Skip to content

Commit

Permalink
Auto-Update: 2024-11-30T23:00:29.326916+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Nov 30, 2024
1 parent cd46bd6 commit 12c8d37
Show file tree
Hide file tree
Showing 22 changed files with 1,169 additions and 12 deletions.
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53738.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53738",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T21:15:15.350",
"lastModified": "2024-11-30T21:15:15.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-asset-clean-up/vulnerability/wordpress-asset-cleanup-page-speed-booster-plugin-1-3-9-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53739.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53739",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T21:15:15.653",
"lastModified": "2024-11-30T21:15:15.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cryptocurrency-widgets-for-elementor/vulnerability/wordpress-cryptocurrency-widgets-for-elementor-plugin-1-6-4-local-file-inclusion-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53756.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53756",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T22:15:17.433",
"lastModified": "2024-11-30T22:15:17.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aftab Husain Vertical Carousel allows Stored XSS.This issue affects Vertical Carousel: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/vertical-carousel-slider/vulnerability/wordpress-vertical-carousel-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53757.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53757",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T22:15:17.740",
"lastModified": "2024-11-30T22:15:17.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest allows Stored XSS.This issue affects WP Find Your Nearest: from n/a through 0.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-find-your-nearest/vulnerability/wordpress-wp-find-your-nearest-plugin-0-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53758.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53758",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T22:15:17.883",
"lastModified": "2024-11-30T22:15:17.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP MathJax allows Stored XSS.This issue affects WP MathJax: from n/a through 1.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-mathjax-plus/vulnerability/wordpress-wp-mathjax-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
56 changes: 56 additions & 0 deletions CVE-2024/CVE-2024-537xx/CVE-2024-53760.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"id": "CVE-2024-53760",
"sourceIdentifier": "[email protected]",
"published": "2024-11-30T22:15:18.020",
"lastModified": "2024-11-30T22:15:18.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title allows Stored XSS.This issue affects Capitalize My Title: from n/a through 0.5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/capitalize-my-title/vulnerability/wordpress-capitalize-my-title-wordpress-plugin-0-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
Loading

0 comments on commit 12c8d37

Please sign in to comment.