-
Notifications
You must be signed in to change notification settings - Fork 313
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-vjqc-g788-f378 GHSA-2pwj-8mjg-j34f GHSA-47rx-9m4v-5f59 GHSA-65vg-43vj-r32c GHSA-6xjf-hqcm-9g3f GHSA-7pp5-c4g8-xxc4 GHSA-9xp2-5x23-fhj5 GHSA-gjq6-76gc-q75p GHSA-h67p-q5m6-859h GHSA-hfqr-7mcf-f22q
- Loading branch information
1 parent
ad6a036
commit b56da45
Showing
10 changed files
with
385 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2024/02/GHSA-2pwj-8mjg-j34f/GHSA-2pwj-8mjg-j34f.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-2pwj-8mjg-j34f", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2023-4826" | ||
], | ||
"details": "The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4826" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://wpscan.com/vulnerability/99ec0add-8f4d-4d68-91aa-80b1631a53bf" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "http://socialdriver.com" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T10:15:07Z" | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2024/02/GHSA-47rx-9m4v-5f59/GHSA-47rx-9m4v-5f59.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-47rx-9m4v-5f59", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-1360" | ||
], | ||
"details": "The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1360" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://themes.trac.wordpress.org/changeset/218308/colibri-wp/1.0.101/inc/src/PluginsManager.php" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T11:15:08Z" | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2024/02/GHSA-65vg-43vj-r32c/GHSA-65vg-43vj-r32c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-65vg-43vj-r32c", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-1361" | ||
], | ||
"details": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1361" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/extend-builder/api/api.php" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T11:15:08Z" | ||
} | ||
} |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/02/GHSA-6xjf-hqcm-9g3f/GHSA-6xjf-hqcm-9g3f.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-6xjf-hqcm-9g3f", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-25928" | ||
], | ||
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.\n\n", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25928" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-89" | ||
], | ||
"severity": "HIGH", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T12:15:46Z" | ||
} | ||
} |
59 changes: 59 additions & 0 deletions
59
advisories/unreviewed/2024/02/GHSA-7pp5-c4g8-xxc4/GHSA-7pp5-c4g8-xxc4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-7pp5-c4g8-xxc4", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-26593" | ||
], | ||
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26593" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T10:15:07Z" | ||
} | ||
} |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/02/GHSA-9xp2-5x23-fhj5/GHSA-9xp2-5x23-fhj5.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-9xp2-5x23-fhj5", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-25915" | ||
], | ||
"details": "Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.\n\n", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25915" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://patchstack.com/database/vulnerability/wp-pexels-free-stock-photos/wordpress-pexels-free-stock-photos-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-918" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T12:15:46Z" | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2024/02/GHSA-gjq6-76gc-q75p/GHSA-gjq6-76gc-q75p.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-gjq6-76gc-q75p", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-1590" | ||
], | ||
"details": "The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1590" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail=" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T10:15:07Z" | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2024/02/GHSA-h67p-q5m6-859h/GHSA-h67p-q5m6-859h.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-h67p-q5m6-859h", | ||
"modified": "2024-02-23T12:30:31Z", | ||
"published": "2024-02-23T12:30:31Z", | ||
"aliases": [ | ||
"CVE-2024-1362" | ||
], | ||
"details": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1362" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/src/PageBuilder.php" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-02-23T11:15:08Z" | ||
} | ||
} |
Oops, something went wrong.