From 60a7fed9b00e21eda1f6d5edd018f487e557d8c6 Mon Sep 17 00:00:00 2001 From: gitadvisor Date: Fri, 1 Nov 2024 08:24:54 +0000 Subject: [PATCH] generated content from 2024-11-01 --- mapping.csv | 2 ++ ...-57d814d3-aa72-4016-8b97-08da42137713.json | 22 +++++++++++++++++++ ...-c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json | 22 +++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json create mode 100644 objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json diff --git a/mapping.csv b/mapping.csv index fc52bb634b..545f8a1b32 100644 --- a/mapping.csv +++ b/mapping.csv @@ -254173,3 +254173,5 @@ vulnerability,CVE-2024-21510,vulnerability--b4dcc122-1dca-48ca-b2d7-c5bb0aab670b vulnerability,CVE-2024-49501,vulnerability--cd1e7893-8879-465f-b52d-fbf4f1ded0c4 vulnerability,CVE-2024-0106,vulnerability--d8ce850b-9009-44d8-ba93-f01d7e2af724 vulnerability,CVE-2024-0105,vulnerability--cde121f8-ed80-414a-a5b0-f69cd493e773 +vulnerability,CVE-2024-9655,vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d +vulnerability,CVE-2024-7424,vulnerability--57d814d3-aa72-4016-8b97-08da42137713 diff --git a/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json b/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json new file mode 100644 index 0000000000..c871db8be1 --- /dev/null +++ b/objects/vulnerability/vulnerability--57d814d3-aa72-4016-8b97-08da42137713.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f6dcf05-3db4-4861-ab28-063e2c0b751e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57d814d3-aa72-4016-8b97-08da42137713", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-01T08:24:25.776718Z", + "modified": "2024-11-01T08:24:25.776718Z", + "name": "CVE-2024-7424", + "description": "The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7424" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json b/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json new file mode 100644 index 0000000000..2519c5e6c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bd624fd-43d8-4aff-9393-e460a3e31014", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c12a8d70-0d56-4094-9c4d-cc30d71fe32d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-01T08:24:25.454057Z", + "modified": "2024-11-01T08:24:25.454057Z", + "name": "CVE-2024-9655", + "description": "The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9655" + } + ] + } + ] +} \ No newline at end of file