Auto-Update: 2024-12-12T07:00:21.126632+00:00

fkie-cad · Dec 12, 2024 · 9d708b9 · 9d708b9
1 parent 98f7e0f
commit 9d708b9
Show file tree

Hide file tree

Showing 47 changed files with 2,527 additions and 50 deletions.
diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10010.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10010.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10010",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:18.997",
+  "lastModified": "2024-12-12T06:15:18.997",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10124.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10124.json
@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2024-10124",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.100",
+  "lastModified": "2024-12-12T06:15:20.100",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3173408/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10182.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10182.json
@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2024-10182",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T05:15:05.960",
+  "lastModified": "2024-12-12T05:15:05.960",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L46",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L50",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L193",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L51",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://wordpress.org/plugins/cognito-forms/#developers",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80b1d728-b5aa-4811-b92a-9ce36abc2b80?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10499.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10499.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10499",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.337",
+  "lastModified": "2024-12-12T06:15:20.337",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/8606a93a-f61d-40df-a67e-0ac75eeadee8/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10517.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10517.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10517",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.457",
+  "lastModified": "2024-12-12T06:15:20.457",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/f7c3a990-458e-4e15-b427-0b37de120740/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10518.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10518.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10518",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.593",
+  "lastModified": "2024-12-12T06:15:20.593",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/a1e5ad16-6240-4920-888a-36fbac22cc71/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10568.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10568.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10568",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.713",
+  "lastModified": "2024-12-12T06:15:20.713",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Ajax Search Lite  WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/1676aef0-be5d-4335-933d-dc0d54416fd4/",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10590.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10590.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10590",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T05:15:06.807",
+  "lastModified": "2024-12-12T05:15:06.807",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/subscribe-download/2687305",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10637.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10637.json
@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-10637",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-12T06:15:20.840",
+  "lastModified": "2024-12-12T06:15:20.840",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Gutenberg Blocks with AI by Kadence WP  WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/",
+      "source": "[email protected]"
+    }
+  ]
+}