diff --git a/mapping.csv b/mapping.csv index fc52bb634b..545f8a1b32 100644 --- a/mapping.csv +++ b/mapping.csv @@ -254173,3 +254173,5 @@ vulnerability,CVE-2024-21510,vulnerability--b4dcc122-1dca-48ca-b2d7-c5bb0aab670b vulnerability,CVE-2024-49501,vulnerability--cd1e7893-8879-465f-b52d-fbf4f1ded0c4 vulnerability,CVE-2024-0106,vulnerability--d8ce850b-9009-44d8-ba93-f01d7e2af724 vulnerability,CVE-2024-0105,vulnerability--cde121f8-ed80-414a-a5b0-f69cd493e773 +vulnerability,CVE-2024-9655,vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d +vulnerability,CVE-2024-7424,vulnerability--57d814d3-aa72-4016-8b97-08da42137713 diff --git a/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json b/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json new file mode 100644 index 0000000000..c871db8be1 --- /dev/null +++ b/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f6dcf05-3db4-4861-ab28-063e2c0b751e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57d814d3-aa72-4016-8b97-08da42137713", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-01T08:24:25.776718Z", + "modified": "2024-11-01T08:24:25.776718Z", + "name": "CVE-2024-7424", + "description": "The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7424" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json b/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json new file mode 100644 index 0000000000..2519c5e6c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bd624fd-43d8-4aff-9393-e460a3e31014", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-01T08:24:25.454057Z", + "modified": "2024-11-01T08:24:25.454057Z", + "name": "CVE-2024-9655", + "description": "The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9655" + } + ] + } + ] +} \ No newline at end of file