.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39654", + "description": "Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-12-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.2.13 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sign-up-sheets", + "packageType": "wordpress-plugin", + "product": "Sign-up Sheets", + "repo": "https://plugins.svn.wordpress.org/sign-up-sheets", + "vendor": "Fetch Designs", + "versions": [ + { + "lessThan": "2.2.13", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2389f614-a9e6-479c-a713-71271d3a35c6?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39664.json b/data/anchore/2024/CVE-2024-39664.json new file mode 100644 index 00000000..226c5193 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39664.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39664", + "description": "Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/ymc-smart-filter/wordpress-filter-grids-plugin-2-8-32-broken-authentication-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.8.34 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ymc-22:filter_\\&_grids:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ymc-smart-filter", + "packageType": "wordpress-plugin", + "product": "Filter & Grids", + "repo": "https://plugins.svn.wordpress.org/ymc-smart-filter", + "vendor": "YMC", + "versions": [ + { + "lessThan": "2.8.34", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac799e11-2f7b-43c2-88da-e77c075a958f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43136.json b/data/anchore/2024/CVE-2024-43136.json new file mode 100644 index 00000000..be36848d --- /dev/null +++ b/data/anchore/2024/CVE-2024-43136.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43136", + "description": "Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.2.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sunshine-photo-cart", + "packageType": "wordpress-plugin", + "product": "Sunshine Photo Cart", + "repo": "https://plugins.svn.wordpress.org/sunshine-photo-cart", + "vendor": "WP Sunshine", + "versions": [ + { + "lessThan": "3.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/546f5b08-d4e9-4a19-97d6-2022a0c5c64f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43157.json b/data/anchore/2024/CVE-2024-43157.json new file mode 100644 index 00000000..51101c9e --- /dev/null +++ b/data/anchore/2024/CVE-2024-43157.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43157", + "description": "Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/formcraft-form-builder/wordpress-formcraft-plugin-1-2-10-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.2.11 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:formcrafts:formcraft:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:ncrafts:formcraft:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "formcraft-form-builder", + "packageType": "wordpress-plugin", + "product": "FormCraft", + "repo": "https://plugins.svn.wordpress.org/formcraft-form-builder", + "vendor": "nCrafts", + "versions": [ + { + "lessThan": "1.2.11", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be73e45a-ce00-4a1f-b722-32a94c5beadc?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43208.json b/data/anchore/2024/CVE-2024-43208.json new file mode 100644 index 00000000..4b9bf897 --- /dev/null +++ b/data/anchore/2024/CVE-2024-43208.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43208", + "description": "Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/send-emails-with-mandrill/wordpress-send-emails-with-mandrill-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.4.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:millermedia:mandrill:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "send-emails-with-mandrill", + "packageType": "wordpress-plugin", + "product": "Send Emails with Mandrill", + "repo": "https://plugins.svn.wordpress.org/send-emails-with-mandrill", + "vendor": "Miller Media ( Matt Miller )", + "versions": [ + { + "lessThan": "1.4.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76b8e263-7073-4f93-95cb-0b61580337b3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43209.json b/data/anchore/2024/CVE-2024-43209.json new file mode 100644 index 00000000..37997b39 --- /dev/null +++ b/data/anchore/2024/CVE-2024-43209.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43209", + "description": "Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-bitly/wordpress-bitly-s-wordpress-plugin-plugin-2-7-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Deactivate and delete. This plugin has been closed as of July 25, 2024 and is not available for download" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:bitly:bitly:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-bitly", + "packageType": "wordpress-plugin", + "product": "Bitly", + "repo": "https://plugins.svn.wordpress.org/wp-bitly", + "vendor": "Bitly", + "versions": [ + { + "lessThanOrEqual": "2.7.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74160271-b27d-49fe-9550-e3949ecad048?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43229.json b/data/anchore/2024/CVE-2024-43229.json new file mode 100644 index 00000000..e8e4d31c --- /dev/null +++ b/data/anchore/2024/CVE-2024-43229.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43229", + "description": "Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Search Analytics: from n/a through 1.4.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/search-analytics/wordpress-wp-search-analytics-plugin-1-4-9-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.4.10 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cornelraiu:wp_search_analytics:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "search-analytics", + "packageType": "wordpress-plugin", + "product": "WP Search Analytics", + "repo": "https://plugins.svn.wordpress.org/search-analytics", + "vendor": "Cornel Raiu", + "versions": [ + { + "lessThan": "1.4.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e14b479-07bb-46f7-8542-577cb1b60d27?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43253.json b/data/anchore/2024/CVE-2024-43253.json new file mode 100644 index 00000000..8750646b --- /dev/null +++ b/data/anchore/2024/CVE-2024-43253.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43253", + "description": "Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.5.7 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "clover-online-orders", + "packageType": "wordpress-plugin", + "product": "Smart Online Order for Clover", + "repo": "https://plugins.svn.wordpress.org/clover-online-orders", + "vendor": "Zaytech", + "versions": [ + { + "lessThan": "1.5.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/195788de-129e-4112-bcab-a7835c8164ca?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43268.json b/data/anchore/2024/CVE-2024-43268.json new file mode 100644 index 00000000..d46ee37b --- /dev/null +++ b/data/anchore/2024/CVE-2024-43268.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43268", + "description": "Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows .\n\nThis issue affects Backup and Restore WordPress: from n/a through 1.50.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-backitup/wordpress-backup-and-restore-wordpress-plugin-1-50-broken-access-control-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpbackitup:backup_and_restore_wordpress:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-backitup", + "packageType": "wordpress-plugin", + "product": "Backup and Restore WordPress", + "repo": "https://plugins.svn.wordpress.org/wp-backitup", + "vendor": "WPBackItUp", + "versions": [ + { + "lessThanOrEqual": "1.50", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61a050bd-deaa-4115-baa5-f63790816450?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43290.json b/data/anchore/2024/CVE-2024-43290.json new file mode 100644 index 00000000..c6213e3f --- /dev/null +++ b/data/anchore/2024/CVE-2024-43290.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43290", + "description": "Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/atarim-visual-collaboration/wordpress-atarim-plugin-4-0-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.0.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:atarim:atarim:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "atarim-visual-collaboration", + "packageType": "wordpress-plugin", + "product": "Atarim", + "repo": "https://plugins.svn.wordpress.org/atarim-visual-collaboration", + "vendor": "Atarim", + "versions": [ + { + "lessThan": "4.0.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ede2bc-15a6-4194-a963-d176cb0fc612?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47302.json b/data/anchore/2024/CVE-2024-47302.json new file mode 100644 index 00000000..2277aa6c --- /dev/null +++ b/data/anchore/2024/CVE-2024-47302.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47302", + "description": "Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/fluent-support/wordpress-fluent-support-plugin-1-8-0-broken-access-control-on-email-verification-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "fluent-support", + "packageType": "wordpress-plugin", + "product": "Fluent Support", + "repo": "https://plugins.svn.wordpress.org/fluent-support", + "vendor": "WPManageNinja LLC", + "versions": [ + { + "lessThan": "1.8.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/039ac1d9-ccb5-43d0-8b17-10d12b7df90e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47308.json b/data/anchore/2024/CVE-2024-47308.json new file mode 100644 index 00000000..0b00125a --- /dev/null +++ b/data/anchore/2024/CVE-2024-47308.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47308", + "description": "Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/templately/wordpress-templately-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.1.3 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "templately", + "packageType": "wordpress-plugin", + "product": "Templately", + "repo": "https://plugins.svn.wordpress.org/templately", + "vendor": "Templately", + "versions": [ + { + "lessThan": "3.1.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa75f3a-3582-4851-a67c-6c4981fb9abb?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47311.json b/data/anchore/2024/CVE-2024-47311.json new file mode 100644 index 00000000..59344e1a --- /dev/null +++ b/data/anchore/2024/CVE-2024-47311.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47311", + "description": "Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wheel-of-life/wordpress-wheel-of-life-plugin-1-1-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.1.9 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kraftplugins:wheel_of_life:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wheel-of-life", + "packageType": "wordpress-plugin", + "product": "Wheel of Life", + "repo": "https://plugins.svn.wordpress.org/wheel-of-life", + "vendor": "Kraft Plugins", + "versions": [ + { + "lessThan": "1.1.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b74b9d-b296-4d3b-936f-419dad502d79?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47314.json b/data/anchore/2024/CVE-2024-47314.json new file mode 100644 index 00000000..c45f0321 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47314.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47314", + "description": "Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.2.9 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sunshine-photo-cart", + "packageType": "wordpress-plugin", + "product": "Sunshine Photo Cart", + "repo": "https://plugins.svn.wordpress.org/sunshine-photo-cart", + "vendor": "WP Sunshine", + "versions": [ + { + "lessThan": "3.2.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47318.json b/data/anchore/2024/CVE-2024-47318.json new file mode 100644 index 00000000..d0e3fbad --- /dev/null +++ b/data/anchore/2024/CVE-2024-47318.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47318", + "description": "Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/pwa-for-wp/wordpress-pwa-for-wp-amp-plugin-1-7-72-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.7.73 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:magazine3:pwa_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "pwa-for-wp", + "packageType": "wordpress-plugin", + "product": "PWA for WP & AMP", + "repo": "https://plugins.svn.wordpress.org/pwa-for-wp", + "vendor": "Magazine3", + "versions": [ + { + "lessThan": "1.7.73", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/75413c3f-7880-4b10-bf1a-fcfdab877ff5?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47358.json b/data/anchore/2024/CVE-2024-47358.json new file mode 100644 index 00000000..269eb1b0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47358.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47358", + "description": "Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/popup-maker/wordpress-popup-maker-plugin-1-19-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.20.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "popup-maker", + "packageType": "wordpress-plugin", + "product": "Popup Maker", + "repo": "https://plugins.svn.wordpress.org/popup-maker", + "vendor": "Popup Maker", + "versions": [ + { + "lessThan": "1.20.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2102b3-408b-4278-b542-b5d30685960d?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47359.json b/data/anchore/2024/CVE-2024-47359.json new file mode 100644 index 00000000..35db64ff --- /dev/null +++ b/data/anchore/2024/CVE-2024-47359.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47359", + "description": "Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/depicter/wordpress-depicter-plugin-3-2-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.5.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:averta:depicter_slider:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:depicter:depicter:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "depicter", + "packageType": "wordpress-plugin", + "product": "Depicter Slider", + "repo": "https://plugins.svn.wordpress.org/depicter", + "vendor": "Depicter Slider and Popup by Averta", + "versions": [ + { + "lessThan": "3.5.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d9f9774-e45d-4b69-80e0-dce1e7c0ea78?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47361.json b/data/anchore/2024/CVE-2024-47361.json new file mode 100644 index 00000000..45c71d54 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47361.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47361", + "description": "Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.13.7 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "addon-elements-for-elementor-page-builder", + "packageType": "wordpress-plugin", + "product": "Elementor Addon Elements", + "repo": "https://plugins.svn.wordpress.org/addon-elements-for-elementor-page-builder", + "vendor": "WPVibes", + "versions": [ + { + "lessThan": "1.13.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8814b0-6818-47c2-9f2a-8fe12485bd33?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47362.json b/data/anchore/2024/CVE-2024-47362.json new file mode 100644 index 00000000..21f5de64 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47362.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47362", + "description": "Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-16-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.1.17 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:machothemes:strong_testimonials:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "strong-testimonials", + "packageType": "wordpress-plugin", + "product": "Strong Testimonials", + "repo": "https://plugins.svn.wordpress.org/strong-testimonials", + "vendor": "WPChill", + "versions": [ + { + "lessThan": "3.1.17", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb9253de-7139-422b-aa17-b25937d6a21c?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47630.json b/data/anchore/2024/CVE-2024-47630.json new file mode 100644 index 00000000..74ad54d4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47630.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47630", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/elementinvader-addons-for-elementor/wordpress-elementinvader-addons-for-elementor-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.2.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:elementinvader:elementinvader_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "elementinvader-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "ElementInvader Addons for Elementor", + "repo": "https://plugins.svn.wordpress.org/elementinvader-addons-for-elementor", + "vendor": "ElementInvader", + "versions": [ + { + "lessThan": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2acd36d-013b-4833-95ea-27d6b6db64a0?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48045.json b/data/anchore/2024/CVE-2024-48045.json new file mode 100644 index 00000000..a3a688c4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-48045.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48045", + "description": "Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-elementor-addons-plugin-3-12-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.12.4 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:-:wordpress:*:*" + ], + "packageName": "happy-elementor-addons", + "packageType": "wordpress-plugin", + "product": "Happy Addons for Elementor", + "repo": "https://plugins.svn.wordpress.org/happy-elementor-addons", + "vendor": "Leevio", + "versions": [ + { + "lessThan": "3.12.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc447bc-841c-443f-9949-a0d852762fd9?source=cve" + } + ] + } +} \ No newline at end of file