-
Notifications
You must be signed in to change notification settings - Fork 346
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5328ada
commit c82dd2f
Showing
4 changed files
with
161 additions
and
0 deletions.
There are no files selected for viewing
40 changes: 40 additions & 0 deletions
40
advisories/unreviewed/2024/12/GHSA-2rmv-3q59-r6g3/GHSA-2rmv-3q59-r6g3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-2rmv-3q59-r6g3", | ||
| "modified": "2024-12-21T06:30:43Z", | ||
| "published": "2024-12-21T06:30:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-11349" | ||
| ], | ||
| "details": "The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11349" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f374b3d1-820b-473f-8d2b-c3267e6d23d9?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-288" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T05:15:07Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-849q-7cqw-rh6w/GHSA-849q-7cqw-rh6w.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-849q-7cqw-rh6w", | ||
| "modified": "2024-12-21T06:30:43Z", | ||
| "published": "2024-12-21T06:30:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-12846" | ||
| ], | ||
| "details": "A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12846" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/emlog/emlog/issues/307" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289082" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289082" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.462614" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T05:15:07Z" | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
advisories/unreviewed/2024/12/GHSA-j94m-533w-g94g/GHSA-j94m-533w-g94g.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-j94m-533w-g94g", | ||
| "modified": "2024-12-21T06:30:43Z", | ||
| "published": "2024-12-21T06:30:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-11607" | ||
| ], | ||
| "details": "The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", | ||
| "severity": [], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11607" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://wpscan.com/vulnerability/132b5193-156b-40b8-b5c7-08646e1f6866" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T06:15:20Z" | ||
| } | ||
| } |
40 changes: 40 additions & 0 deletions
40
advisories/unreviewed/2024/12/GHSA-mwjr-qhm9-8w7v/GHSA-mwjr-qhm9-8w7v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-mwjr-qhm9-8w7v", | ||
| "modified": "2024-12-21T06:30:43Z", | ||
| "published": "2024-12-21T06:30:43Z", | ||
| "aliases": [ | ||
| "CVE-2024-11977" | ||
| ], | ||
| "details": "The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11977" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://plugins.trac.wordpress.org/browser/kk-star-ratings/tags/5.4.9/src/core/wp/actions/wp_ajax_kk-star-ratings.php#L84" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dea49fb-2703-4754-9abd-5f4e526d5570?source=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-94" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-21T06:15:21Z" | ||
| } | ||
| } |