-
Notifications
You must be signed in to change notification settings - Fork 357
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-45gg-w2cf-qwhh GHSA-6876-c4r3-53ww GHSA-69jp-7vgw-2cgr GHSA-7jq5-8rmw-j9wh GHSA-9grv-p46v-p3fp GHSA-9hcf-78cf-xwqv GHSA-c33j-w5w4-w9q4 GHSA-c75v-42g3-xvcr GHSA-chc6-3mhw-pc4r GHSA-f39m-g6qq-h3xv GHSA-f5ph-j9m6-qjqc GHSA-fg8c-fxj5-qp3x GHSA-mj6j-32rm-jv58 GHSA-mvq2-cppv-f4gq GHSA-rpx4-w2f7-q5ww GHSA-v3w4-79rw-r73c GHSA-v9f7-mhwh-hfh9
- Loading branch information
1 parent
66f890e
commit ef48511
Showing
17 changed files
with
521 additions
and
0 deletions.
There are no files selected for viewing
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-45gg-w2cf-qwhh/GHSA-45gg-w2cf-qwhh.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-45gg-w2cf-qwhh", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-12436" | ||
| ], | ||
| "details": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12436" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/3345a403-f62c-40c1-b7ae-bc947591e02a" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:22Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-6876-c4r3-53ww/GHSA-6876-c4r3-53ww.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6876-c4r3-53ww", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13056" | ||
| ], | ||
| "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13056" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/a6acb608-a23e-461d-af48-a6669a45594a" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-69jp-7vgw-2cgr/GHSA-69jp-7vgw-2cgr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-69jp-7vgw-2cgr", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-12774" | ||
| ], | ||
| "details": "The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12774" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/8decbef5-f106-488b-925c-42b3b280460a" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:22Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-7jq5-8rmw-j9wh/GHSA-7jq5-8rmw-j9wh.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7jq5-8rmw-j9wh", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13095" | ||
| ], | ||
| "details": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13095" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/74e95fb5-025b-4d4d-a279-844b6ee3e57d" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-9grv-p46v-p3fp/GHSA-9grv-p46v-p3fp.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9grv-p46v-p3fp", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13052" | ||
| ], | ||
| "details": "The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13052" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/671d5eef-c496-4047-9d01-8ab8a94cdc72" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:22Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-9hcf-78cf-xwqv/GHSA-9hcf-78cf-xwqv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-9hcf-78cf-xwqv", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13117" | ||
| ], | ||
| "details": "The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13117" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/3234cdac-f328-4f1e-a1de-31fbd86aefb9" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-c33j-w5w4-w9q4/GHSA-c33j-w5w4-w9q4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-c33j-w5w4-w9q4", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13055" | ||
| ], | ||
| "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13055" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/91178272-ed7e-412c-a187-e360a1313004" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-c75v-42g3-xvcr/GHSA-c75v-42g3-xvcr.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-c75v-42g3-xvcr", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13094" | ||
| ], | ||
| "details": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13094" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-50dadcea7713" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-chc6-3mhw-pc4r/GHSA-chc6-3mhw-pc4r.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-chc6-3mhw-pc4r", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-43446" | ||
| ], | ||
| "details": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43446" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-02" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-269" | ||
| ], | ||
| "severity": "LOW", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:24Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-f39m-g6qq-h3xv/GHSA-f39m-g6qq-h3xv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-f39m-g6qq-h3xv", | ||
| "modified": "2025-01-27T06:30:24Z", | ||
| "published": "2025-01-27T06:30:24Z", | ||
| "aliases": [ | ||
| "CVE-2024-12280" | ||
| ], | ||
| "details": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12280" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/2b32c0b8-28bb-4220-800b-4c369bca91c5" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:21Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2025/01/GHSA-f5ph-j9m6-qjqc/GHSA-f5ph-j9m6-qjqc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-f5ph-j9m6-qjqc", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-13057" | ||
| ], | ||
| "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13057" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-fg8c-fxj5-qp3x/GHSA-fg8c-fxj5-qp3x.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-fg8c-fxj5-qp3x", | ||
| "modified": "2025-01-27T06:30:26Z", | ||
| "published": "2025-01-27T06:30:26Z", | ||
| "aliases": [ | ||
| "CVE-2024-43445" | ||
| ], | ||
| "details": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43445" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-01" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-20" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-27T06:15:23Z" | ||
| } | ||
| } |
Oops, something went wrong.