Publish Advisories

GHSA-2x3r-qhc4-2pjr
GHSA-52vm-8f6x-7r3p
GHSA-6pj4-296c-2375
GHSA-6x3x-mhgp-4j2c
GHSA-g7qh-m9g7-242j
GHSA-gr7c-mhmf-p6jj
GHSA-j75g-rhx3-9jfv
GHSA-jj2m-7f8j-222w
GHSA-jq4w-q2w4-8qw3
GHSA-m2wr-9pq6-49jc
GHSA-q95f-jm6p-77wg
GHSA-qmm9-m4wr-gv24
GHSA-qv98-75v6-5rhf
GHSA-r4gm-mp4j-4fq7
GHSA-r53m-j46m-cw28
GHSA-rccv-3qjv-c8h5
GHSA-rp3x-cq62-cvh4
GHSA-vrm8-8c2f-82r7
GHSA-wpxq-m249-cq6r
GHSA-x87c-6pgx-5c37

Author: advisory-database[bot]

advisories/unreviewed/2024/09/GHSA-2x3r-qhc4-2pjr/GHSA-2x3r-qhc4-2pjr.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x3r-qhc4-2pjr",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7859"
+  ],
+  "details": "The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7859"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/88cacd47-d900-478c-b833-c6c55fd4b082"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-52vm-8f6x-7r3p/GHSA-52vm-8f6x-7r3p.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52vm-8f6x-7r3p",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-8054"
+  ],
+  "details": "The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8054"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/f27deffc-9555-44bf-8dee-1891c210ecfd"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:25Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-6pj4-296c-2375/GHSA-6pj4-296c-2375.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6pj4-296c-2375",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7766"
+  ],
+  "details": "The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7766"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/ca4d629e-ab55-4e5d-80c9-fddbc9c97259"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-6x3x-mhgp-4j2c/GHSA-6x3x-mhgp-4j2c.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6x3x-mhgp-4j2c",
+  "modified": "2024-09-12T06:30:21Z",
+  "published": "2024-09-12T06:30:21Z",
+  "aliases": [
+    "CVE-2024-6019"
+  ],
+  "details": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6019"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-g7qh-m9g7-242j/GHSA-g7qh-m9g7-242j.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g7qh-m9g7-242j",
+  "modified": "2024-09-12T06:30:21Z",
+  "published": "2024-09-12T06:30:21Z",
+  "aliases": [
+    "CVE-2024-8711"
+  ],
+  "details": "A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8711"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jz-qb/cve/blob/main/dir.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.277220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.277220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.405343"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-548"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T04:15:07Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-gr7c-mhmf-p6jj/GHSA-gr7c-mhmf-p6jj.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gr7c-mhmf-p6jj",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7861"
+  ],
+  "details": "The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7861"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/df9aa795-ba16-4806-b01a-311f80aa52c0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-j75g-rhx3-9jfv/GHSA-j75g-rhx3-9jfv.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j75g-rhx3-9jfv",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7817"
+  ],
+  "details": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7817"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/ab09e5a3-f5ea-479f-be2d-366f8707775e"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-jj2m-7f8j-222w/GHSA-jj2m-7f8j-222w.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jj2m-7f8j-222w",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7822"
+  ],
+  "details": "The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7822"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-jq4w-q2w4-8qw3/GHSA-jq4w-q2w4-8qw3.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jq4w-q2w4-8qw3",
+  "modified": "2024-09-12T06:30:22Z",
+  "published": "2024-09-12T06:30:22Z",
+  "aliases": [
+    "CVE-2024-7818"
+  ],
+  "details": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7818"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/3d2263b9-e1e7-4e86-8475-5e468eef1826"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:24Z"
+  }
+}

advisories/unreviewed/2024/09/GHSA-m2wr-9pq6-49jc/GHSA-m2wr-9pq6-49jc.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m2wr-9pq6-49jc",
+  "modified": "2024-09-12T06:30:21Z",
+  "published": "2024-09-12T06:30:21Z",
+  "aliases": [
+    "CVE-2024-6017"
+  ],
+  "details": "The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6017"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/06d0559e-4389-4280-bbef-d100c0e07903"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-09-12T06:15:23Z"
+  }
+}