generated content from 2024-06-30

mapping.csv

@@ -241963,3 +241963,19 @@ vulnerability,CVE-2024-38522,vulnerability--eb875a69-edc2-46fb-b5aa-2e7bf2b3e8c3
 vulnerability,CVE-2024-38532,vulnerability--e1a290ee-53c0-4095-bea4-56afb0f6ccee
 vulnerability,CVE-2024-38531,vulnerability--69e5cc65-c826-485a-b072-4d6515cb767d
 vulnerability,CVE-2024-38533,vulnerability--7ac1df4c-a931-4dc9-9bb3-92bdb3b31cc1
+vulnerability,CVE-2023-4017,vulnerability--5eeadd30-44f5-4d95-9a33-2c41c2ab58ab
+vulnerability,CVE-2024-6363,vulnerability--5ffef5db-adbe-450b-92d0-230fc94ed248
+vulnerability,CVE-2024-6265,vulnerability--d51045dd-6654-4d23-a7cc-727a2acd0865
+vulnerability,CVE-2024-6405,vulnerability--61b3143a-dec6-49c1-9139-a2fffbb28ba2
+vulnerability,CVE-2024-2386,vulnerability--dfd95645-863a-44ee-baa6-ae11cf2d3291
+vulnerability,CVE-2024-25943,vulnerability--9d34e335-401c-4712-8871-6702a544ee6e
+vulnerability,CVE-2024-5889,vulnerability--e55d33f2-3496-4c08-927d-0e3345fa6524
+vulnerability,CVE-2024-5819,vulnerability--39f5f1d6-304e-4f64-a72a-1ba20ac350b5
+vulnerability,CVE-2024-5790,vulnerability--4bbb6c38-14b4-4a05-93ed-1dba9c2b398d
+vulnerability,CVE-2024-5598,vulnerability--e9f365a3-af2b-4707-8778-a289e083c190
+vulnerability,CVE-2024-5942,vulnerability--351d6899-a564-4acd-ada5-94e815d632b4
+vulnerability,CVE-2024-5192,vulnerability--2d7ff49f-cacb-4b44-93a8-3323dbff92a4
+vulnerability,CVE-2024-5666,vulnerability--e6fe168e-0ae8-4c97-ad89-0d7725695fe4
+vulnerability,CVE-2024-39848,vulnerability--ad55cb19-3a9c-494b-a0c4-cf971b93755a
+vulnerability,CVE-2024-39840,vulnerability--3401d2a7-d47a-4356-8065-e48b801b67ad
+vulnerability,CVE-2024-39846,vulnerability--7fdbac92-4234-4d93-adde-b5697746e43f

objects/vulnerability/vulnerability--2d7ff49f-cacb-4b44-93a8-3323dbff92a4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ed2ad957-535e-47fc-8e6f-6a1067f7ea74",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2d7ff49f-cacb-4b44-93a8-3323dbff92a4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.956659Z",
+            "modified": "2024-06-30T00:34:00.956659Z",
+            "name": "CVE-2024-5192",
+            "description": "The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5192"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3401d2a7-d47a-4356-8065-e48b801b67ad.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--66c76a3a-61c3-4e64-962e-d30f1e34434d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3401d2a7-d47a-4356-8065-e48b801b67ad",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:01.091627Z",
+            "modified": "2024-06-30T00:34:01.091627Z",
+            "name": "CVE-2024-39840",
+            "description": "Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-39840"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--351d6899-a564-4acd-ada5-94e815d632b4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--cb240549-081e-4af6-9e9c-c8187ca6db0a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--351d6899-a564-4acd-ada5-94e815d632b4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.952232Z",
+            "modified": "2024-06-30T00:34:00.952232Z",
+            "name": "CVE-2024-5942",
+            "description": "The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to clone and read private posts.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5942"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--39f5f1d6-304e-4f64-a72a-1ba20ac350b5.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6b2ceff5-9c52-464f-8b8d-8f04f2da769c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--39f5f1d6-304e-4f64-a72a-1ba20ac350b5",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.924871Z",
+            "modified": "2024-06-30T00:34:00.924871Z",
+            "name": "CVE-2024-5819",
+            "description": "The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5819"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4bbb6c38-14b4-4a05-93ed-1dba9c2b398d.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9f239043-a8b5-4f58-be10-e6cf7ae6421b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4bbb6c38-14b4-4a05-93ed-1dba9c2b398d",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.932306Z",
+            "modified": "2024-06-30T00:34:00.932306Z",
+            "name": "CVE-2024-5790",
+            "description": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5790"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--5eeadd30-44f5-4d95-9a33-2c41c2ab58ab.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ff46ff98-25ca-41c4-b7be-914c0911e3c5",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--5eeadd30-44f5-4d95-9a33-2c41c2ab58ab",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:33:58.73715Z",
+            "modified": "2024-06-30T00:33:58.73715Z",
+            "name": "CVE-2023-4017",
+            "description": "The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’,  'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-4017"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--5ffef5db-adbe-450b-92d0-230fc94ed248.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1821d287-61d5-48a5-b6af-3d51205b4975",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--5ffef5db-adbe-450b-92d0-230fc94ed248",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.442607Z",
+            "modified": "2024-06-30T00:34:00.442607Z",
+            "name": "CVE-2024-6363",
+            "description": "The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6363"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--61b3143a-dec6-49c1-9139-a2fffbb28ba2.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e748d6b7-8ac3-422d-acc9-04190f9594ad",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--61b3143a-dec6-49c1-9139-a2fffbb28ba2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.46676Z",
+            "modified": "2024-06-30T00:34:00.46676Z",
+            "name": "CVE-2024-6405",
+            "description": "The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6405"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--7fdbac92-4234-4d93-adde-b5697746e43f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e2be6efd-4eaf-456c-87de-7c5c6bb29692",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--7fdbac92-4234-4d93-adde-b5697746e43f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:01.095525Z",
+            "modified": "2024-06-30T00:34:01.095525Z",
+            "name": "CVE-2024-39846",
+            "description": "NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-39846"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--9d34e335-401c-4712-8871-6702a544ee6e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5eb289f1-72b7-465d-be6e-93f70f01ebec",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--9d34e335-401c-4712-8871-6702a544ee6e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.877415Z",
+            "modified": "2024-06-30T00:34:00.877415Z",
+            "name": "CVE-2024-25943",
+            "description": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-25943"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--ad55cb19-3a9c-494b-a0c4-cf971b93755a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--108dc2a2-5576-44cc-a79d-9e359c620c1a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--ad55cb19-3a9c-494b-a0c4-cf971b93755a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:01.076727Z",
+            "modified": "2024-06-30T00:34:01.076727Z",
+            "name": "CVE-2024-39848",
+            "description": "Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects \"Grouper for Web Services\" before 4.13.1.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-39848"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--d51045dd-6654-4d23-a7cc-727a2acd0865.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--68f7695c-063f-4939-8427-15dc728e1b51",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--d51045dd-6654-4d23-a7cc-727a2acd0865",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.463301Z",
+            "modified": "2024-06-30T00:34:00.463301Z",
+            "name": "CVE-2024-6265",
+            "description": "The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6265"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--dfd95645-863a-44ee-baa6-ae11cf2d3291.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d3c2ceac-6e28-40a5-8e6b-57d3501bba2f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--dfd95645-863a-44ee-baa6-ae11cf2d3291",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.845657Z",
+            "modified": "2024-06-30T00:34:00.845657Z",
+            "name": "CVE-2024-2386",
+            "description": "The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-2386"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--e55d33f2-3496-4c08-927d-0e3345fa6524.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--064b67a9-368c-4475-acaa-50ed0c272df5",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--e55d33f2-3496-4c08-927d-0e3345fa6524",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.920224Z",
+            "modified": "2024-06-30T00:34:00.920224Z",
+            "name": "CVE-2024-5889",
+            "description": "The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5889"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--e6fe168e-0ae8-4c97-ad89-0d7725695fe4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5eac3ea8-e34a-414a-89ff-2a1180e8888b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--e6fe168e-0ae8-4c97-ad89-0d7725695fe4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-06-30T00:34:00.962901Z",
+            "modified": "2024-06-30T00:34:00.962901Z",
+            "name": "CVE-2024-5666",
+            "description": "The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-5666"
+                }
+            ]
+        }
+    ]
+}