diff --git a/internal/data/assets/plugin_616666696c69617465732d6d616e61676572811c9dc5_gen.json b/internal/data/assets/plugin_616666696c69617465732d6d616e61676572811c9dc5_gen.json index ffbb7c00..5777c887 100644 --- a/internal/data/assets/plugin_616666696c69617465732d6d616e61676572811c9dc5_gen.json +++ b/internal/data/assets/plugin_616666696c69617465732d6d616e61676572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/33f07db9-ff4f-4f81-bf32-18b04d19624d/affiliates-manager","title":"Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"33f07db9-ff4f-4f81-bf32-18b04d19624d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/33f07db9-ff4f-4f81-bf32-18b04d19624d?source=api-prod","cve":"CVE-2019-15868","affectedVersions":"<2.6.6","severity":"high"},{"advisoryId":"WPSECADV/WF/433a03c2-09fd-4ce6-843b-55ad09f4b4f7/affiliates-manager","title":"Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"433a03c2-09fd-4ce6-843b-55ad09f4b4f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=api-prod","cve":"CVE-2024-0859","affectedVersions":"<=2.9.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/756b5e3e-46fa-483e-945a-86166e79d989/affiliates-manager","title":"Affiliates Manager <= 2.9.31 - Cross-Site Request Forgery via multiple AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"756b5e3e-46fa-483e-945a-86166e79d989"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/756b5e3e-46fa-483e-945a-86166e79d989?source=api-prod","cve":"CVE-2023-52130","affectedVersions":"<=2.9.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/7ff58a34-93ab-4e51-b857-fed1107631ea/affiliates-manager","title":"Affiliates Manager <= 2.7.7 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-09-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"7ff58a34-93ab-4e51-b857-fed1107631ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ff58a34-93ab-4e51-b857-fed1107631ea?source=api-prod","affectedVersions":"<2.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4/affiliates-manager","title":"Affiliates Manager <= 2.9.50 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4?source=api-prod","cve":"CVE-2026-52692","affectedVersions":"<=2.9.50","severity":"medium"},{"advisoryId":"WPSECADV/WF/98adce63-69e6-4a3b-97fe-ecd0480659f4/affiliates-manager","title":"Affiliate Manager <= 2.8.6 - Admin+ SQL injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"98adce63-69e6-4a3b-97fe-ecd0480659f4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98adce63-69e6-4a3b-97fe-ecd0480659f4?source=api-prod","cve":"CVE-2021-24844","affectedVersions":"<=2.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/abc3f352-8568-4649-bf3c-dd0ce0295589/affiliates-manager","title":"Affiliates Manager <= 2.9.30 - Sensitive Information Exposure via Log File\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"abc3f352-8568-4649-bf3c-dd0ce0295589"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abc3f352-8568-4649-bf3c-dd0ce0295589?source=api-prod","cve":"CVE-2023-52148","affectedVersions":"<=2.9.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/c8582af5-92e9-43ef-836f-d87d5cf827d8/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c8582af5-92e9-43ef-836f-d87d5cf827d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c8582af5-92e9-43ef-836f-d87d5cf827d8?source=api-prod","cve":"CVE-2022-2799","affectedVersions":"<=2.9.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/c9d5c661-bc81-4706-b930-6e3309f3d705/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c9d5c661-bc81-4706-b930-6e3309f3d705"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d5c661-bc81-4706-b930-6e3309f3d705?source=api-prod","cve":"CVE-2022-2798","affectedVersions":"<=2.9.13","severity":"critical"},{"advisoryId":"WPSECADV/WF/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44/affiliates-manager","title":"Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44?source=api-prod","cve":"CVE-2023-28986","affectedVersions":"<=2.9.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68e74c2-3732-40ae-b589-3a9159aff93d/affiliates-manager","title":"Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68e74c2-3732-40ae-b589-3a9159aff93d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e74c2-3732-40ae-b589-3a9159aff93d?source=api-prod","cve":"CVE-2021-25078","affectedVersions":"<=2.8.9","severity":"high"},{"advisoryId":"WPSECADV/WF/ddd37b7a-3ef8-4269-ba3b-665ae34bde26/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"ddd37b7a-3ef8-4269-ba3b-665ae34bde26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd37b7a-3ef8-4269-ba3b-665ae34bde26?source=api-prod","affectedVersions":"<=2.9.13","severity":"high"},{"advisoryId":"WPSECADV/WF/ecbb40a5-3e33-4084-a19b-daf014ce68c8/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecbb40a5-3e33-4084-a19b-daf014ce68c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbb40a5-3e33-4084-a19b-daf014ce68c8?source=api-prod","affectedVersions":"<=2.9.13","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/33f07db9-ff4f-4f81-bf32-18b04d19624d/affiliates-manager","title":"Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"33f07db9-ff4f-4f81-bf32-18b04d19624d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/33f07db9-ff4f-4f81-bf32-18b04d19624d?source=api-prod","cve":"CVE-2019-15868","affectedVersions":"<2.6.6","severity":"high"},{"advisoryId":"WPSECADV/WF/433a03c2-09fd-4ce6-843b-55ad09f4b4f7/affiliates-manager","title":"Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"433a03c2-09fd-4ce6-843b-55ad09f4b4f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=api-prod","cve":"CVE-2024-0859","affectedVersions":"<=2.9.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/756b5e3e-46fa-483e-945a-86166e79d989/affiliates-manager","title":"Affiliates Manager <= 2.9.31 - Cross-Site Request Forgery via multiple AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"756b5e3e-46fa-483e-945a-86166e79d989"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/756b5e3e-46fa-483e-945a-86166e79d989?source=api-prod","cve":"CVE-2023-52130","affectedVersions":"<=2.9.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b8ab7f8-a10c-4acb-887a-6c5c4055d526/affiliates-manager","title":"Affiliates Manager <= 2.9.49 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b8ab7f8-a10c-4acb-887a-6c5c4055d526"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b8ab7f8-a10c-4acb-887a-6c5c4055d526?source=api-prod","cve":"CVE-2026-57654","affectedVersions":"<=2.9.49","severity":"medium"},{"advisoryId":"WPSECADV/WF/7ff58a34-93ab-4e51-b857-fed1107631ea/affiliates-manager","title":"Affiliates Manager <= 2.7.7 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-09-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"7ff58a34-93ab-4e51-b857-fed1107631ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ff58a34-93ab-4e51-b857-fed1107631ea?source=api-prod","affectedVersions":"<2.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4/affiliates-manager","title":"Affiliates Manager <= 2.9.50 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3d5f62-9e68-4d45-bc3a-b1ac53a05ee4?source=api-prod","cve":"CVE-2026-52692","affectedVersions":"<=2.9.50","severity":"medium"},{"advisoryId":"WPSECADV/WF/98adce63-69e6-4a3b-97fe-ecd0480659f4/affiliates-manager","title":"Affiliate Manager <= 2.8.6 - Admin+ SQL injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"98adce63-69e6-4a3b-97fe-ecd0480659f4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98adce63-69e6-4a3b-97fe-ecd0480659f4?source=api-prod","cve":"CVE-2021-24844","affectedVersions":"<=2.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/abc3f352-8568-4649-bf3c-dd0ce0295589/affiliates-manager","title":"Affiliates Manager <= 2.9.30 - Sensitive Information Exposure via Log File\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"abc3f352-8568-4649-bf3c-dd0ce0295589"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abc3f352-8568-4649-bf3c-dd0ce0295589?source=api-prod","cve":"CVE-2023-52148","affectedVersions":"<=2.9.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/c8582af5-92e9-43ef-836f-d87d5cf827d8/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c8582af5-92e9-43ef-836f-d87d5cf827d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c8582af5-92e9-43ef-836f-d87d5cf827d8?source=api-prod","cve":"CVE-2022-2799","affectedVersions":"<=2.9.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/c9d5c661-bc81-4706-b930-6e3309f3d705/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c9d5c661-bc81-4706-b930-6e3309f3d705"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d5c661-bc81-4706-b930-6e3309f3d705?source=api-prod","cve":"CVE-2022-2798","affectedVersions":"<=2.9.13","severity":"critical"},{"advisoryId":"WPSECADV/WF/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44/affiliates-manager","title":"Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44?source=api-prod","cve":"CVE-2023-28986","affectedVersions":"<=2.9.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68e74c2-3732-40ae-b589-3a9159aff93d/affiliates-manager","title":"Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68e74c2-3732-40ae-b589-3a9159aff93d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e74c2-3732-40ae-b589-3a9159aff93d?source=api-prod","cve":"CVE-2021-25078","affectedVersions":"<=2.8.9","severity":"high"},{"advisoryId":"WPSECADV/WF/ddd37b7a-3ef8-4269-ba3b-665ae34bde26/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"ddd37b7a-3ef8-4269-ba3b-665ae34bde26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd37b7a-3ef8-4269-ba3b-665ae34bde26?source=api-prod","affectedVersions":"<=2.9.13","severity":"high"},{"advisoryId":"WPSECADV/WF/ecbb40a5-3e33-4084-a19b-daf014ce68c8/affiliates-manager","title":"Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecbb40a5-3e33-4084-a19b-daf014ce68c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbb40a5-3e33-4084-a19b-daf014ce68c8?source=api-prod","affectedVersions":"<=2.9.13","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_61692d73686172652d73756d6d6172697a65811c9dc5_gen.json b/internal/data/assets/plugin_61692d73686172652d73756d6d6172697a65811c9dc5_gen.json new file mode 100644 index 00000000..d5101357 --- /dev/null +++ b/internal/data/assets/plugin_61692d73686172652d73756d6d6172697a65811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/5e0b3012-dc29-4a15-811b-190b16a0c86e/ai-share-summarize","title":"AI Share & Summarize < 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"5e0b3012-dc29-4a15-811b-190b16a0c86e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0b3012-dc29-4a15-811b-190b16a0c86e?source=api-prod","cve":"CVE-2026-10531","affectedVersions":"<2.0.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6179732d706f7075702d626f78811c9dc5_gen.json b/internal/data/assets/plugin_6179732d706f7075702d626f78811c9dc5_gen.json index d15b0ce0..389ee9fc 100644 --- a/internal/data/assets/plugin_6179732d706f7075702d626f78811c9dc5_gen.json +++ b/internal/data/assets/plugin_6179732d706f7075702d626f78811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01f60df7-0602-4a00-9905-a91348811dfe/ays-popup-box","title":"Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"01f60df7-0602-4a00-9905-a91348811dfe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01f60df7-0602-4a00-9905-a91348811dfe?source=api-prod","cve":"CVE-2023-27414","affectedVersions":"<=3.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/0b658052-f283-4a47-a440-dbd7acded186/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups < 5.5.0 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b658052-f283-4a47-a440-dbd7acded186"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b658052-f283-4a47-a440-dbd7acded186?source=api-prod","cve":"CVE-2025-15611","affectedVersions":"<5.5.0","severity":"high"},{"advisoryId":"WPSECADV/WF/1289ead7-1af1-417d-aa47-7d07268f956c/ays-popup-box","title":"Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"1289ead7-1af1-417d-aa47-7d07268f956c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1289ead7-1af1-417d-aa47-7d07268f956c?source=api-prod","affectedVersions":"<3.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17/ays-popup-box","title":"Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"22ff0b0c-ffd9-4aae-9e49-069fd1b47f17"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17?source=api-prod","cve":"CVE-2023-5809","affectedVersions":"<3.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/27a36e90-9678-4832-9f37-b54fe75f5571/ays-popup-box","title":"Popup Box Business (7.0.0 - 7.9.0) and Developer (20.0.0 - 20.9.0) - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"27a36e90-9678-4832-9f37-b54fe75f5571"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-prod","cve":"CVE-2023-6591","affectedVersions":">=20.0.0,<20.9.0|>=7.0.0,<7.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/585a9eb4-f394-4cb2-9050-659171a994d9/ays-popup-box","title":"Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"585a9eb4-f394-4cb2-9050-659171a994d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/585a9eb4-f394-4cb2-9050-659171a994d9?source=api-prod","cve":"CVE-2026-1165","affectedVersions":"<=6.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a40bac7-d3b8-486d-938a-30591ff3016c/ays-popup-box","title":"Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a40bac7-d3b8-486d-938a-30591ff3016c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a40bac7-d3b8-486d-938a-30591ff3016c?source=api-prod","cve":"CVE-2023-5874","affectedVersions":"<3.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e0ccf7e-1276-4aa8-872f-440528699ba9/ays-popup-box","title":"Popup box <= 4.5.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e0ccf7e-1276-4aa8-872f-440528699ba9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ccf7e-1276-4aa8-872f-440528699ba9?source=api-prod","cve":"CVE-2024-37096","affectedVersions":"<=4.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/84db3251-5a01-48dc-b00e-d58c717a4b9e/ays-popup-box","title":"Popup box <= 5.5.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"84db3251-5a01-48dc-b00e-d58c717a4b9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84db3251-5a01-48dc-b00e-d58c717a4b9e?source=api-prod","cve":"CVE-2025-57931","affectedVersions":"<=5.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c68cf18-0210-452f-933e-6f1e50323b15/ays-popup-box","title":"Popup box <= 2.3.3 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c68cf18-0210-452f-933e-6f1e50323b15"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c68cf18-0210-452f-933e-6f1e50323b15?source=api-prod","affectedVersions":"<=2.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/b843e8f7-e854-4572-9b1f-b1b27f752f07/ays-popup-box","title":"Popup box <= 6.0.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"b843e8f7-e854-4572-9b1f-b1b27f752f07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b843e8f7-e854-4572-9b1f-b1b27f752f07?source=api-prod","cve":"CVE-2025-69021","affectedVersions":"<=6.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/b947bd68-2dfa-4637-8f10-39c283fdac70/ays-popup-box","title":"Popup Box – Best WordPress Popup Plugin <= 3.7.8 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"b947bd68-2dfa-4637-8f10-39c283fdac70"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b947bd68-2dfa-4637-8f10-39c283fdac70?source=api-prod","cve":"CVE-2023-5343","affectedVersions":"<=3.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3717e03-9a18-48a1-97d3-1d41c7f93261/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3717e03-9a18-48a1-97d3-1d41c7f93261"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3717e03-9a18-48a1-97d3-1d41c7f93261?source=api-prod","cve":"CVE-2024-10861","affectedVersions":"<=4.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c5f9bc43-6a93-495d-b2af-954aafcf3dfe/ays-popup-box","title":"Popup Box <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5f9bc43-6a93-495d-b2af-954aafcf3dfe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f9bc43-6a93-495d-b2af-954aafcf3dfe?source=api-prod","cve":"CVE-2024-9599","affectedVersions":"<=4.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d353bd5b-2155-458a-8959-89358bb00126/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 6.2.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"d353bd5b-2155-458a-8959-89358bb00126"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d353bd5b-2155-458a-8959-89358bb00126?source=api-prod","cve":"CVE-2026-54192","affectedVersions":"<=6.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6dbbb52-4202-4d69-837f-c7d5ca06fab5/ays-popup-box","title":"Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6dbbb52-4202-4d69-837f-c7d5ca06fab5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5?source=api-prod","cve":"CVE-2023-4390","affectedVersions":"<3.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e71e3624-ccda-4c9c-90e9-e557dd19b644/ays-popup-box","title":"Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"e71e3624-ccda-4c9c-90e9-e557dd19b644"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=api-prod","cve":"CVE-2024-3897","affectedVersions":"<=4.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/edacede9-8a31-4d7f-b075-8265e3bbe2d0/ays-popup-box","title":"Popup box < 2.3.4 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"edacede9-8a31-4d7f-b075-8265e3bbe2d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edacede9-8a31-4d7f-b075-8265e3bbe2d0?source=api-prod","cve":"CVE-2021-24458","affectedVersions":"<2.3.4","severity":"high"},{"advisoryId":"WPSECADV/WF/ffae2808-454e-4380-af83-b181cf2e8fbd/ays-popup-box","title":"Popup box <= 4.1.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffae2808-454e-4380-af83-b181cf2e8fbd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffae2808-454e-4380-af83-b181cf2e8fbd?source=api-prod","cve":"CVE-2024-34367","affectedVersions":"<=4.1.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01f60df7-0602-4a00-9905-a91348811dfe/ays-popup-box","title":"Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"01f60df7-0602-4a00-9905-a91348811dfe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01f60df7-0602-4a00-9905-a91348811dfe?source=api-prod","cve":"CVE-2023-27414","affectedVersions":"<=3.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/0b658052-f283-4a47-a440-dbd7acded186/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups < 5.5.0 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b658052-f283-4a47-a440-dbd7acded186"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b658052-f283-4a47-a440-dbd7acded186?source=api-prod","cve":"CVE-2025-15611","affectedVersions":"<5.5.0","severity":"high"},{"advisoryId":"WPSECADV/WF/1289ead7-1af1-417d-aa47-7d07268f956c/ays-popup-box","title":"Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"1289ead7-1af1-417d-aa47-7d07268f956c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1289ead7-1af1-417d-aa47-7d07268f956c?source=api-prod","affectedVersions":"<3.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17/ays-popup-box","title":"Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"22ff0b0c-ffd9-4aae-9e49-069fd1b47f17"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17?source=api-prod","cve":"CVE-2023-5809","affectedVersions":"<3.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/27a36e90-9678-4832-9f37-b54fe75f5571/ays-popup-box","title":"Popup Box Business (7.0.0 - 7.9.0) and Developer (20.0.0 - 20.9.0) - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"27a36e90-9678-4832-9f37-b54fe75f5571"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-prod","cve":"CVE-2023-6591","affectedVersions":">=20.0.0,<20.9.0|>=7.0.0,<7.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/585a9eb4-f394-4cb2-9050-659171a994d9/ays-popup-box","title":"Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"585a9eb4-f394-4cb2-9050-659171a994d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/585a9eb4-f394-4cb2-9050-659171a994d9?source=api-prod","cve":"CVE-2026-1165","affectedVersions":"<=6.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a40bac7-d3b8-486d-938a-30591ff3016c/ays-popup-box","title":"Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a40bac7-d3b8-486d-938a-30591ff3016c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a40bac7-d3b8-486d-938a-30591ff3016c?source=api-prod","cve":"CVE-2023-5874","affectedVersions":"<3.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e0ccf7e-1276-4aa8-872f-440528699ba9/ays-popup-box","title":"Popup box <= 4.5.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e0ccf7e-1276-4aa8-872f-440528699ba9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ccf7e-1276-4aa8-872f-440528699ba9?source=api-prod","cve":"CVE-2024-37096","affectedVersions":"<=4.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/84db3251-5a01-48dc-b00e-d58c717a4b9e/ays-popup-box","title":"Popup box <= 5.5.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"84db3251-5a01-48dc-b00e-d58c717a4b9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84db3251-5a01-48dc-b00e-d58c717a4b9e?source=api-prod","cve":"CVE-2025-57931","affectedVersions":"<=5.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c68cf18-0210-452f-933e-6f1e50323b15/ays-popup-box","title":"Popup box <= 2.3.3 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c68cf18-0210-452f-933e-6f1e50323b15"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c68cf18-0210-452f-933e-6f1e50323b15?source=api-prod","affectedVersions":"<=2.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/b843e8f7-e854-4572-9b1f-b1b27f752f07/ays-popup-box","title":"Popup box <= 6.0.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"b843e8f7-e854-4572-9b1f-b1b27f752f07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b843e8f7-e854-4572-9b1f-b1b27f752f07?source=api-prod","cve":"CVE-2025-69021","affectedVersions":"<=6.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/b947bd68-2dfa-4637-8f10-39c283fdac70/ays-popup-box","title":"Popup Box – Best WordPress Popup Plugin <= 3.7.8 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"b947bd68-2dfa-4637-8f10-39c283fdac70"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b947bd68-2dfa-4637-8f10-39c283fdac70?source=api-prod","cve":"CVE-2023-5343","affectedVersions":"<=3.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3717e03-9a18-48a1-97d3-1d41c7f93261/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3717e03-9a18-48a1-97d3-1d41c7f93261"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3717e03-9a18-48a1-97d3-1d41c7f93261?source=api-prod","cve":"CVE-2024-10861","affectedVersions":"<=4.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c5f9bc43-6a93-495d-b2af-954aafcf3dfe/ays-popup-box","title":"Popup Box <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5f9bc43-6a93-495d-b2af-954aafcf3dfe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f9bc43-6a93-495d-b2af-954aafcf3dfe?source=api-prod","cve":"CVE-2024-9599","affectedVersions":"<=4.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d353bd5b-2155-458a-8959-89358bb00126/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 6.2.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"d353bd5b-2155-458a-8959-89358bb00126"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d353bd5b-2155-458a-8959-89358bb00126?source=api-prod","cve":"CVE-2026-54192","affectedVersions":"<=6.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6dbbb52-4202-4d69-837f-c7d5ca06fab5/ays-popup-box","title":"Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6dbbb52-4202-4d69-837f-c7d5ca06fab5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5?source=api-prod","cve":"CVE-2023-4390","affectedVersions":"<3.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e71e3624-ccda-4c9c-90e9-e557dd19b644/ays-popup-box","title":"Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"e71e3624-ccda-4c9c-90e9-e557dd19b644"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=api-prod","cve":"CVE-2024-3897","affectedVersions":"<=4.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/edacede9-8a31-4d7f-b075-8265e3bbe2d0/ays-popup-box","title":"Popup box < 2.3.4 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"edacede9-8a31-4d7f-b075-8265e3bbe2d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edacede9-8a31-4d7f-b075-8265e3bbe2d0?source=api-prod","cve":"CVE-2021-24458","affectedVersions":"<2.3.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fbe12337-52ca-41ca-a7bf-5dfca52a8018/ays-popup-box","title":"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 6.0.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"fbe12337-52ca-41ca-a7bf-5dfca52a8018"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fbe12337-52ca-41ca-a7bf-5dfca52a8018?source=api-prod","cve":"CVE-2026-57631","affectedVersions":"<=6.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffae2808-454e-4380-af83-b181cf2e8fbd/ays-popup-box","title":"Popup box <= 4.1.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffae2808-454e-4380-af83-b181cf2e8fbd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffae2808-454e-4380-af83-b181cf2e8fbd?source=api-prod","cve":"CVE-2024-34367","affectedVersions":"<=4.1.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626c6f636b2d666f722d6d61696c6368696d70811c9dc5_gen.json b/internal/data/assets/plugin_626c6f636b2d666f722d6d61696c6368696d70811c9dc5_gen.json index 96a85353..267395aa 100644 --- a/internal/data/assets/plugin_626c6f636b2d666f722d6d61696c6368696d70811c9dc5_gen.json +++ b/internal/data/assets/plugin_626c6f636b2d666f722d6d61696c6368696d70811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/51de575f-d458-4a7d-bc57-4a11e5124377/block-for-mailchimp","title":"Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"51de575f-d458-4a7d-bc57-4a11e5124377"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51de575f-d458-4a7d-bc57-4a11e5124377?source=api-prod","cve":"CVE-2025-10735","affectedVersions":"<=1.1.12","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/166dfe2c-6efd-48ad-bbcd-e3dc0e9ede05/block-for-mailchimp","title":"Block for Mailchimp – Add Email Subscription Forms and Collect Leads <= 1.1.15 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"166dfe2c-6efd-48ad-bbcd-e3dc0e9ede05"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/166dfe2c-6efd-48ad-bbcd-e3dc0e9ede05?source=api-prod","cve":"CVE-2026-56063","affectedVersions":"<=1.1.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/51de575f-d458-4a7d-bc57-4a11e5124377/block-for-mailchimp","title":"Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"51de575f-d458-4a7d-bc57-4a11e5124377"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51de575f-d458-4a7d-bc57-4a11e5124377?source=api-prod","cve":"CVE-2025-10735","affectedVersions":"<=1.1.12","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json b/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json index d75d4cc2..d9ec5196 100644 --- a/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json +++ b/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/02b61eb1-a93f-4437-87de-d698af8ef9f6/blog2social","title":"Blog2Social <= 6.9.3 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"02b61eb1-a93f-4437-87de-d698af8ef9f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02b61eb1-a93f-4437-87de-d698af8ef9f6?source=api-prod","affectedVersions":"<=6.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/25baf78e-e9bc-421b-8a66-9571ac3625c3/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"25baf78e-e9bc-421b-8a66-9571ac3625c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod","cve":"CVE-2022-3247","affectedVersions":"<=6.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2812b31d-11c0-4efe-95e2-ea713293dad1/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2812b31d-11c0-4efe-95e2-ea713293dad1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-prod","cve":"CVE-2021-24137","affectedVersions":"<=6.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2dea1bcb-14c2-4ec9-8a4d-087bac2db486/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2dea1bcb-14c2-4ec9-8a4d-087bac2db486"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-prod","cve":"CVE-2024-3678","affectedVersions":"<=7.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 17:30:36","sources":[{"name":"Wordfence","remoteId":"2ea06520-d7a9-49bb-812e-2fa2e50d0ec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=api-prod","cve":"CVE-2025-12560","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3710f139-0f17-426c-b48c-4c42ae4bab5f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 16:35:38","sources":[{"name":"Wordfence","remoteId":"3710f139-0f17-426c-b48c-4c42ae4bab5f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3710f139-0f17-426c-b48c-4c42ae4bab5f?source=api-prod","cve":"CVE-2025-12563","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3b472eb8-9808-4a50-b2b4-0b0b3256053f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 18:21:36","sources":[{"name":"Wordfence","remoteId":"3b472eb8-9808-4a50-b2b4-0b0b3256053f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=api-prod","cve":"CVE-2024-3549","affectedVersions":"<=7.4.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/61b590f5-7854-42f7-b5e2-e6feaaf03a73/blog2social","title":"Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 15:38:42","sources":[{"name":"Wordfence","remoteId":"61b590f5-7854-42f7-b5e2-e6feaaf03a73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61b590f5-7854-42f7-b5e2-e6feaaf03a73?source=api-prod","cve":"CVE-2025-13558","affectedVersions":"<=8.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/65b48fc0-27fd-4a37-afb8-2213ca0d4746/blog2social","title":"Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-16 13:39:52","sources":[{"name":"Wordfence","remoteId":"65b48fc0-27fd-4a37-afb8-2213ca0d4746"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=api-prod","cve":"CVE-2025-5673","affectedVersions":"<=8.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8655a6-f410-480d-8c45-2527b53fa129/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b8655a6-f410-480d-8c45-2527b53fa129"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8655a6-f410-480d-8c45-2527b53fa129?source=api-prod","affectedVersions":"<5.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/6de73c31-a58d-41d9-aaed-2d7853ad1f25/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6de73c31-a58d-41d9-aaed-2d7853ad1f25"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-prod","cve":"CVE-2022-3246","affectedVersions":"<=6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/7374db91-4e7d-4db2-9c58-bb9bdda5c85d/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7374db91-4e7d-4db2-9c58-bb9bdda5c85d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7374db91-4e7d-4db2-9c58-bb9bdda5c85d?source=api-prod","cve":"CVE-2025-14943","affectedVersions":"<=8.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7817f343-1ed6-4b76-afbe-1054de892422/blog2social","title":"Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"7817f343-1ed6-4b76-afbe-1054de892422"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7817f343-1ed6-4b76-afbe-1054de892422?source=api-prod","cve":"CVE-2021-24956","affectedVersions":"<=6.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b5e5b0a-dd6a-401f-86db-940b3386ed21/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b5e5b0a-dd6a-401f-86db-940b3386ed21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-prod","cve":"CVE-2019-13572","affectedVersions":"<5.6.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/7dc46bc4-ecfb-438f-b951-7b957489cd96/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 14:26:40","sources":[{"name":"Wordfence","remoteId":"7dc46bc4-ecfb-438f-b951-7b957489cd96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=api-prod","cve":"CVE-2026-4331","affectedVersions":"<=8.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81108abb-69e5-4571-8209-484b4b0f5617/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"81108abb-69e5-4571-8209-484b4b0f5617"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81108abb-69e5-4571-8209-484b4b0f5617?source=api-prod","cve":"CVE-2019-17550","affectedVersions":"<5.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/930e7fd6-ae0b-465a-aa93-04ef80011d32/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 21:30:45","sources":[{"name":"Wordfence","remoteId":"930e7fd6-ae0b-465a-aa93-04ef80011d32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=api-prod","cve":"CVE-2026-1942","affectedVersions":"<=8.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/94afe3e2-a1f1-470b-afaf-c7926beaec9a/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-31 18:01:17","sources":[{"name":"Wordfence","remoteId":"94afe3e2-a1f1-470b-afaf-c7926beaec9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=api-prod","cve":"CVE-2024-7302","affectedVersions":"<=7.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a00147db-2ca5-4290-ae13-27be6119b751/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a00147db-2ca5-4290-ae13-27be6119b751"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a00147db-2ca5-4290-ae13-27be6119b751?source=api-prod","cve":"CVE-2023-3936","affectedVersions":"<7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d3dccecb-893c-4746-9047-5c32ca227508/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"d3dccecb-893c-4746-9047-5c32ca227508"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dccecb-893c-4746-9047-5c32ca227508?source=api-prod","cve":"CVE-2019-9576","affectedVersions":"<5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d61d2dc5-7461-460c-8dbc-e32a512d5828/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d61d2dc5-7461-460c-8dbc-e32a512d5828"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d61d2dc5-7461-460c-8dbc-e32a512d5828?source=api-prod","cve":"CVE-2025-4133","affectedVersions":"<=8.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f0859e21-851a-4a6d-aa6c-9f759c5866d9/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:27:25","sources":[{"name":"Wordfence","remoteId":"f0859e21-851a-4a6d-aa6c-9f759c5866d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0859e21-851a-4a6d-aa6c-9f759c5866d9?source=api-prod","cve":"CVE-2026-7051","affectedVersions":"<=8.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3eec9c6-fef9-4d6e-8328-51efb997c99c/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 19:13:42","sources":[{"name":"Wordfence","remoteId":"f3eec9c6-fef9-4d6e-8328-51efb997c99c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eec9c6-fef9-4d6e-8328-51efb997c99c?source=api-prod","cve":"CVE-2026-4330","affectedVersions":"<=8.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5b8d39c-d307-42c9-a972-29b5521a82a4/blog2social","title":"Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5b8d39c-d307-42c9-a972-29b5521a82a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-prod","cve":"CVE-2022-3622","affectedVersions":"<=6.9.11","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/02b61eb1-a93f-4437-87de-d698af8ef9f6/blog2social","title":"Blog2Social <= 6.9.3 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"02b61eb1-a93f-4437-87de-d698af8ef9f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02b61eb1-a93f-4437-87de-d698af8ef9f6?source=api-prod","affectedVersions":"<=6.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/25baf78e-e9bc-421b-8a66-9571ac3625c3/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"25baf78e-e9bc-421b-8a66-9571ac3625c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod","cve":"CVE-2022-3247","affectedVersions":"<=6.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2812b31d-11c0-4efe-95e2-ea713293dad1/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2812b31d-11c0-4efe-95e2-ea713293dad1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-prod","cve":"CVE-2021-24137","affectedVersions":"<=6.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2dea1bcb-14c2-4ec9-8a4d-087bac2db486/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2dea1bcb-14c2-4ec9-8a4d-087bac2db486"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-prod","cve":"CVE-2024-3678","affectedVersions":"<=7.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 17:30:36","sources":[{"name":"Wordfence","remoteId":"2ea06520-d7a9-49bb-812e-2fa2e50d0ec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=api-prod","cve":"CVE-2025-12560","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3710f139-0f17-426c-b48c-4c42ae4bab5f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 16:35:38","sources":[{"name":"Wordfence","remoteId":"3710f139-0f17-426c-b48c-4c42ae4bab5f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3710f139-0f17-426c-b48c-4c42ae4bab5f?source=api-prod","cve":"CVE-2025-12563","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3b472eb8-9808-4a50-b2b4-0b0b3256053f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 18:21:36","sources":[{"name":"Wordfence","remoteId":"3b472eb8-9808-4a50-b2b4-0b0b3256053f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=api-prod","cve":"CVE-2024-3549","affectedVersions":"<=7.4.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/61b590f5-7854-42f7-b5e2-e6feaaf03a73/blog2social","title":"Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 15:38:42","sources":[{"name":"Wordfence","remoteId":"61b590f5-7854-42f7-b5e2-e6feaaf03a73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61b590f5-7854-42f7-b5e2-e6feaaf03a73?source=api-prod","cve":"CVE-2025-13558","affectedVersions":"<=8.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/65b48fc0-27fd-4a37-afb8-2213ca0d4746/blog2social","title":"Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-16 13:39:52","sources":[{"name":"Wordfence","remoteId":"65b48fc0-27fd-4a37-afb8-2213ca0d4746"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=api-prod","cve":"CVE-2025-5673","affectedVersions":"<=8.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8655a6-f410-480d-8c45-2527b53fa129/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b8655a6-f410-480d-8c45-2527b53fa129"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8655a6-f410-480d-8c45-2527b53fa129?source=api-prod","affectedVersions":"<5.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/6de73c31-a58d-41d9-aaed-2d7853ad1f25/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6de73c31-a58d-41d9-aaed-2d7853ad1f25"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-prod","cve":"CVE-2022-3246","affectedVersions":"<=6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/7374db91-4e7d-4db2-9c58-bb9bdda5c85d/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7374db91-4e7d-4db2-9c58-bb9bdda5c85d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7374db91-4e7d-4db2-9c58-bb9bdda5c85d?source=api-prod","cve":"CVE-2025-14943","affectedVersions":"<=8.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7817f343-1ed6-4b76-afbe-1054de892422/blog2social","title":"Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"7817f343-1ed6-4b76-afbe-1054de892422"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7817f343-1ed6-4b76-afbe-1054de892422?source=api-prod","cve":"CVE-2021-24956","affectedVersions":"<=6.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b5e5b0a-dd6a-401f-86db-940b3386ed21/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b5e5b0a-dd6a-401f-86db-940b3386ed21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-prod","cve":"CVE-2019-13572","affectedVersions":"<5.6.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/7ce4050e-3563-4aac-b1c1-16cba20e1e86/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.9.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7ce4050e-3563-4aac-b1c1-16cba20e1e86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce4050e-3563-4aac-b1c1-16cba20e1e86?source=api-prod","cve":"CVE-2026-56044","affectedVersions":"<=8.9.2","severity":"high"},{"advisoryId":"WPSECADV/WF/7dc46bc4-ecfb-438f-b951-7b957489cd96/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 14:26:40","sources":[{"name":"Wordfence","remoteId":"7dc46bc4-ecfb-438f-b951-7b957489cd96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=api-prod","cve":"CVE-2026-4331","affectedVersions":"<=8.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81108abb-69e5-4571-8209-484b4b0f5617/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"81108abb-69e5-4571-8209-484b4b0f5617"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81108abb-69e5-4571-8209-484b4b0f5617?source=api-prod","cve":"CVE-2019-17550","affectedVersions":"<5.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/930e7fd6-ae0b-465a-aa93-04ef80011d32/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 21:30:45","sources":[{"name":"Wordfence","remoteId":"930e7fd6-ae0b-465a-aa93-04ef80011d32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=api-prod","cve":"CVE-2026-1942","affectedVersions":"<=8.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/94afe3e2-a1f1-470b-afaf-c7926beaec9a/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-31 18:01:17","sources":[{"name":"Wordfence","remoteId":"94afe3e2-a1f1-470b-afaf-c7926beaec9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=api-prod","cve":"CVE-2024-7302","affectedVersions":"<=7.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a00147db-2ca5-4290-ae13-27be6119b751/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a00147db-2ca5-4290-ae13-27be6119b751"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a00147db-2ca5-4290-ae13-27be6119b751?source=api-prod","cve":"CVE-2023-3936","affectedVersions":"<7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d3dccecb-893c-4746-9047-5c32ca227508/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"d3dccecb-893c-4746-9047-5c32ca227508"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dccecb-893c-4746-9047-5c32ca227508?source=api-prod","cve":"CVE-2019-9576","affectedVersions":"<5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d61d2dc5-7461-460c-8dbc-e32a512d5828/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d61d2dc5-7461-460c-8dbc-e32a512d5828"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d61d2dc5-7461-460c-8dbc-e32a512d5828?source=api-prod","cve":"CVE-2025-4133","affectedVersions":"<=8.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f0859e21-851a-4a6d-aa6c-9f759c5866d9/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:27:25","sources":[{"name":"Wordfence","remoteId":"f0859e21-851a-4a6d-aa6c-9f759c5866d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0859e21-851a-4a6d-aa6c-9f759c5866d9?source=api-prod","cve":"CVE-2026-7051","affectedVersions":"<=8.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3eec9c6-fef9-4d6e-8328-51efb997c99c/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 19:13:42","sources":[{"name":"Wordfence","remoteId":"f3eec9c6-fef9-4d6e-8328-51efb997c99c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eec9c6-fef9-4d6e-8328-51efb997c99c?source=api-prod","cve":"CVE-2026-4330","affectedVersions":"<=8.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5b8d39c-d307-42c9-a972-29b5521a82a4/blog2social","title":"Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5b8d39c-d307-42c9-a972-29b5521a82a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-prod","cve":"CVE-2022-3622","affectedVersions":"<=6.9.11","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626e652d74657374696d6f6e69616c73811c9dc5_gen.json b/internal/data/assets/plugin_626e652d74657374696d6f6e69616c73811c9dc5_gen.json index effcd0e8..d8e5d09f 100644 --- a/internal/data/assets/plugin_626e652d74657374696d6f6e69616c73811c9dc5_gen.json +++ b/internal/data/assets/plugin_626e652d74657374696d6f6e69616c73811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/c6c93ec9-668d-4b8d-abc4-edd04cbf9839/bne-testimonials","title":"BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6c93ec9-668d-4b8d-abc4-edd04cbf9839"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c93ec9-668d-4b8d-abc4-edd04cbf9839?source=api-prod","cve":"CVE-2023-24411","affectedVersions":"<2.0.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/82c788eb-373b-47be-abe6-f4cef3291b10/bne-testimonials","title":"BNE Testimonials <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"82c788eb-373b-47be-abe6-f4cef3291b10"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/82c788eb-373b-47be-abe6-f4cef3291b10?source=api-prod","cve":"CVE-2025-68075","affectedVersions":"<=2.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/c6c93ec9-668d-4b8d-abc4-edd04cbf9839/bne-testimonials","title":"BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6c93ec9-668d-4b8d-abc4-edd04cbf9839"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c93ec9-668d-4b8d-abc4-edd04cbf9839?source=api-prod","cve":"CVE-2023-24411","affectedVersions":"<2.0.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626f6f6b696e672d616e642d72656e74616c2d6d616e616765722d666f722d776f6f636f6d6d65726365811c9dc5_gen.json b/internal/data/assets/plugin_626f6f6b696e672d616e642d72656e74616c2d6d616e616765722d666f722d776f6f636f6d6d65726365811c9dc5_gen.json index 9edab28f..cf1ad2ec 100644 --- a/internal/data/assets/plugin_626f6f6b696e672d616e642d72656e74616c2d6d616e616765722d666f722d776f6f636f6d6d65726365811c9dc5_gen.json +++ b/internal/data/assets/plugin_626f6f6b696e672d616e642d72656e74616c2d6d616e616765722d666f722d776f6f636f6d6d65726365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0312cea9-8205-4d09-874d-aef319d15c65/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.3.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0312cea9-8205-4d09-874d-aef319d15c65"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0312cea9-8205-4d09-874d-aef319d15c65?source=api-prod","cve":"CVE-2025-47585","affectedVersions":"<=2.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/08fe2e28-5b19-4ce6-914a-304fe82a8ee0/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"08fe2e28-5b19-4ce6-914a-304fe82a8ee0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/08fe2e28-5b19-4ce6-914a-304fe82a8ee0?source=api-prod","cve":"CVE-2025-27011","affectedVersions":"<=2.2.8","severity":"high"},{"advisoryId":"WPSECADV/WF/0b738d0a-39e2-46e3-9b62-920599543220/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.9 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b738d0a-39e2-46e3-9b62-920599543220"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b738d0a-39e2-46e3-9b62-920599543220?source=api-prod","cve":"CVE-2025-69328","affectedVersions":"<=2.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/32207aa7-9298-4c92-98d4-5529b259b381/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.2.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"32207aa7-9298-4c92-98d4-5529b259b381"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32207aa7-9298-4c92-98d4-5529b259b381?source=api-prod","cve":"CVE-2025-39457","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/501be94e-c01a-43bd-b079-c11e60969def/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"501be94e-c01a-43bd-b079-c11e60969def"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/501be94e-c01a-43bd-b079-c11e60969def?source=api-prod","cve":"CVE-2026-23972","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5de24a9e-0af3-44d7-af0b-06689a3e3bc5/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"5de24a9e-0af3-44d7-af0b-06689a3e3bc5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5de24a9e-0af3-44d7-af0b-06689a3e3bc5?source=api-prod","cve":"CVE-2025-49904","affectedVersions":"<=2.5.3","severity":"high"},{"advisoryId":"WPSECADV/WF/6e7c629f-e9c6-4254-ba37-46de5206d77d/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"6e7c629f-e9c6-4254-ba37-46de5206d77d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7c629f-e9c6-4254-ba37-46de5206d77d?source=api-prod","cve":"CVE-2023-35048","affectedVersions":"<=1.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/747a3efc-c0fb-4b3c-bc17-7b6306b17d4f/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.3.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"747a3efc-c0fb-4b3c-bc17-7b6306b17d4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/747a3efc-c0fb-4b3c-bc17-7b6306b17d4f?source=api-prod","cve":"CVE-2025-39390","affectedVersions":"<=2.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9df7f70f-0374-46b7-a3aa-a84a6aea2f86/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress <= 2.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"9df7f70f-0374-46b7-a3aa-a84a6aea2f86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9df7f70f-0374-46b7-a3aa-a84a6aea2f86?source=api-prod","cve":"CVE-2025-22720","affectedVersions":"<=2.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b0cde64f-2533-46e0-9268-b9d100fb0a82/booking-and-rental-manager-for-woocommerce","title":"Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-10 19:06:05","sources":[{"name":"Wordfence","remoteId":"b0cde64f-2533-46e0-9268-b9d100fb0a82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b0cde64f-2533-46e0-9268-b9d100fb0a82?source=api-prod","cve":"CVE-2024-12412","affectedVersions":"<=2.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.4 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2?source=api-prod","cve":"CVE-2025-64266","affectedVersions":"<=2.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fab0a42e-fa99-4451-91fd-c924a33d33c8/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.2.6 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"fab0a42e-fa99-4451-91fd-c924a33d33c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fab0a42e-fa99-4451-91fd-c924a33d33c8?source=api-prod","cve":"CVE-2025-26921","affectedVersions":"<=2.2.6","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0312cea9-8205-4d09-874d-aef319d15c65/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.3.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0312cea9-8205-4d09-874d-aef319d15c65"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0312cea9-8205-4d09-874d-aef319d15c65?source=api-prod","cve":"CVE-2025-47585","affectedVersions":"<=2.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/08fe2e28-5b19-4ce6-914a-304fe82a8ee0/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"08fe2e28-5b19-4ce6-914a-304fe82a8ee0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/08fe2e28-5b19-4ce6-914a-304fe82a8ee0?source=api-prod","cve":"CVE-2025-27011","affectedVersions":"<=2.2.8","severity":"high"},{"advisoryId":"WPSECADV/WF/0b738d0a-39e2-46e3-9b62-920599543220/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.9 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b738d0a-39e2-46e3-9b62-920599543220"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b738d0a-39e2-46e3-9b62-920599543220?source=api-prod","cve":"CVE-2025-69328","affectedVersions":"<=2.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/32207aa7-9298-4c92-98d4-5529b259b381/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.2.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"32207aa7-9298-4c92-98d4-5529b259b381"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32207aa7-9298-4c92-98d4-5529b259b381?source=api-prod","cve":"CVE-2025-39457","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/501be94e-c01a-43bd-b079-c11e60969def/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"501be94e-c01a-43bd-b079-c11e60969def"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/501be94e-c01a-43bd-b079-c11e60969def?source=api-prod","cve":"CVE-2026-23972","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5de24a9e-0af3-44d7-af0b-06689a3e3bc5/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"5de24a9e-0af3-44d7-af0b-06689a3e3bc5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5de24a9e-0af3-44d7-af0b-06689a3e3bc5?source=api-prod","cve":"CVE-2025-49904","affectedVersions":"<=2.5.3","severity":"high"},{"advisoryId":"WPSECADV/WF/6e7c629f-e9c6-4254-ba37-46de5206d77d/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"6e7c629f-e9c6-4254-ba37-46de5206d77d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7c629f-e9c6-4254-ba37-46de5206d77d?source=api-prod","cve":"CVE-2023-35048","affectedVersions":"<=1.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/747a3efc-c0fb-4b3c-bc17-7b6306b17d4f/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.3.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"747a3efc-c0fb-4b3c-bc17-7b6306b17d4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/747a3efc-c0fb-4b3c-bc17-7b6306b17d4f?source=api-prod","cve":"CVE-2025-39390","affectedVersions":"<=2.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9df7f70f-0374-46b7-a3aa-a84a6aea2f86/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress <= 2.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"9df7f70f-0374-46b7-a3aa-a84a6aea2f86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9df7f70f-0374-46b7-a3aa-a84a6aea2f86?source=api-prod","cve":"CVE-2025-22720","affectedVersions":"<=2.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b0cde64f-2533-46e0-9268-b9d100fb0a82/booking-and-rental-manager-for-woocommerce","title":"Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-10 19:06:05","sources":[{"name":"Wordfence","remoteId":"b0cde64f-2533-46e0-9268-b9d100fb0a82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b0cde64f-2533-46e0-9268-b9d100fb0a82?source=api-prod","cve":"CVE-2024-12412","affectedVersions":"<=2.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b5b6b0fe-ccaf-4ec3-97d2-4aa972ad6833/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.7.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b5b6b0fe-ccaf-4ec3-97d2-4aa972ad6833"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5b6b0fe-ccaf-4ec3-97d2-4aa972ad6833?source=api-prod","cve":"CVE-2026-57660","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager <= 2.5.4 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcae7fe-1cc1-4168-8b4b-fcee5bf91be2?source=api-prod","cve":"CVE-2025-64266","affectedVersions":"<=2.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fab0a42e-fa99-4451-91fd-c924a33d33c8/booking-and-rental-manager-for-woocommerce","title":"Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.2.6 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"fab0a42e-fa99-4451-91fd-c924a33d33c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fab0a42e-fa99-4451-91fd-c924a33d33c8?source=api-prod","cve":"CVE-2025-26921","affectedVersions":"<=2.2.6","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6368696c642d7468656d652d77697a617264811c9dc5_gen.json b/internal/data/assets/plugin_6368696c642d7468656d652d77697a617264811c9dc5_gen.json new file mode 100644 index 00000000..7a65bc14 --- /dev/null +++ b/internal/data/assets/plugin_6368696c642d7468656d652d77697a617264811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/75b92908-83cc-4189-995f-5dcea44fe8f7/child-theme-wizard","title":"Child Theme Wizard <= 1.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"75b92908-83cc-4189-995f-5dcea44fe8f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75b92908-83cc-4189-995f-5dcea44fe8f7?source=api-prod","cve":"CVE-2026-57655","affectedVersions":"<=1.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f6e746573742d67616c6c657279811c9dc5_gen.json b/internal/data/assets/plugin_636f6e746573742d67616c6c657279811c9dc5_gen.json index 02fc89a4..79efe324 100644 --- a/internal/data/assets/plugin_636f6e746573742d67616c6c657279811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f6e746573742d67616c6c657279811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/07f16cf7-94ad-4203-9d71-8e6e349d8c89/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"07f16cf7-94ad-4203-9d71-8e6e349d8c89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07f16cf7-94ad-4203-9d71-8e6e349d8c89?source=api-prod","cve":"CVE-2026-25035","affectedVersions":"<=28.1.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/0df7f413-2631-46d9-8c0b-d66f05a02c01/contest-gallery","title":"Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0df7f413-2631-46d9-8c0b-d66f05a02c01"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=api-prod","cve":"CVE-2024-11103","affectedVersions":"<=24.0.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/0f835e7c-f921-449d-9ffc-dd0fd141119d/contest-gallery","title":"Contest Gallery <= 26.0.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0f835e7c-f921-449d-9ffc-dd0fd141119d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f835e7c-f921-449d-9ffc-dd0fd141119d?source=api-prod","cve":"CVE-2025-48291","affectedVersions":"<=26.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/10e05707-02cb-42de-8399-4556d76b01b3/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"10e05707-02cb-42de-8399-4556d76b01b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10e05707-02cb-42de-8399-4556d76b01b3?source=api-prod","cve":"CVE-2022-4158","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/16bbabe5-e8cf-43fa-ae7d-326045464192/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"16bbabe5-e8cf-43fa-ae7d-326045464192"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16bbabe5-e8cf-43fa-ae7d-326045464192?source=api-prod","cve":"CVE-2026-24964","affectedVersions":"<=28.1.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/18003103-3a14-4cbc-8bed-87a8ab050308/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-31 16:20:34","sources":[{"name":"Wordfence","remoteId":"18003103-3a14-4cbc-8bed-87a8ab050308"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18003103-3a14-4cbc-8bed-87a8ab050308?source=api-prod","cve":"CVE-2025-7725","affectedVersions":"<=26.1.0","severity":"high"},{"advisoryId":"WPSECADV/WF/1a0fa7f6-cc1a-45fe-881d-694c81b841c7/contest-gallery","title":"Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"1a0fa7f6-cc1a-45fe-881d-694c81b841c7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0fa7f6-cc1a-45fe-881d-694c81b841c7?source=api-prod","cve":"CVE-2022-4156","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/1b5cf360-0163-4a7c-8979-ec89ec80ad62/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 16:40:04","sources":[{"name":"Wordfence","remoteId":"1b5cf360-0163-4a7c-8979-ec89ec80ad62"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b5cf360-0163-4a7c-8979-ec89ec80ad62?source=api-prod","cve":"CVE-2025-1513","affectedVersions":"<=26.0.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/1dba61bb-2d26-483e-835f-c3841f07efe6/contest-gallery","title":"Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"1dba61bb-2d26-483e-835f-c3841f07efe6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1dba61bb-2d26-483e-835f-c3841f07efe6?source=api-prod","cve":"CVE-2024-39631","affectedVersions":"<=23.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1f9d8bbe-205f-44b6-a0c6-89b9135e6363/contest-gallery","title":"Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1f9d8bbe-205f-44b6-a0c6-89b9135e6363"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1f9d8bbe-205f-44b6-a0c6-89b9135e6363?source=api-prod","affectedVersions":"<=17.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/1fb84512-82c3-4def-a11b-ba0b7d64c41f/contest-gallery","title":"Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"1fb84512-82c3-4def-a11b-ba0b7d64c41f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb84512-82c3-4def-a11b-ba0b7d64c41f?source=api-prod","cve":"CVE-2025-22693","affectedVersions":"<=25.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/213fde1b-13dc-442a-8f48-4b1074155a6f/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"213fde1b-13dc-442a-8f48-4b1074155a6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/213fde1b-13dc-442a-8f48-4b1074155a6f?source=api-prod","cve":"CVE-2022-4157","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/250788a8-55d1-416b-bf1c-2170e8483ccc/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"250788a8-55d1-416b-bf1c-2170e8483ccc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/250788a8-55d1-416b-bf1c-2170e8483ccc?source=api-prod","cve":"CVE-2022-4155","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec/contest-gallery","title":"Contest Gallery <= 24.0.3 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec?source=api-prod","cve":"CVE-2024-56237","affectedVersions":"<=24.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d3150b3-fba1-4e89-8f4e-b6c605227395/contest-gallery","title":"Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d3150b3-fba1-4e89-8f4e-b6c605227395"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3150b3-fba1-4e89-8f4e-b6c605227395?source=api-prod","cve":"CVE-2024-30238","affectedVersions":"<=21.3.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/31196bdf-2ddd-49ea-840d-8fd78611629e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"31196bdf-2ddd-49ea-840d-8fd78611629e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31196bdf-2ddd-49ea-840d-8fd78611629e?source=api-prod","cve":"CVE-2022-4151","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3184c304-52d3-4baa-b3c2-90957e1d8e79/contest-gallery","title":"Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"3184c304-52d3-4baa-b3c2-90957e1d8e79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3184c304-52d3-4baa-b3c2-90957e1d8e79?source=api-prod","cve":"CVE-2021-24915","affectedVersions":"<=13.1.0.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/3b1b1a55-7872-456f-a754-023aad354359/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3b1b1a55-7872-456f-a754-023aad354359"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b1a55-7872-456f-a754-023aad354359?source=api-prod","cve":"CVE-2022-4164","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81/contest-gallery","title":"Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81?source=api-prod","cve":"CVE-2023-5307","affectedVersions":"<21.2.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3e9672b1-6d00-45bc-91ef-0c5583b5306e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3e9672b1-6d00-45bc-91ef-0c5583b5306e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e9672b1-6d00-45bc-91ef-0c5583b5306e?source=api-prod","cve":"CVE-2022-4160","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/407d8ebe-f3fc-433a-856f-de2ad4e58b9e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"407d8ebe-f3fc-433a-856f-de2ad4e58b9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/407d8ebe-f3fc-433a-856f-de2ad4e58b9e?source=api-prod","cve":"CVE-2022-4161","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5d080f5b-6646-47ef-8ae7-8b94270f9f59/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d080f5b-6646-47ef-8ae7-8b94270f9f59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d080f5b-6646-47ef-8ae7-8b94270f9f59?source=api-prod","cve":"CVE-2022-4163","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/691eb4c1-18ba-433b-8725-70f2ecf89b0a/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"691eb4c1-18ba-433b-8725-70f2ecf89b0a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/691eb4c1-18ba-433b-8725-70f2ecf89b0a?source=api-prod","cve":"CVE-2022-4152","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/69b909da-b1b0-4dab-916c-908511f6556f/contest-gallery","title":"Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 20:57:12","sources":[{"name":"Wordfence","remoteId":"69b909da-b1b0-4dab-916c-908511f6556f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69b909da-b1b0-4dab-916c-908511f6556f?source=api-prod","cve":"CVE-2026-12165","affectedVersions":"<=30.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6f854ffc-244b-45c3-94ce-198e85c11869/contest-gallery","title":"Contest Gallery <= 28.0.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f854ffc-244b-45c3-94ce-198e85c11869"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f854ffc-244b-45c3-94ce-198e85c11869?source=api-prod","cve":"CVE-2025-62950","affectedVersions":"<=28.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6f946251-c7be-4ef6-885f-8b378c0c234c/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f946251-c7be-4ef6-885f-8b378c0c234c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f946251-c7be-4ef6-885f-8b378c0c234c?source=api-prod","cve":"CVE-2022-4165","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3/contest-gallery","title":"Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3?source=api-prod","cve":"CVE-2026-8912","affectedVersions":"<=28.1.6","severity":"high"},{"advisoryId":"WPSECADV/WF/75c6697c-bc1d-456f-baee-ee9c57e40d21/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"75c6697c-bc1d-456f-baee-ee9c57e40d21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75c6697c-bc1d-456f-baee-ee9c57e40d21?source=api-prod","cve":"CVE-2022-4162","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/768d0d53-8724-4598-ae73-305225b52633/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"768d0d53-8724-4598-ae73-305225b52633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/768d0d53-8724-4598-ae73-305225b52633?source=api-prod","cve":"CVE-2026-40771","affectedVersions":"<=28.1.6","severity":"high"},{"advisoryId":"WPSECADV/WF/7759b209-4211-4ee5-ae7a-42645f5d5e96/contest-gallery","title":"Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"7759b209-4211-4ee5-ae7a-42645f5d5e96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7759b209-4211-4ee5-ae7a-42645f5d5e96?source=api-prod","affectedVersions":"<13.1.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/78f745f9-c44e-4458-9381-f639c842a31e/contest-gallery","title":"Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-20 12:39:00","sources":[{"name":"Wordfence","remoteId":"78f745f9-c44e-4458-9381-f639c842a31e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/78f745f9-c44e-4458-9381-f639c842a31e?source=api-prod","cve":"CVE-2022-27853","affectedVersions":"<=13.1.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/79fb4f24-8a59-4e57-b583-c87ee2493cdb/contest-gallery","title":"Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"79fb4f24-8a59-4e57-b583-c87ee2493cdb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79fb4f24-8a59-4e57-b583-c87ee2493cdb?source=api-prod","cve":"CVE-2024-30236","affectedVersions":"<=21.3.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/7c2482cc-1717-4fae-b45b-3a1a1ce95fdc/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c2482cc-1717-4fae-b45b-3a1a1ce95fdc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c2482cc-1717-4fae-b45b-3a1a1ce95fdc?source=api-prod","cve":"CVE-2026-42657","affectedVersions":"<=28.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7db0a94e-2633-4f62-adb6-9acb3f884cb8/contest-gallery","title":"Contest Gallery <= 28.1.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7db0a94e-2633-4f62-adb6-9acb3f884cb8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7db0a94e-2633-4f62-adb6-9acb3f884cb8?source=api-prod","cve":"CVE-2026-24965","affectedVersions":"<=28.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7dbd3b23-cebc-4212-bcae-c6f23031c040/contest-gallery","title":"Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"7dbd3b23-cebc-4212-bcae-c6f23031c040"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040?source=api-prod","cve":"CVE-2023-28784","affectedVersions":"<=21.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7ef37e72-f98f-4df6-8adb-514690350a82/contest-gallery","title":"Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"7ef37e72-f98f-4df6-8adb-514690350a82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef37e72-f98f-4df6-8adb-514690350a82?source=api-prod","cve":"CVE-2024-1487","affectedVersions":"<=21.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b0c54f2-3942-48bd-b821-b66a57fd1506/contest-gallery","title":"Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b0c54f2-3942-48bd-b821-b66a57fd1506"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0c54f2-3942-48bd-b821-b66a57fd1506?source=api-prod","cve":"CVE-2024-30428","affectedVersions":"<=21.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ed63de5-ef65-4e90-afc1-b7a075e99316/contest-gallery","title":"Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ed63de5-ef65-4e90-afc1-b7a075e99316"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ed63de5-ef65-4e90-afc1-b7a075e99316?source=api-prod","cve":"CVE-2024-32778","affectedVersions":"<=21.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/91d52a64-8dc1-4923-be0b-06800382151e/contest-gallery","title":"Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 04:44:39","sources":[{"name":"Wordfence","remoteId":"91d52a64-8dc1-4923-be0b-06800382151e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91d52a64-8dc1-4923-be0b-06800382151e?source=api-prod","cve":"CVE-2026-3180","affectedVersions":"<=28.1.4","severity":"high"},{"advisoryId":"WPSECADV/WF/9a0dc62c-786d-40f3-b9c9-bd199a176192/contest-gallery","title":"Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-10 19:47:00","sources":[{"name":"Wordfence","remoteId":"9a0dc62c-786d-40f3-b9c9-bd199a176192"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a0dc62c-786d-40f3-b9c9-bd199a176192?source=api-prod","cve":"CVE-2025-11254","affectedVersions":"<=27.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1525119-732d-4948-9c33-75e9f3517c0d/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1525119-732d-4948-9c33-75e9f3517c0d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1525119-732d-4948-9c33-75e9f3517c0d?source=api-prod","cve":"CVE-2026-42656","affectedVersions":"<=28.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1b043a1-7bee-4ef0-86d9-19cf202cfc71/contest-gallery","title":"Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 22:33:58","sources":[{"name":"Wordfence","remoteId":"a1b043a1-7bee-4ef0-86d9-19cf202cfc71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1b043a1-7bee-4ef0-86d9-19cf202cfc71?source=api-prod","cve":"CVE-2025-3862","affectedVersions":"<=26.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a443e857-a915-4aa4-9879-1465d50544cc/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a443e857-a915-4aa4-9879-1465d50544cc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a443e857-a915-4aa4-9879-1465d50544cc?source=api-prod","cve":"CVE-2026-42660","affectedVersions":"<=28.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/b24625d7-2a38-451b-ab79-a1d9c5b8822a/contest-gallery","title":"Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b24625d7-2a38-451b-ab79-a1d9c5b8822a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b24625d7-2a38-451b-ab79-a1d9c5b8822a?source=api-prod","cve":"CVE-2022-4159","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8/contest-gallery","title":"Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8?source=api-prod","cve":"CVE-2022-4153","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/de379f74-660a-4e59-b1c4-4b88dff8a843/contest-gallery","title":"Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-03 14:48:39","sources":[{"name":"Wordfence","remoteId":"de379f74-660a-4e59-b1c4-4b88dff8a843"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de379f74-660a-4e59-b1c4-4b88dff8a843?source=api-prod","cve":"CVE-2025-10383","affectedVersions":"<=27.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e000c4ad-43ec-4ad0-89f9-74e9e6d8b917/contest-gallery","title":"Contest Gallery <= 28.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-14 18:27:20","sources":[{"name":"Wordfence","remoteId":"e000c4ad-43ec-4ad0-89f9-74e9e6d8b917"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e000c4ad-43ec-4ad0-89f9-74e9e6d8b917?source=api-prod","cve":"CVE-2025-12849","affectedVersions":"<=28.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4ed8c6e-5f80-4360-9478-fff49b1fee94/contest-gallery","title":"Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4ed8c6e-5f80-4360-9478-fff49b1fee94"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ed8c6e-5f80-4360-9478-fff49b1fee94?source=api-prod","cve":"CVE-2024-24887","affectedVersions":"<=21.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/e54caaf5-f37b-4842-ab3d-8e37cbed58da/contest-gallery","title":"Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 18:41:31","sources":[{"name":"Wordfence","remoteId":"e54caaf5-f37b-4842-ab3d-8e37cbed58da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e54caaf5-f37b-4842-ab3d-8e37cbed58da?source=api-prod","cve":"CVE-2025-6716","affectedVersions":"<=26.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7fcda2b-d679-44af-9592-4a96a0115a08/contest-gallery","title":"Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7fcda2b-d679-44af-9592-4a96a0115a08"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fcda2b-d679-44af-9592-4a96a0115a08?source=api-prod","cve":"CVE-2022-4150","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f185709e-0d13-48d3-9c15-03466b72dac2/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"f185709e-0d13-48d3-9c15-03466b72dac2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f185709e-0d13-48d3-9c15-03466b72dac2?source=api-prod","cve":"CVE-2022-4166","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f1b9725b-dee5-44ca-bb33-c6812fb76adc/contest-gallery","title":"Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 11:19:11","sources":[{"name":"Wordfence","remoteId":"f1b9725b-dee5-44ca-bb33-c6812fb76adc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f1b9725b-dee5-44ca-bb33-c6812fb76adc?source=api-prod","cve":"CVE-2026-4021","affectedVersions":"<=28.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2b5213d-fdc5-4c98-9a05-15d83bd7308f/contest-gallery","title":"Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2b5213d-fdc5-4c98-9a05-15d83bd7308f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2b5213d-fdc5-4c98-9a05-15d83bd7308f?source=api-prod","affectedVersions":"<=21.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/f36af71c-78af-402c-9d3a-3752368e7584/contest-gallery","title":"Contest Gallery <= 13.1.0.9 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f36af71c-78af-402c-9d3a-3752368e7584"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f36af71c-78af-402c-9d3a-3752368e7584?source=api-prod","cve":"CVE-2022-45848","affectedVersions":"<=13.1.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5e400f8-35b4-4be4-bb00-c59e14ddd57f/contest-gallery","title":"Contest Gallery <= 23.1.2 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5e400f8-35b4-4be4-bb00-c59e14ddd57f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e400f8-35b4-4be4-bb00-c59e14ddd57f?source=api-prod","cve":"CVE-2024-43283","affectedVersions":"<=23.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962/contest-gallery","title":"Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9b90e03-cdaa-4bd3-9afd-5d5c91a17962"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962?source=api-prod","cve":"CVE-2022-36394","affectedVersions":"<=17.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6/contest-gallery","title":"Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6?source=api-prod","cve":"CVE-2019-5974","affectedVersions":"<=10.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fd3b4c44-d47a-45de-bcb2-0820e475b331/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-04 21:11:26","sources":[{"name":"Wordfence","remoteId":"fd3b4c44-d47a-45de-bcb2-0820e475b331"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=api-prod","cve":"CVE-2024-10687","affectedVersions":"<=24.0.3","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/07f16cf7-94ad-4203-9d71-8e6e349d8c89/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"07f16cf7-94ad-4203-9d71-8e6e349d8c89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07f16cf7-94ad-4203-9d71-8e6e349d8c89?source=api-prod","cve":"CVE-2026-25035","affectedVersions":"<=28.1.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/0df7f413-2631-46d9-8c0b-d66f05a02c01/contest-gallery","title":"Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0df7f413-2631-46d9-8c0b-d66f05a02c01"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=api-prod","cve":"CVE-2024-11103","affectedVersions":"<=24.0.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/0f835e7c-f921-449d-9ffc-dd0fd141119d/contest-gallery","title":"Contest Gallery <= 26.0.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0f835e7c-f921-449d-9ffc-dd0fd141119d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f835e7c-f921-449d-9ffc-dd0fd141119d?source=api-prod","cve":"CVE-2025-48291","affectedVersions":"<=26.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/10e05707-02cb-42de-8399-4556d76b01b3/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"10e05707-02cb-42de-8399-4556d76b01b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10e05707-02cb-42de-8399-4556d76b01b3?source=api-prod","cve":"CVE-2022-4158","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/16bbabe5-e8cf-43fa-ae7d-326045464192/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"16bbabe5-e8cf-43fa-ae7d-326045464192"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16bbabe5-e8cf-43fa-ae7d-326045464192?source=api-prod","cve":"CVE-2026-24964","affectedVersions":"<=28.1.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/18003103-3a14-4cbc-8bed-87a8ab050308/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-31 16:20:34","sources":[{"name":"Wordfence","remoteId":"18003103-3a14-4cbc-8bed-87a8ab050308"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18003103-3a14-4cbc-8bed-87a8ab050308?source=api-prod","cve":"CVE-2025-7725","affectedVersions":"<=26.1.0","severity":"high"},{"advisoryId":"WPSECADV/WF/181f578f-011b-4819-8b4d-1e7e78176e10/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 30.0.0 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"181f578f-011b-4819-8b4d-1e7e78176e10"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/181f578f-011b-4819-8b4d-1e7e78176e10?source=api-prod","cve":"CVE-2026-57662","affectedVersions":"<=30.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/1a0fa7f6-cc1a-45fe-881d-694c81b841c7/contest-gallery","title":"Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"1a0fa7f6-cc1a-45fe-881d-694c81b841c7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0fa7f6-cc1a-45fe-881d-694c81b841c7?source=api-prod","cve":"CVE-2022-4156","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/1b5cf360-0163-4a7c-8979-ec89ec80ad62/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 16:40:04","sources":[{"name":"Wordfence","remoteId":"1b5cf360-0163-4a7c-8979-ec89ec80ad62"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b5cf360-0163-4a7c-8979-ec89ec80ad62?source=api-prod","cve":"CVE-2025-1513","affectedVersions":"<=26.0.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/1dba61bb-2d26-483e-835f-c3841f07efe6/contest-gallery","title":"Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"1dba61bb-2d26-483e-835f-c3841f07efe6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1dba61bb-2d26-483e-835f-c3841f07efe6?source=api-prod","cve":"CVE-2024-39631","affectedVersions":"<=23.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1f9d8bbe-205f-44b6-a0c6-89b9135e6363/contest-gallery","title":"Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1f9d8bbe-205f-44b6-a0c6-89b9135e6363"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1f9d8bbe-205f-44b6-a0c6-89b9135e6363?source=api-prod","affectedVersions":"<=17.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/1fb84512-82c3-4def-a11b-ba0b7d64c41f/contest-gallery","title":"Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"1fb84512-82c3-4def-a11b-ba0b7d64c41f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb84512-82c3-4def-a11b-ba0b7d64c41f?source=api-prod","cve":"CVE-2025-22693","affectedVersions":"<=25.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/213fde1b-13dc-442a-8f48-4b1074155a6f/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"213fde1b-13dc-442a-8f48-4b1074155a6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/213fde1b-13dc-442a-8f48-4b1074155a6f?source=api-prod","cve":"CVE-2022-4157","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/250788a8-55d1-416b-bf1c-2170e8483ccc/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"250788a8-55d1-416b-bf1c-2170e8483ccc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/250788a8-55d1-416b-bf1c-2170e8483ccc?source=api-prod","cve":"CVE-2022-4155","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec/contest-gallery","title":"Contest Gallery <= 24.0.3 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2aa5b7e8-3030-47d3-9440-3b1b5c94b5ec?source=api-prod","cve":"CVE-2024-56237","affectedVersions":"<=24.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d3150b3-fba1-4e89-8f4e-b6c605227395/contest-gallery","title":"Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d3150b3-fba1-4e89-8f4e-b6c605227395"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3150b3-fba1-4e89-8f4e-b6c605227395?source=api-prod","cve":"CVE-2024-30238","affectedVersions":"<=21.3.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/31196bdf-2ddd-49ea-840d-8fd78611629e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"31196bdf-2ddd-49ea-840d-8fd78611629e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31196bdf-2ddd-49ea-840d-8fd78611629e?source=api-prod","cve":"CVE-2022-4151","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3184c304-52d3-4baa-b3c2-90957e1d8e79/contest-gallery","title":"Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"3184c304-52d3-4baa-b3c2-90957e1d8e79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3184c304-52d3-4baa-b3c2-90957e1d8e79?source=api-prod","cve":"CVE-2021-24915","affectedVersions":"<=13.1.0.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/3b1b1a55-7872-456f-a754-023aad354359/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3b1b1a55-7872-456f-a754-023aad354359"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b1a55-7872-456f-a754-023aad354359?source=api-prod","cve":"CVE-2022-4164","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81/contest-gallery","title":"Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81?source=api-prod","cve":"CVE-2023-5307","affectedVersions":"<21.2.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3e9672b1-6d00-45bc-91ef-0c5583b5306e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3e9672b1-6d00-45bc-91ef-0c5583b5306e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e9672b1-6d00-45bc-91ef-0c5583b5306e?source=api-prod","cve":"CVE-2022-4160","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/407d8ebe-f3fc-433a-856f-de2ad4e58b9e/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"407d8ebe-f3fc-433a-856f-de2ad4e58b9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/407d8ebe-f3fc-433a-856f-de2ad4e58b9e?source=api-prod","cve":"CVE-2022-4161","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5d080f5b-6646-47ef-8ae7-8b94270f9f59/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d080f5b-6646-47ef-8ae7-8b94270f9f59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d080f5b-6646-47ef-8ae7-8b94270f9f59?source=api-prod","cve":"CVE-2022-4163","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/691eb4c1-18ba-433b-8725-70f2ecf89b0a/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"691eb4c1-18ba-433b-8725-70f2ecf89b0a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/691eb4c1-18ba-433b-8725-70f2ecf89b0a?source=api-prod","cve":"CVE-2022-4152","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/69b909da-b1b0-4dab-916c-908511f6556f/contest-gallery","title":"Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 20:57:12","sources":[{"name":"Wordfence","remoteId":"69b909da-b1b0-4dab-916c-908511f6556f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69b909da-b1b0-4dab-916c-908511f6556f?source=api-prod","cve":"CVE-2026-12165","affectedVersions":"<=30.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6f854ffc-244b-45c3-94ce-198e85c11869/contest-gallery","title":"Contest Gallery <= 28.0.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f854ffc-244b-45c3-94ce-198e85c11869"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f854ffc-244b-45c3-94ce-198e85c11869?source=api-prod","cve":"CVE-2025-62950","affectedVersions":"<=28.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6f946251-c7be-4ef6-885f-8b378c0c234c/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f946251-c7be-4ef6-885f-8b378c0c234c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f946251-c7be-4ef6-885f-8b378c0c234c?source=api-prod","cve":"CVE-2022-4165","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3/contest-gallery","title":"Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3?source=api-prod","cve":"CVE-2026-8912","affectedVersions":"<=28.1.6","severity":"high"},{"advisoryId":"WPSECADV/WF/75c6697c-bc1d-456f-baee-ee9c57e40d21/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"75c6697c-bc1d-456f-baee-ee9c57e40d21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75c6697c-bc1d-456f-baee-ee9c57e40d21?source=api-prod","cve":"CVE-2022-4162","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/768d0d53-8724-4598-ae73-305225b52633/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"768d0d53-8724-4598-ae73-305225b52633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/768d0d53-8724-4598-ae73-305225b52633?source=api-prod","cve":"CVE-2026-40771","affectedVersions":"<=28.1.6","severity":"high"},{"advisoryId":"WPSECADV/WF/7759b209-4211-4ee5-ae7a-42645f5d5e96/contest-gallery","title":"Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"7759b209-4211-4ee5-ae7a-42645f5d5e96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7759b209-4211-4ee5-ae7a-42645f5d5e96?source=api-prod","affectedVersions":"<13.1.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/78f745f9-c44e-4458-9381-f639c842a31e/contest-gallery","title":"Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-20 12:39:00","sources":[{"name":"Wordfence","remoteId":"78f745f9-c44e-4458-9381-f639c842a31e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/78f745f9-c44e-4458-9381-f639c842a31e?source=api-prod","cve":"CVE-2022-27853","affectedVersions":"<=13.1.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/79fb4f24-8a59-4e57-b583-c87ee2493cdb/contest-gallery","title":"Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"79fb4f24-8a59-4e57-b583-c87ee2493cdb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79fb4f24-8a59-4e57-b583-c87ee2493cdb?source=api-prod","cve":"CVE-2024-30236","affectedVersions":"<=21.3.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/7c2482cc-1717-4fae-b45b-3a1a1ce95fdc/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c2482cc-1717-4fae-b45b-3a1a1ce95fdc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c2482cc-1717-4fae-b45b-3a1a1ce95fdc?source=api-prod","cve":"CVE-2026-42657","affectedVersions":"<=28.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7db0a94e-2633-4f62-adb6-9acb3f884cb8/contest-gallery","title":"Contest Gallery <= 28.1.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7db0a94e-2633-4f62-adb6-9acb3f884cb8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7db0a94e-2633-4f62-adb6-9acb3f884cb8?source=api-prod","cve":"CVE-2026-24965","affectedVersions":"<=28.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7dbd3b23-cebc-4212-bcae-c6f23031c040/contest-gallery","title":"Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"7dbd3b23-cebc-4212-bcae-c6f23031c040"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040?source=api-prod","cve":"CVE-2023-28784","affectedVersions":"<=21.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7ef37e72-f98f-4df6-8adb-514690350a82/contest-gallery","title":"Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"7ef37e72-f98f-4df6-8adb-514690350a82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef37e72-f98f-4df6-8adb-514690350a82?source=api-prod","cve":"CVE-2024-1487","affectedVersions":"<=21.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b0c54f2-3942-48bd-b821-b66a57fd1506/contest-gallery","title":"Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b0c54f2-3942-48bd-b821-b66a57fd1506"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0c54f2-3942-48bd-b821-b66a57fd1506?source=api-prod","cve":"CVE-2024-30428","affectedVersions":"<=21.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ed63de5-ef65-4e90-afc1-b7a075e99316/contest-gallery","title":"Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ed63de5-ef65-4e90-afc1-b7a075e99316"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ed63de5-ef65-4e90-afc1-b7a075e99316?source=api-prod","cve":"CVE-2024-32778","affectedVersions":"<=21.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/91d52a64-8dc1-4923-be0b-06800382151e/contest-gallery","title":"Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 04:44:39","sources":[{"name":"Wordfence","remoteId":"91d52a64-8dc1-4923-be0b-06800382151e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91d52a64-8dc1-4923-be0b-06800382151e?source=api-prod","cve":"CVE-2026-3180","affectedVersions":"<=28.1.4","severity":"high"},{"advisoryId":"WPSECADV/WF/9a0dc62c-786d-40f3-b9c9-bd199a176192/contest-gallery","title":"Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-10 19:47:00","sources":[{"name":"Wordfence","remoteId":"9a0dc62c-786d-40f3-b9c9-bd199a176192"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a0dc62c-786d-40f3-b9c9-bd199a176192?source=api-prod","cve":"CVE-2025-11254","affectedVersions":"<=27.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1525119-732d-4948-9c33-75e9f3517c0d/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1525119-732d-4948-9c33-75e9f3517c0d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1525119-732d-4948-9c33-75e9f3517c0d?source=api-prod","cve":"CVE-2026-42656","affectedVersions":"<=28.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1b043a1-7bee-4ef0-86d9-19cf202cfc71/contest-gallery","title":"Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 22:33:58","sources":[{"name":"Wordfence","remoteId":"a1b043a1-7bee-4ef0-86d9-19cf202cfc71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1b043a1-7bee-4ef0-86d9-19cf202cfc71?source=api-prod","cve":"CVE-2025-3862","affectedVersions":"<=26.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a443e857-a915-4aa4-9879-1465d50544cc/contest-gallery","title":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a443e857-a915-4aa4-9879-1465d50544cc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a443e857-a915-4aa4-9879-1465d50544cc?source=api-prod","cve":"CVE-2026-42660","affectedVersions":"<=28.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/b24625d7-2a38-451b-ab79-a1d9c5b8822a/contest-gallery","title":"Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b24625d7-2a38-451b-ab79-a1d9c5b8822a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b24625d7-2a38-451b-ab79-a1d9c5b8822a?source=api-prod","cve":"CVE-2022-4159","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8/contest-gallery","title":"Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8?source=api-prod","cve":"CVE-2022-4153","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/de379f74-660a-4e59-b1c4-4b88dff8a843/contest-gallery","title":"Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-03 14:48:39","sources":[{"name":"Wordfence","remoteId":"de379f74-660a-4e59-b1c4-4b88dff8a843"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de379f74-660a-4e59-b1c4-4b88dff8a843?source=api-prod","cve":"CVE-2025-10383","affectedVersions":"<=27.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e000c4ad-43ec-4ad0-89f9-74e9e6d8b917/contest-gallery","title":"Contest Gallery <= 28.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-14 18:27:20","sources":[{"name":"Wordfence","remoteId":"e000c4ad-43ec-4ad0-89f9-74e9e6d8b917"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e000c4ad-43ec-4ad0-89f9-74e9e6d8b917?source=api-prod","cve":"CVE-2025-12849","affectedVersions":"<=28.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4ed8c6e-5f80-4360-9478-fff49b1fee94/contest-gallery","title":"Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4ed8c6e-5f80-4360-9478-fff49b1fee94"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ed8c6e-5f80-4360-9478-fff49b1fee94?source=api-prod","cve":"CVE-2024-24887","affectedVersions":"<=21.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/e54caaf5-f37b-4842-ab3d-8e37cbed58da/contest-gallery","title":"Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 18:41:31","sources":[{"name":"Wordfence","remoteId":"e54caaf5-f37b-4842-ab3d-8e37cbed58da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e54caaf5-f37b-4842-ab3d-8e37cbed58da?source=api-prod","cve":"CVE-2025-6716","affectedVersions":"<=26.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7fcda2b-d679-44af-9592-4a96a0115a08/contest-gallery","title":"Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7fcda2b-d679-44af-9592-4a96a0115a08"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fcda2b-d679-44af-9592-4a96a0115a08?source=api-prod","cve":"CVE-2022-4150","affectedVersions":"<=19.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f185709e-0d13-48d3-9c15-03466b72dac2/contest-gallery","title":"Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"f185709e-0d13-48d3-9c15-03466b72dac2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f185709e-0d13-48d3-9c15-03466b72dac2?source=api-prod","cve":"CVE-2022-4166","affectedVersions":"<=19.1.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f1b9725b-dee5-44ca-bb33-c6812fb76adc/contest-gallery","title":"Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 11:19:11","sources":[{"name":"Wordfence","remoteId":"f1b9725b-dee5-44ca-bb33-c6812fb76adc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f1b9725b-dee5-44ca-bb33-c6812fb76adc?source=api-prod","cve":"CVE-2026-4021","affectedVersions":"<=28.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2b5213d-fdc5-4c98-9a05-15d83bd7308f/contest-gallery","title":"Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2b5213d-fdc5-4c98-9a05-15d83bd7308f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2b5213d-fdc5-4c98-9a05-15d83bd7308f?source=api-prod","affectedVersions":"<=21.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/f36af71c-78af-402c-9d3a-3752368e7584/contest-gallery","title":"Contest Gallery <= 13.1.0.9 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f36af71c-78af-402c-9d3a-3752368e7584"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f36af71c-78af-402c-9d3a-3752368e7584?source=api-prod","cve":"CVE-2022-45848","affectedVersions":"<=13.1.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5e400f8-35b4-4be4-bb00-c59e14ddd57f/contest-gallery","title":"Contest Gallery <= 23.1.2 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5e400f8-35b4-4be4-bb00-c59e14ddd57f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e400f8-35b4-4be4-bb00-c59e14ddd57f?source=api-prod","cve":"CVE-2024-43283","affectedVersions":"<=23.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962/contest-gallery","title":"Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9b90e03-cdaa-4bd3-9afd-5d5c91a17962"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962?source=api-prod","cve":"CVE-2022-36394","affectedVersions":"<=17.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6/contest-gallery","title":"Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6?source=api-prod","cve":"CVE-2019-5974","affectedVersions":"<=10.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/fd3b4c44-d47a-45de-bcb2-0820e475b331/contest-gallery","title":"Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-04 21:11:26","sources":[{"name":"Wordfence","remoteId":"fd3b4c44-d47a-45de-bcb2-0820e475b331"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=api-prod","cve":"CVE-2024-10687","affectedVersions":"<=24.0.3","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f726e657273746f6e65811c9dc5_gen.json b/internal/data/assets/plugin_636f726e657273746f6e65811c9dc5_gen.json index bb93bdb9..2dcd587d 100644 --- a/internal/data/assets/plugin_636f726e657273746f6e65811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f726e657273746f6e65811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/03ffb77e-fcb2-42ff-9010-d067d746c543/cornerstone","title":"Cornerstone < 7.8.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"03ffb77e-fcb2-42ff-9010-d067d746c543"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03ffb77e-fcb2-42ff-9010-d067d746c543?source=api-prod","cve":"CVE-2026-54185","affectedVersions":"<7.8.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c8e6f5e-d403-497d-bedc-d570d35ca00f/cornerstone","title":"Cornerstone <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c8e6f5e-d403-497d-bedc-d570d35ca00f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8e6f5e-d403-497d-bedc-d570d35ca00f?source=api-prod","cve":"CVE-2025-63072","affectedVersions":"<=7.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c18a9b8-5041-4451-a3cc-91952c234d9c/cornerstone","title":"Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"5c18a9b8-5041-4451-a3cc-91952c234d9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c18a9b8-5041-4451-a3cc-91952c234d9c?source=api-prod","cve":"CVE-2024-32570","affectedVersions":"<=0.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5f75dfef-b30f-45a5-ba3e-cb82c1443800/cornerstone","title":"Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f75dfef-b30f-45a5-ba3e-cb82c1443800"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f75dfef-b30f-45a5-ba3e-cb82c1443800?source=api-prod","cve":"CVE-2024-28002","affectedVersions":"<=0.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/832af296-7d7c-47a0-84a4-01a1fe78ff21/cornerstone","title":"Cornerstone < 7.8.8 - Authenticated (Subscriber+) Arbitrary Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"832af296-7d7c-47a0-84a4-01a1fe78ff21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/832af296-7d7c-47a0-84a4-01a1fe78ff21?source=api-prod","cve":"CVE-2026-49113","affectedVersions":"<7.8.8","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/03ffb77e-fcb2-42ff-9010-d067d746c543/cornerstone","title":"Cornerstone < 7.8.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"03ffb77e-fcb2-42ff-9010-d067d746c543"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03ffb77e-fcb2-42ff-9010-d067d746c543?source=api-prod","cve":"CVE-2026-54185","affectedVersions":"<7.8.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c8e6f5e-d403-497d-bedc-d570d35ca00f/cornerstone","title":"Cornerstone <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c8e6f5e-d403-497d-bedc-d570d35ca00f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8e6f5e-d403-497d-bedc-d570d35ca00f?source=api-prod","cve":"CVE-2025-63072","affectedVersions":"<=7.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c18a9b8-5041-4451-a3cc-91952c234d9c/cornerstone","title":"Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"5c18a9b8-5041-4451-a3cc-91952c234d9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c18a9b8-5041-4451-a3cc-91952c234d9c?source=api-prod","cve":"CVE-2024-32570","affectedVersions":"<=0.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5f75dfef-b30f-45a5-ba3e-cb82c1443800/cornerstone","title":"Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f75dfef-b30f-45a5-ba3e-cb82c1443800"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f75dfef-b30f-45a5-ba3e-cb82c1443800?source=api-prod","cve":"CVE-2024-28002","affectedVersions":"<=0.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/832af296-7d7c-47a0-84a4-01a1fe78ff21/cornerstone","title":"Cornerstone < 7.8.8 - Authenticated (Subscriber+) Arbitrary Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"832af296-7d7c-47a0-84a4-01a1fe78ff21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/832af296-7d7c-47a0-84a4-01a1fe78ff21?source=api-prod","cve":"CVE-2026-49113","affectedVersions":"<7.8.8","severity":"high"},{"advisoryId":"WPSECADV/WF/937d1870-a844-4033-8bc0-88e2cd9db25b/cornerstone","title":"Cornerstone < 7.8.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"937d1870-a844-4033-8bc0-88e2cd9db25b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/937d1870-a844-4033-8bc0-88e2cd9db25b?source=api-prod","cve":"CVE-2026-9709","affectedVersions":"<7.8.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3802a0a-92fe-4ae0-a0ca-05f82cf69101/cornerstone","title":"Cornerstone < 7.8.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3802a0a-92fe-4ae0-a0ca-05f82cf69101"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3802a0a-92fe-4ae0-a0ca-05f82cf69101?source=api-prod","cve":"CVE-2026-9710","affectedVersions":"<7.8.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_637573746f6d2d6669656c642d74656d706c617465811c9dc5_gen.json b/internal/data/assets/plugin_637573746f6d2d6669656c642d74656d706c617465811c9dc5_gen.json index 8795eedc..0e27edbd 100644 --- a/internal/data/assets/plugin_637573746f6d2d6669656c642d74656d706c617465811c9dc5_gen.json +++ b/internal/data/assets/plugin_637573746f6d2d6669656c642d74656d706c617465811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/22a5020a-ab81-43be-b160-082347a2a2d9/custom-field-template","title":"Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"22a5020a-ab81-43be-b160-082347a2a2d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22a5020a-ab81-43be-b160-082347a2a2d9?source=api-prod","cve":"CVE-2022-4324","affectedVersions":"<=2.5.7","severity":"high"},{"advisoryId":"WPSECADV/WF/25d07a99-d425-4e1a-8adf-d12071552882/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"25d07a99-d425-4e1a-8adf-d12071552882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25d07a99-d425-4e1a-8adf-d12071552882?source=api-prod","cve":"CVE-2023-6745","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3444c4b0-4619-482f-8313-d3006aa1e845/custom-field-template","title":"Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-09-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"3444c4b0-4619-482f-8313-d3006aa1e845"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3444c4b0-4619-482f-8313-d3006aa1e845?source=api-prod","cve":"CVE-2020-36742","affectedVersions":"<2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/637f07c6-68cd-4ac6-83fd-65dbaab882fc/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"637f07c6-68cd-4ac6-83fd-65dbaab882fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=api-prod","cve":"CVE-2024-0627","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/752a07c4-ae88-4152-b449-68228a54604a/custom-field-template","title":"Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"752a07c4-ae88-4152-b449-68228a54604a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/752a07c4-ae88-4152-b449-68228a54604a?source=api-prod","cve":"CVE-2023-38392","affectedVersions":"<=2.5.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/7614fa27-a5f3-4744-8b1e-716854fe7dac/custom-field-template","title":"Custom Field Template <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"7614fa27-a5f3-4744-8b1e-716854fe7dac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7614fa27-a5f3-4744-8b1e-716854fe7dac?source=api-prod","cve":"CVE-2025-68607","affectedVersions":"<=2.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7fcd0410-9423-4349-8d1c-3551de38a7c7/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"7fcd0410-9423-4349-8d1c-3551de38a7c7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=api-prod","cve":"CVE-2023-6748","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a88330e-fbeb-4ac7-a143-a59766accbeb/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a88330e-fbeb-4ac7-a143-a59766accbeb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=api-prod","cve":"CVE-2024-0653","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b55853e1-2f20-417f-b07e-eda758eaed32/custom-field-template","title":"Custom Field Template <= 2.5.8 - Cross-Site Request Forgery via Plugin Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"b55853e1-2f20-417f-b07e-eda758eaed32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b55853e1-2f20-417f-b07e-eda758eaed32?source=api-prod","cve":"CVE-2023-22695","affectedVersions":"<=2.5.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/d1c514dd-132f-4e42-a512-bb0cf24da937/custom-field-template","title":"Custom Field Template <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d1c514dd-132f-4e42-a512-bb0cf24da937"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c514dd-132f-4e42-a512-bb0cf24da937?source=api-prod","cve":"CVE-2024-44062","affectedVersions":"<=2.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec47ffee-0599-4f16-a71d-d17dcfe9b183/custom-field-template","title":"Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec47ffee-0599-4f16-a71d-d17dcfe9b183"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec47ffee-0599-4f16-a71d-d17dcfe9b183?source=api-prod","cve":"CVE-2024-25919","affectedVersions":"<=2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee342bda-f2bb-45dd-ae9b-a254006b9bd2/custom-field-template","title":"Custom Field Template <= 2.7.6 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee342bda-f2bb-45dd-ae9b-a254006b9bd2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee342bda-f2bb-45dd-ae9b-a254006b9bd2?source=api-prod","cve":"CVE-2025-63058","affectedVersions":"<=2.7.6","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/22a5020a-ab81-43be-b160-082347a2a2d9/custom-field-template","title":"Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"22a5020a-ab81-43be-b160-082347a2a2d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22a5020a-ab81-43be-b160-082347a2a2d9?source=api-prod","cve":"CVE-2022-4324","affectedVersions":"<=2.5.7","severity":"high"},{"advisoryId":"WPSECADV/WF/25d07a99-d425-4e1a-8adf-d12071552882/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"25d07a99-d425-4e1a-8adf-d12071552882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25d07a99-d425-4e1a-8adf-d12071552882?source=api-prod","cve":"CVE-2023-6745","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3444c4b0-4619-482f-8313-d3006aa1e845/custom-field-template","title":"Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-09-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"3444c4b0-4619-482f-8313-d3006aa1e845"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3444c4b0-4619-482f-8313-d3006aa1e845?source=api-prod","cve":"CVE-2020-36742","affectedVersions":"<2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/637f07c6-68cd-4ac6-83fd-65dbaab882fc/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"637f07c6-68cd-4ac6-83fd-65dbaab882fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=api-prod","cve":"CVE-2024-0627","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/752a07c4-ae88-4152-b449-68228a54604a/custom-field-template","title":"Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"752a07c4-ae88-4152-b449-68228a54604a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/752a07c4-ae88-4152-b449-68228a54604a?source=api-prod","cve":"CVE-2023-38392","affectedVersions":"<=2.5.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/7614fa27-a5f3-4744-8b1e-716854fe7dac/custom-field-template","title":"Custom Field Template <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"7614fa27-a5f3-4744-8b1e-716854fe7dac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7614fa27-a5f3-4744-8b1e-716854fe7dac?source=api-prod","cve":"CVE-2025-68607","affectedVersions":"<=2.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7fcd0410-9423-4349-8d1c-3551de38a7c7/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"7fcd0410-9423-4349-8d1c-3551de38a7c7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=api-prod","cve":"CVE-2023-6748","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a88330e-fbeb-4ac7-a143-a59766accbeb/custom-field-template","title":"Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a88330e-fbeb-4ac7-a143-a59766accbeb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=api-prod","cve":"CVE-2024-0653","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b55853e1-2f20-417f-b07e-eda758eaed32/custom-field-template","title":"Custom Field Template <= 2.5.8 - Cross-Site Request Forgery via Plugin Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"b55853e1-2f20-417f-b07e-eda758eaed32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b55853e1-2f20-417f-b07e-eda758eaed32?source=api-prod","cve":"CVE-2023-22695","affectedVersions":"<=2.5.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/d1c514dd-132f-4e42-a512-bb0cf24da937/custom-field-template","title":"Custom Field Template <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d1c514dd-132f-4e42-a512-bb0cf24da937"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c514dd-132f-4e42-a512-bb0cf24da937?source=api-prod","cve":"CVE-2024-44062","affectedVersions":"<=2.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/d45eb4e4-b59b-479a-a49b-2ca6d254aa01/custom-field-template","title":"Custom Field Template <= 2.7.8 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d45eb4e4-b59b-479a-a49b-2ca6d254aa01"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d45eb4e4-b59b-479a-a49b-2ca6d254aa01?source=api-prod","cve":"CVE-2026-57687","affectedVersions":"<=2.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec47ffee-0599-4f16-a71d-d17dcfe9b183/custom-field-template","title":"Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec47ffee-0599-4f16-a71d-d17dcfe9b183"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec47ffee-0599-4f16-a71d-d17dcfe9b183?source=api-prod","cve":"CVE-2024-25919","affectedVersions":"<=2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee342bda-f2bb-45dd-ae9b-a254006b9bd2/custom-field-template","title":"Custom Field Template <= 2.7.6 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee342bda-f2bb-45dd-ae9b-a254006b9bd2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee342bda-f2bb-45dd-ae9b-a254006b9bd2?source=api-prod","cve":"CVE-2025-63058","affectedVersions":"<=2.7.6","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_637573746f6d65722d726576696577732d776f6f636f6d6d65726365811c9dc5_gen.json b/internal/data/assets/plugin_637573746f6d65722d726576696577732d776f6f636f6d6d65726365811c9dc5_gen.json index e133f976..22c6b182 100644 --- a/internal/data/assets/plugin_637573746f6d65722d726576696577732d776f6f636f6d6d65726365811c9dc5_gen.json +++ b/internal/data/assets/plugin_637573746f6d65722d726576696577732d776f6f636f6d6d65726365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/27e3dfe3-ad33-4d0c-a999-d0734df2f59b/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 12:26:12","sources":[{"name":"Wordfence","remoteId":"27e3dfe3-ad33-4d0c-a999-d0734df2f59b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e3dfe3-ad33-4d0c-a999-d0734df2f59b?source=api-prod","cve":"CVE-2026-4664","affectedVersions":"<=5.103.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e093d1f-9c5a-44f8-bc27-9c320e220358/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via CR_Manual\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e093d1f-9c5a-44f8-bc27-9c320e220358"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e093d1f-9c5a-44f8-bc27-9c320e220358?source=api-prod","cve":"CVE-2023-51692","affectedVersions":"<=5.38.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/34eaee0f-7a5b-4496-a5c8-5f6c69e24417/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"34eaee0f-7a5b-4496-a5c8-5f6c69e24417"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34eaee0f-7a5b-4496-a5c8-5f6c69e24417?source=api-prod","cve":"CVE-2022-40194","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/43100062-c6bd-4d08-a88b-fbcf24f7e605/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"43100062-c6bd-4d08-a88b-fbcf24f7e605"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43100062-c6bd-4d08-a88b-fbcf24f7e605?source=api-prod","cve":"CVE-2022-38470","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/4420c334-1ea4-4549-b391-150702abc2f8/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"4420c334-1ea4-4549-b391-150702abc2f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=api-prod","cve":"CVE-2024-1044","affectedVersions":"<=5.38.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/4af801db-44a6-4cd3-bd1a-3125490c8c48/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"4af801db-44a6-4cd3-bd1a-3125490c8c48"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=api-prod","cve":"CVE-2023-6979","affectedVersions":"<=5.38.9","severity":"high"},{"advisoryId":"WPSECADV/WF/6126ec74-d522-45ff-aa03-07aad5fb75b9/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-30 16:23:45","sources":[{"name":"Wordfence","remoteId":"6126ec74-d522-45ff-aa03-07aad5fb75b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6126ec74-d522-45ff-aa03-07aad5fb75b9?source=api-prod","cve":"CVE-2025-5720","affectedVersions":"<=5.80.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/881e8096-e75f-49a7-87ed-c230e93ea378/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"881e8096-e75f-49a7-87ed-c230e93ea378"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=api-prod","cve":"CVE-2024-3869","affectedVersions":"<=5.46.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/88e4eec2-2861-4d1d-97eb-67887f59c745/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-06 14:32:24","sources":[{"name":"Wordfence","remoteId":"88e4eec2-2861-4d1d-97eb-67887f59c745"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/88e4eec2-2861-4d1d-97eb-67887f59c745?source=api-prod","cve":"CVE-2025-14891","affectedVersions":"<=5.93.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b0a47e0-5be1-418c-afdf-8bb2d784bcc9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9?source=api-prod","cve":"CVE-2022-38134","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a0e80e63-f4f7-44cc-ae29-72e7847d7448/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0e80e63-f4f7-44cc-ae29-72e7847d7448"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=api-prod","cve":"CVE-2024-3243","affectedVersions":"<=5.46.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a851172f-3b27-4bc2-adc7-6863c2fd1c0a/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-15 17:40:07","sources":[{"name":"Wordfence","remoteId":"a851172f-3b27-4bc2-adc7-6863c2fd1c0a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a851172f-3b27-4bc2-adc7-6863c2fd1c0a?source=api-prod","cve":"CVE-2026-3355","affectedVersions":"<=5.101.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b243722e-6510-48bd-be26-95ccbe79fa57/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Cross-Site Request Forgery via manual review reminders\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b243722e-6510-48bd-be26-95ccbe79fa57"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b243722e-6510-48bd-be26-95ccbe79fa57?source=api-prod","affectedVersions":"<5.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3489038-2833-4080-b802-5733afab5de8/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3489038-2833-4080-b802-5733afab5de8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=api-prod","cve":"CVE-2024-3731","affectedVersions":"<=5.47.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c5429fb1-7072-4a00-8fb3-48d4f876417f/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5429fb1-7072-4a00-8fb3-48d4f876417f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f?source=api-prod","affectedVersions":"<5.36.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/c6e2710f-f51a-487d-a4bb-a19f614ff254/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via manual review reminders\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6e2710f-f51a-487d-a4bb-a19f614ff254"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6e2710f-f51a-487d-a4bb-a19f614ff254?source=api-prod","affectedVersions":"<5.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d60f3da1-1184-4629-880c-ce3893fb55a5/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"d60f3da1-1184-4629-880c-ce3893fb55a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5?source=api-prod","cve":"CVE-2023-45101","affectedVersions":"<=5.36.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6e7b44c-fe94-493b-846b-57c40e00d8fe/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6e7b44c-fe94-493b-846b-57c40e00d8fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6e7b44c-fe94-493b-846b-57c40e00d8fe?source=api-prod","cve":"CVE-2023-0080","affectedVersions":"<=5.15.0","severity":"high"},{"advisoryId":"WPSECADV/WF/e27224aa-56c4-49ab-b9b3-b431b38e126e/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"e27224aa-56c4-49ab-b9b3-b431b38e126e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=api-prod","cve":"CVE-2024-10614","affectedVersions":"<=5.61.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f00ef5c1-1025-489c-a294-a87e10afde2b/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"f00ef5c1-1025-489c-a294-a87e10afde2b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f00ef5c1-1025-489c-a294-a87e10afde2b?source=api-prod","cve":"CVE-2023-0079","affectedVersions":"<=5.16.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8b34144-5516-46df-b093-95f4bf76b896/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-12 00:17:35","sources":[{"name":"Wordfence","remoteId":"f8b34144-5516-46df-b093-95f4bf76b896"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8b34144-5516-46df-b093-95f4bf76b896?source=api-prod","cve":"CVE-2026-1316","affectedVersions":"<=5.97.0","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/27e3dfe3-ad33-4d0c-a999-d0734df2f59b/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 12:26:12","sources":[{"name":"Wordfence","remoteId":"27e3dfe3-ad33-4d0c-a999-d0734df2f59b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e3dfe3-ad33-4d0c-a999-d0734df2f59b?source=api-prod","cve":"CVE-2026-4664","affectedVersions":"<=5.103.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e093d1f-9c5a-44f8-bc27-9c320e220358/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via CR_Manual\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e093d1f-9c5a-44f8-bc27-9c320e220358"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e093d1f-9c5a-44f8-bc27-9c320e220358?source=api-prod","cve":"CVE-2023-51692","affectedVersions":"<=5.38.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/34eaee0f-7a5b-4496-a5c8-5f6c69e24417/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"34eaee0f-7a5b-4496-a5c8-5f6c69e24417"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34eaee0f-7a5b-4496-a5c8-5f6c69e24417?source=api-prod","cve":"CVE-2022-40194","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/43100062-c6bd-4d08-a88b-fbcf24f7e605/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"43100062-c6bd-4d08-a88b-fbcf24f7e605"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43100062-c6bd-4d08-a88b-fbcf24f7e605?source=api-prod","cve":"CVE-2022-38470","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/4420c334-1ea4-4549-b391-150702abc2f8/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"4420c334-1ea4-4549-b391-150702abc2f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=api-prod","cve":"CVE-2024-1044","affectedVersions":"<=5.38.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/4af801db-44a6-4cd3-bd1a-3125490c8c48/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"4af801db-44a6-4cd3-bd1a-3125490c8c48"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=api-prod","cve":"CVE-2023-6979","affectedVersions":"<=5.38.9","severity":"high"},{"advisoryId":"WPSECADV/WF/6126ec74-d522-45ff-aa03-07aad5fb75b9/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-30 16:23:45","sources":[{"name":"Wordfence","remoteId":"6126ec74-d522-45ff-aa03-07aad5fb75b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6126ec74-d522-45ff-aa03-07aad5fb75b9?source=api-prod","cve":"CVE-2025-5720","affectedVersions":"<=5.80.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/881e8096-e75f-49a7-87ed-c230e93ea378/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"881e8096-e75f-49a7-87ed-c230e93ea378"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=api-prod","cve":"CVE-2024-3869","affectedVersions":"<=5.46.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/88e4eec2-2861-4d1d-97eb-67887f59c745/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-06 14:32:24","sources":[{"name":"Wordfence","remoteId":"88e4eec2-2861-4d1d-97eb-67887f59c745"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/88e4eec2-2861-4d1d-97eb-67887f59c745?source=api-prod","cve":"CVE-2025-14891","affectedVersions":"<=5.93.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b0a47e0-5be1-418c-afdf-8bb2d784bcc9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9?source=api-prod","cve":"CVE-2022-38134","affectedVersions":"<=5.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a0e80e63-f4f7-44cc-ae29-72e7847d7448/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0e80e63-f4f7-44cc-ae29-72e7847d7448"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=api-prod","cve":"CVE-2024-3243","affectedVersions":"<=5.46.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a851172f-3b27-4bc2-adc7-6863c2fd1c0a/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-15 17:40:07","sources":[{"name":"Wordfence","remoteId":"a851172f-3b27-4bc2-adc7-6863c2fd1c0a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a851172f-3b27-4bc2-adc7-6863c2fd1c0a?source=api-prod","cve":"CVE-2026-3355","affectedVersions":"<=5.101.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b243722e-6510-48bd-be26-95ccbe79fa57/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Cross-Site Request Forgery via manual review reminders\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b243722e-6510-48bd-be26-95ccbe79fa57"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b243722e-6510-48bd-be26-95ccbe79fa57?source=api-prod","affectedVersions":"<5.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3489038-2833-4080-b802-5733afab5de8/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3489038-2833-4080-b802-5733afab5de8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=api-prod","cve":"CVE-2024-3731","affectedVersions":"<=5.47.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c5429fb1-7072-4a00-8fb3-48d4f876417f/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5429fb1-7072-4a00-8fb3-48d4f876417f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f?source=api-prod","affectedVersions":"<5.36.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/c6e2710f-f51a-487d-a4bb-a19f614ff254/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via manual review reminders\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6e2710f-f51a-487d-a4bb-a19f614ff254"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6e2710f-f51a-487d-a4bb-a19f614ff254?source=api-prod","affectedVersions":"<5.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d60f3da1-1184-4629-880c-ce3893fb55a5/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"d60f3da1-1184-4629-880c-ce3893fb55a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5?source=api-prod","cve":"CVE-2023-45101","affectedVersions":"<=5.36.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6e7b44c-fe94-493b-846b-57c40e00d8fe/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6e7b44c-fe94-493b-846b-57c40e00d8fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6e7b44c-fe94-493b-846b-57c40e00d8fe?source=api-prod","cve":"CVE-2023-0080","affectedVersions":"<=5.15.0","severity":"high"},{"advisoryId":"WPSECADV/WF/e27224aa-56c4-49ab-b9b3-b431b38e126e/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"e27224aa-56c4-49ab-b9b3-b431b38e126e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=api-prod","cve":"CVE-2024-10614","affectedVersions":"<=5.61.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f00ef5c1-1025-489c-a294-a87e10afde2b/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"f00ef5c1-1025-489c-a294-a87e10afde2b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f00ef5c1-1025-489c-a294-a87e10afde2b?source=api-prod","cve":"CVE-2023-0079","affectedVersions":"<=5.16.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f72b7973-2599-4833-abe1-783e2a285165/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.110.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"f72b7973-2599-4833-abe1-783e2a285165"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f72b7973-2599-4833-abe1-783e2a285165?source=api-prod","cve":"CVE-2026-56043","affectedVersions":"<=5.110.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f8b34144-5516-46df-b093-95f4bf76b896/customer-reviews-woocommerce","title":"Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-12 00:17:35","sources":[{"name":"Wordfence","remoteId":"f8b34144-5516-46df-b093-95f4bf76b896"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8b34144-5516-46df-b093-95f4bf76b896?source=api-prod","cve":"CVE-2026-1316","affectedVersions":"<=5.97.0","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_646f6e6174696f6e2d746865726d6f6d65746572811c9dc5_gen.json b/internal/data/assets/plugin_646f6e6174696f6e2d746865726d6f6d65746572811c9dc5_gen.json index ee061c12..bed1510d 100644 --- a/internal/data/assets/plugin_646f6e6174696f6e2d746865726d6f6d65746572811c9dc5_gen.json +++ b/internal/data/assets/plugin_646f6e6174696f6e2d746865726d6f6d65746572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/49945253-b631-47b2-9cbd-42c9effc60f4/donation-thermometer","title":"Donation Thermometer <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"49945253-b631-47b2-9cbd-42c9effc60f4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49945253-b631-47b2-9cbd-42c9effc60f4?source=api-prod","cve":"CVE-2025-67550","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc67ff08-b660-477a-9457-b681cf0381f5/donation-thermometer","title":"Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc67ff08-b660-477a-9457-b681cf0381f5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc67ff08-b660-477a-9457-b681cf0381f5?source=api-prod","cve":"CVE-2022-3128","affectedVersions":"<=2.1.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/49945253-b631-47b2-9cbd-42c9effc60f4/donation-thermometer","title":"Donation Thermometer <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"49945253-b631-47b2-9cbd-42c9effc60f4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49945253-b631-47b2-9cbd-42c9effc60f4?source=api-prod","cve":"CVE-2025-67550","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/6f4835fb-72ae-498e-940e-b255a4c5ca0b/donation-thermometer","title":"Donation Thermometer <= 2.2.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f4835fb-72ae-498e-940e-b255a4c5ca0b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f4835fb-72ae-498e-940e-b255a4c5ca0b?source=api-prod","cve":"CVE-2025-64636","affectedVersions":"<=2.2.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc67ff08-b660-477a-9457-b681cf0381f5/donation-thermometer","title":"Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc67ff08-b660-477a-9457-b681cf0381f5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc67ff08-b660-477a-9457-b681cf0381f5?source=api-prod","cve":"CVE-2022-3128","affectedVersions":"<=2.1.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6561676c652d626f6f6b696e67811c9dc5_gen.json b/internal/data/assets/plugin_6561676c652d626f6f6b696e67811c9dc5_gen.json index 1d6e2343..0946364e 100644 --- a/internal/data/assets/plugin_6561676c652d626f6f6b696e67811c9dc5_gen.json +++ b/internal/data/assets/plugin_6561676c652d626f6f6b696e67811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/148573a1-ccdc-4515-8e49-b1b04911abcf/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"148573a1-ccdc-4515-8e49-b1b04911abcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/148573a1-ccdc-4515-8e49-b1b04911abcf?source=api-prod","cve":"CVE-2026-27428","affectedVersions":"<=1.3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6373a69d-5cf2-4174-9c02-0c137f8397b6/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"6373a69d-5cf2-4174-9c02-0c137f8397b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6373a69d-5cf2-4174-9c02-0c137f8397b6?source=api-prod","cve":"CVE-2025-68975","affectedVersions":"<=1.3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/67a4fbd1-0a1c-4f07-9608-682131ccbc4f/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Missing Authorization to Authenticated (Subscriber+) Settings Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"67a4fbd1-0a1c-4f07-9608-682131ccbc4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67a4fbd1-0a1c-4f07-9608-682131ccbc4f?source=api-prod","cve":"CVE-2025-68976","affectedVersions":"<=1.3.4.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/148573a1-ccdc-4515-8e49-b1b04911abcf/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"148573a1-ccdc-4515-8e49-b1b04911abcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/148573a1-ccdc-4515-8e49-b1b04911abcf?source=api-prod","cve":"CVE-2026-27428","affectedVersions":"<=1.3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6373a69d-5cf2-4174-9c02-0c137f8397b6/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"6373a69d-5cf2-4174-9c02-0c137f8397b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6373a69d-5cf2-4174-9c02-0c137f8397b6?source=api-prod","cve":"CVE-2025-68975","affectedVersions":"<=1.3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/67a4fbd1-0a1c-4f07-9608-682131ccbc4f/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Missing Authorization to Authenticated (Subscriber+) Settings Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"67a4fbd1-0a1c-4f07-9608-682131ccbc4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67a4fbd1-0a1c-4f07-9608-682131ccbc4f?source=api-prod","cve":"CVE-2025-68976","affectedVersions":"<=1.3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/e69a06a1-f1a2-4cb0-b8e5-fba850739b57/eagle-booking","title":"Eagle Booking <= 1.3.4.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"e69a06a1-f1a2-4cb0-b8e5-fba850739b57"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e69a06a1-f1a2-4cb0-b8e5-fba850739b57?source=api-prod","cve":"CVE-2025-68052","affectedVersions":"<=1.3.4.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_656469746f7269616c2d726174696e67811c9dc5_gen.json b/internal/data/assets/plugin_656469746f7269616c2d726174696e67811c9dc5_gen.json new file mode 100644 index 00000000..0cb97abe --- /dev/null +++ b/internal/data/assets/plugin_656469746f7269616c2d726174696e67811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/26c63d73-6ce2-4b3a-b0d9-29f7d9b368d5/editorial-rating","title":"Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 16:17:48","sources":[{"name":"Wordfence","remoteId":"26c63d73-6ce2-4b3a-b0d9-29f7d9b368d5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26c63d73-6ce2-4b3a-b0d9-29f7d9b368d5?source=api-prod","cve":"CVE-2026-12560","affectedVersions":"<=4.0.5","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6576656e747072696d652d6576656e742d63616c656e6461722d6d616e6167656d656e74811c9dc5_gen.json b/internal/data/assets/plugin_6576656e747072696d652d6576656e742d63616c656e6461722d6d616e6167656d656e74811c9dc5_gen.json index 13ca34a4..6bb6c8e3 100644 --- a/internal/data/assets/plugin_6576656e747072696d652d6576656e742d63616c656e6461722d6d616e6167656d656e74811c9dc5_gen.json +++ b/internal/data/assets/plugin_6576656e747072696d652d6576656e742d63616c656e6461722d6d616e6167656d656e74811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01a6cca8-cca9-4863-a879-20fdca23b334/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"01a6cca8-cca9-4863-a879-20fdca23b334"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01a6cca8-cca9-4863-a879-20fdca23b334?source=api-prod","cve":"CVE-2026-42686","affectedVersions":"<=4.3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/02461b79-d372-493f-9445-62b30b1db4cd/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"02461b79-d372-493f-9445-62b30b1db4cd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02461b79-d372-493f-9445-62b30b1db4cd?source=api-prod","cve":"CVE-2025-69358","affectedVersions":"<=4.2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/0aad7f55-d1f0-45f9-ba8b-74170c32374f/eventprime-event-calendar-management","title":"EventPrime <= 3.0.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0aad7f55-d1f0-45f9-ba8b-74170c32374f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0aad7f55-d1f0-45f9-ba8b-74170c32374f?source=api-prod","cve":"CVE-2023-35884","affectedVersions":"<=3.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e2a2769-1309-4aad-8411-4445efea2b66/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 19:22:53","sources":[{"name":"Wordfence","remoteId":"0e2a2769-1309-4aad-8411-4445efea2b66"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2a2769-1309-4aad-8411-4445efea2b66?source=api-prod","cve":"CVE-2026-1655","affectedVersions":"<=4.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/17cbcf67-f10d-41bc-acf7-98e5d99b50af/eventprime-event-calendar-management","title":"EventPrime <= 3.3.9 - Improper Input Validation via save_event_booking\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"17cbcf67-f10d-41bc-acf7-98e5d99b50af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17cbcf67-f10d-41bc-acf7-98e5d99b50af?source=api-prod","cve":"CVE-2024-24832","affectedVersions":"<=3.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/18ded977-5297-4b6f-b9f3-0567f995d08a/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"18ded977-5297-4b6f-b9f3-0567f995d08a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18ded977-5297-4b6f-b9f3-0567f995d08a?source=api-prod","cve":"CVE-2024-9865","affectedVersions":"<=4.0.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85/eventprime-event-calendar-management","title":"EventPrime <= 2.8.6 - Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85?source=api-prod","cve":"CVE-2023-33321","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/22479c6a-83ea-4c09-b192-4384ffbdcbf7/eventprime-event-calendar-management","title":"EventPrime <= 2.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"22479c6a-83ea-4c09-b192-4384ffbdcbf7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22479c6a-83ea-4c09-b192-4384ffbdcbf7?source=api-prod","cve":"CVE-2023-33326","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2be578d9-27c3-4a16-a634-1514ed97a1a2/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 11:33:35","sources":[{"name":"Wordfence","remoteId":"2be578d9-27c3-4a16-a634-1514ed97a1a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2be578d9-27c3-4a16-a634-1514ed97a1a2?source=api-prod","cve":"CVE-2024-13526","affectedVersions":"<=4.0.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/346049ca-1bc5-4e02-9f38-d1f64338709d/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"346049ca-1bc5-4e02-9f38-d1f64338709d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=api-prod","cve":"CVE-2024-1124","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/351926d4-a9be-4fbd-bdf2-8bbff41d97ef/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"351926d4-a9be-4fbd-bdf2-8bbff41d97ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=api-prod","cve":"CVE-2024-1123","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/35c7c089-6517-419e-8ba3-e6c2692fe1ae/eventprime-event-calendar-management","title":"EventPrime <= 4.0.4.5 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"35c7c089-6517-419e-8ba3-e6c2692fe1ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35c7c089-6517-419e-8ba3-e6c2692fe1ae?source=api-prod","cve":"CVE-2024-47648","affectedVersions":"<=4.0.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/399848fd-e9f6-40e4-bfeb-08f53eb511c6/eventprime-event-calendar-management","title":"EventPrime <= 3.1.5 - Reflected Cross-Site Scripting via 'event_id'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"399848fd-e9f6-40e4-bfeb-08f53eb511c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6?source=api-prod","cve":"CVE-2023-45637","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/39da62be-e630-48cd-b732-80ed3d337638/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"39da62be-e630-48cd-b732-80ed3d337638"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=api-prod","cve":"CVE-2024-1127","affectedVersions":"<=3.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/42aa82ff-0d37-4040-b8fc-84d29534a4b7/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-16 17:29:13","sources":[{"name":"Wordfence","remoteId":"42aa82ff-0d37-4040-b8fc-84d29534a4b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/42aa82ff-0d37-4040-b8fc-84d29534a4b7?source=api-prod","cve":"CVE-2026-1657","affectedVersions":"<=4.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b170ed1-72ee-40b6-9882-e978d630f6bb/eventprime-event-calendar-management","title":"EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b170ed1-72ee-40b6-9882-e978d630f6bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b170ed1-72ee-40b6-9882-e978d630f6bb?source=api-prod","cve":"CVE-2025-14507","affectedVersions":"<=4.2.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5124be64-6679-4dc5-8117-55c73ae91489/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 3.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5124be64-6679-4dc5-8117-55c73ae91489"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5124be64-6679-4dc5-8117-55c73ae91489?source=api-prod","affectedVersions":"<=3.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5baea929-0c46-4a43-b2af-367c0b5037bb/eventprime-event-calendar-management","title":"EventPrime <= 3.3.5 - Missing Authorization to Private Event Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5baea929-0c46-4a43-b2af-367c0b5037bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5baea929-0c46-4a43-b2af-367c0b5037bb?source=api-prod","cve":"CVE-2023-6447","affectedVersions":"<=3.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/67b36ed7-d7f4-4944-b721-219d1990971a/eventprime-event-calendar-management","title":"EventPrime <= 4.0.3.2 - Missing Authorization via calendar_event_create()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"67b36ed7-d7f4-4944-b721-219d1990971a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67b36ed7-d7f4-4944-b721-219d1990971a?source=api-prod","cve":"CVE-2024-43223","affectedVersions":"<=4.0.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/765d0933-8db2-471c-ad4e-e19d3b4ff015/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"765d0933-8db2-471c-ad4e-e19d3b4ff015"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=api-prod","cve":"CVE-2024-1321","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/766e34a9-ed95-4049-ba48-0bf69134e4ba/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Reflected Cross-Site Scripting via keyword and ep_filter_date\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"766e34a9-ed95-4049-ba48-0bf69134e4ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/766e34a9-ed95-4049-ba48-0bf69134e4ba?source=api-prod","cve":"CVE-2023-4250","affectedVersions":"<3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/77608ee4-1917-4b2c-8acf-5d6087c5ae7a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.0.0 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"77608ee4-1917-4b2c-8acf-5d6087c5ae7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/77608ee4-1917-4b2c-8acf-5d6087c5ae7a?source=api-prod","cve":"CVE-2026-39518","affectedVersions":"<=4.3.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/78e2001a-81e7-4fc6-a6cd-ee6afb4e4081/eventprime-event-calendar-management","title":"EventPrime <= 4.2.4.1 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"78e2001a-81e7-4fc6-a6cd-ee6afb4e4081"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/78e2001a-81e7-4fc6-a6cd-ee6afb4e4081?source=api-prod","cve":"CVE-2025-63007","affectedVersions":"<=4.2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/797118e9-2b15-42ae-ae14-b9efa3dbbbba/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"797118e9-2b15-42ae-ae14-b9efa3dbbbba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/797118e9-2b15-42ae-ae14-b9efa3dbbbba?source=api-prod","cve":"CVE-2026-24380","affectedVersions":"<=4.2.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b7c2644-5409-4a21-ba14-91475cb14cb2/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.3 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b7c2644-5409-4a21-ba14-91475cb14cb2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b7c2644-5409-4a21-ba14-91475cb14cb2?source=api-prod","cve":"CVE-2026-25389","affectedVersions":"<=4.2.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e82e1c5-0ed4-4dee-9990-976591693eb5/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e82e1c5-0ed4-4dee-9990-976591693eb5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=api-prod","cve":"CVE-2024-1320","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b42be8d-5637-497c-bb11-759dba21e934/eventprime-event-calendar-management","title":"EventPrime <= 4.2.4.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b42be8d-5637-497c-bb11-759dba21e934"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b42be8d-5637-497c-bb11-759dba21e934?source=api-prod","cve":"CVE-2025-63006","affectedVersions":"<=4.2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c076c46-c87c-4fb2-8e8e-b342c016e09a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.5.0 - Insecure Direct Object Reference to (Subscriber+) Arbitrary Booking Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c076c46-c87c-4fb2-8e8e-b342c016e09a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c076c46-c87c-4fb2-8e8e-b342c016e09a?source=api-prod","cve":"CVE-2024-4665","affectedVersions":"<=3.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/9516e64c-1959-4980-9a96-c6f5f1baa6f6/eventprime-event-calendar-management","title":"EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"9516e64c-1959-4980-9a96-c6f5f1baa6f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9516e64c-1959-4980-9a96-c6f5f1baa6f6?source=api-prod","cve":"CVE-2024-31275","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/97174ec0-a2b7-455e-9bf8-b6f51546beee/eventprime-event-calendar-management","title":"EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"97174ec0-a2b7-455e-9bf8-b6f51546beee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97174ec0-a2b7-455e-9bf8-b6f51546beee?source=api-prod","cve":"CVE-2024-8369","affectedVersions":"<=4.0.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/98ef80a3-4d57-45ae-87cf-d5768b26c27e/eventprime-event-calendar-management","title":"EventPrime <= 3.3.2 - Improper Server-Side Checks to Booking Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"98ef80a3-4d57-45ae-87cf-d5768b26c27e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98ef80a3-4d57-45ae-87cf-d5768b26c27e?source=api-prod","cve":"CVE-2023-4252","affectedVersions":"<=3.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9ca6f612-a777-4962-848b-2a81bf35ae4c/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"9ca6f612-a777-4962-848b-2a81bf35ae4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9ca6f612-a777-4962-848b-2a81bf35ae4c?source=api-prod","cve":"CVE-2026-42669","affectedVersions":"<=4.3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-16 20:40:44","sources":[{"name":"Wordfence","remoteId":"9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=api-prod","cve":"CVE-2024-12024","affectedVersions":"<=4.0.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/b3d71289-e5a3-4145-817f-c2cac8405202/eventprime-event-calendar-management","title":"EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3d71289-e5a3-4145-817f-c2cac8405202"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d71289-e5a3-4145-817f-c2cac8405202?source=api-prod","cve":"CVE-2024-29776","affectedVersions":"<=3.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=api-prod","cve":"CVE-2024-1125","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc2a66cb-ad13-428f-a25a-b2807450aa16/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc2a66cb-ad13-428f-a25a-b2807450aa16"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=api-prod","cve":"CVE-2024-9864","affectedVersions":"<=4.0.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c603bd67-2e14-45ed-bbff-1bcbd3c18425/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"c603bd67-2e14-45ed-bbff-1bcbd3c18425"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c603bd67-2e14-45ed-bbff-1bcbd3c18425?source=api-prod","cve":"CVE-2026-25312","affectedVersions":"<=4.2.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceebbad1-a239-485e-b021-5d4880f99f8a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.8.0 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceebbad1-a239-485e-b021-5d4880f99f8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceebbad1-a239-485e-b021-5d4880f99f8a?source=api-prod","cve":"CVE-2026-24378","affectedVersions":"<=4.2.8.0","severity":"high"},{"advisoryId":"WPSECADV/WF/d266b6ee-24ec-4363-a986-5ccd4db5ae3c/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"d266b6ee-24ec-4363-a986-5ccd4db5ae3c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=api-prod","cve":"CVE-2024-1126","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d32f7e98-8203-400e-bc26-4556ddba2510/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d32f7e98-8203-400e-bc26-4556ddba2510"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d32f7e98-8203-400e-bc26-4556ddba2510?source=api-prod","cve":"CVE-2025-12498","affectedVersions":"<=4.2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5be210c-9116-4529-90e3-70625a0c40ce/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5be210c-9116-4529-90e3-70625a0c40ce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5be210c-9116-4529-90e3-70625a0c40ce?source=api-prod","cve":"CVE-2026-42687","affectedVersions":"<=4.3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/e8ffdd43-b353-4296-bcb6-978751aae1b6/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8ffdd43-b353-4296-bcb6-978751aae1b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ffdd43-b353-4296-bcb6-978751aae1b6?source=api-prod","cve":"CVE-2023-4251","affectedVersions":"<3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ed881d06-e652-45ac-8f56-c2db9e403485/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Reflected HTML Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ed881d06-e652-45ac-8f56-c2db9e403485"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed881d06-e652-45ac-8f56-c2db9e403485?source=api-prod","cve":"CVE-2023-5238","affectedVersions":"<3.2.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01a6cca8-cca9-4863-a879-20fdca23b334/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"01a6cca8-cca9-4863-a879-20fdca23b334"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01a6cca8-cca9-4863-a879-20fdca23b334?source=api-prod","cve":"CVE-2026-42686","affectedVersions":"<=4.3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/02461b79-d372-493f-9445-62b30b1db4cd/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"02461b79-d372-493f-9445-62b30b1db4cd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02461b79-d372-493f-9445-62b30b1db4cd?source=api-prod","cve":"CVE-2025-69358","affectedVersions":"<=4.2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/0aad7f55-d1f0-45f9-ba8b-74170c32374f/eventprime-event-calendar-management","title":"EventPrime <= 3.0.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0aad7f55-d1f0-45f9-ba8b-74170c32374f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0aad7f55-d1f0-45f9-ba8b-74170c32374f?source=api-prod","cve":"CVE-2023-35884","affectedVersions":"<=3.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e2a2769-1309-4aad-8411-4445efea2b66/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 19:22:53","sources":[{"name":"Wordfence","remoteId":"0e2a2769-1309-4aad-8411-4445efea2b66"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2a2769-1309-4aad-8411-4445efea2b66?source=api-prod","cve":"CVE-2026-1655","affectedVersions":"<=4.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/17cbcf67-f10d-41bc-acf7-98e5d99b50af/eventprime-event-calendar-management","title":"EventPrime <= 3.3.9 - Improper Input Validation via save_event_booking\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"17cbcf67-f10d-41bc-acf7-98e5d99b50af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17cbcf67-f10d-41bc-acf7-98e5d99b50af?source=api-prod","cve":"CVE-2024-24832","affectedVersions":"<=3.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/18ded977-5297-4b6f-b9f3-0567f995d08a/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"18ded977-5297-4b6f-b9f3-0567f995d08a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18ded977-5297-4b6f-b9f3-0567f995d08a?source=api-prod","cve":"CVE-2024-9865","affectedVersions":"<=4.0.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85/eventprime-event-calendar-management","title":"EventPrime <= 2.8.6 - Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85?source=api-prod","cve":"CVE-2023-33321","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/22479c6a-83ea-4c09-b192-4384ffbdcbf7/eventprime-event-calendar-management","title":"EventPrime <= 2.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"22479c6a-83ea-4c09-b192-4384ffbdcbf7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22479c6a-83ea-4c09-b192-4384ffbdcbf7?source=api-prod","cve":"CVE-2023-33326","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2be578d9-27c3-4a16-a634-1514ed97a1a2/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 11:33:35","sources":[{"name":"Wordfence","remoteId":"2be578d9-27c3-4a16-a634-1514ed97a1a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2be578d9-27c3-4a16-a634-1514ed97a1a2?source=api-prod","cve":"CVE-2024-13526","affectedVersions":"<=4.0.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/346049ca-1bc5-4e02-9f38-d1f64338709d/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"346049ca-1bc5-4e02-9f38-d1f64338709d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=api-prod","cve":"CVE-2024-1124","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/351926d4-a9be-4fbd-bdf2-8bbff41d97ef/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"351926d4-a9be-4fbd-bdf2-8bbff41d97ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=api-prod","cve":"CVE-2024-1123","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/35c7c089-6517-419e-8ba3-e6c2692fe1ae/eventprime-event-calendar-management","title":"EventPrime <= 4.0.4.5 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"35c7c089-6517-419e-8ba3-e6c2692fe1ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35c7c089-6517-419e-8ba3-e6c2692fe1ae?source=api-prod","cve":"CVE-2024-47648","affectedVersions":"<=4.0.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/399848fd-e9f6-40e4-bfeb-08f53eb511c6/eventprime-event-calendar-management","title":"EventPrime <= 3.1.5 - Reflected Cross-Site Scripting via 'event_id'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"399848fd-e9f6-40e4-bfeb-08f53eb511c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6?source=api-prod","cve":"CVE-2023-45637","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/39da62be-e630-48cd-b732-80ed3d337638/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"39da62be-e630-48cd-b732-80ed3d337638"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=api-prod","cve":"CVE-2024-1127","affectedVersions":"<=3.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/42aa82ff-0d37-4040-b8fc-84d29534a4b7/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-16 17:29:13","sources":[{"name":"Wordfence","remoteId":"42aa82ff-0d37-4040-b8fc-84d29534a4b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/42aa82ff-0d37-4040-b8fc-84d29534a4b7?source=api-prod","cve":"CVE-2026-1657","affectedVersions":"<=4.2.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b170ed1-72ee-40b6-9882-e978d630f6bb/eventprime-event-calendar-management","title":"EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b170ed1-72ee-40b6-9882-e978d630f6bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b170ed1-72ee-40b6-9882-e978d630f6bb?source=api-prod","cve":"CVE-2025-14507","affectedVersions":"<=4.2.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5124be64-6679-4dc5-8117-55c73ae91489/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 3.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5124be64-6679-4dc5-8117-55c73ae91489"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5124be64-6679-4dc5-8117-55c73ae91489?source=api-prod","affectedVersions":"<=3.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5baea929-0c46-4a43-b2af-367c0b5037bb/eventprime-event-calendar-management","title":"EventPrime <= 3.3.5 - Missing Authorization to Private Event Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5baea929-0c46-4a43-b2af-367c0b5037bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5baea929-0c46-4a43-b2af-367c0b5037bb?source=api-prod","cve":"CVE-2023-6447","affectedVersions":"<=3.3.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/67b36ed7-d7f4-4944-b721-219d1990971a/eventprime-event-calendar-management","title":"EventPrime <= 4.0.3.2 - Missing Authorization via calendar_event_create()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"67b36ed7-d7f4-4944-b721-219d1990971a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67b36ed7-d7f4-4944-b721-219d1990971a?source=api-prod","cve":"CVE-2024-43223","affectedVersions":"<=4.0.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/765d0933-8db2-471c-ad4e-e19d3b4ff015/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"765d0933-8db2-471c-ad4e-e19d3b4ff015"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=api-prod","cve":"CVE-2024-1321","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/766e34a9-ed95-4049-ba48-0bf69134e4ba/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Reflected Cross-Site Scripting via keyword and ep_filter_date\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"766e34a9-ed95-4049-ba48-0bf69134e4ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/766e34a9-ed95-4049-ba48-0bf69134e4ba?source=api-prod","cve":"CVE-2023-4250","affectedVersions":"<3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/77608ee4-1917-4b2c-8acf-5d6087c5ae7a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.0.0 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"77608ee4-1917-4b2c-8acf-5d6087c5ae7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/77608ee4-1917-4b2c-8acf-5d6087c5ae7a?source=api-prod","cve":"CVE-2026-39518","affectedVersions":"<=4.3.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/78e2001a-81e7-4fc6-a6cd-ee6afb4e4081/eventprime-event-calendar-management","title":"EventPrime <= 4.2.4.1 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"78e2001a-81e7-4fc6-a6cd-ee6afb4e4081"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/78e2001a-81e7-4fc6-a6cd-ee6afb4e4081?source=api-prod","cve":"CVE-2025-63007","affectedVersions":"<=4.2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/797118e9-2b15-42ae-ae14-b9efa3dbbbba/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"797118e9-2b15-42ae-ae14-b9efa3dbbbba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/797118e9-2b15-42ae-ae14-b9efa3dbbbba?source=api-prod","cve":"CVE-2026-24380","affectedVersions":"<=4.2.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b7c2644-5409-4a21-ba14-91475cb14cb2/eventprime-event-calendar-management","title":"EventPrime <= 4.2.8.3 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b7c2644-5409-4a21-ba14-91475cb14cb2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b7c2644-5409-4a21-ba14-91475cb14cb2?source=api-prod","cve":"CVE-2026-25389","affectedVersions":"<=4.2.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e82e1c5-0ed4-4dee-9990-976591693eb5/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e82e1c5-0ed4-4dee-9990-976591693eb5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=api-prod","cve":"CVE-2024-1320","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b42be8d-5637-497c-bb11-759dba21e934/eventprime-event-calendar-management","title":"EventPrime <= 4.2.4.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b42be8d-5637-497c-bb11-759dba21e934"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b42be8d-5637-497c-bb11-759dba21e934?source=api-prod","cve":"CVE-2025-63006","affectedVersions":"<=4.2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c076c46-c87c-4fb2-8e8e-b342c016e09a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.5.0 - Insecure Direct Object Reference to (Subscriber+) Arbitrary Booking Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c076c46-c87c-4fb2-8e8e-b342c016e09a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c076c46-c87c-4fb2-8e8e-b342c016e09a?source=api-prod","cve":"CVE-2024-4665","affectedVersions":"<=3.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/9516e64c-1959-4980-9a96-c6f5f1baa6f6/eventprime-event-calendar-management","title":"EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"9516e64c-1959-4980-9a96-c6f5f1baa6f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9516e64c-1959-4980-9a96-c6f5f1baa6f6?source=api-prod","cve":"CVE-2024-31275","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/97174ec0-a2b7-455e-9bf8-b6f51546beee/eventprime-event-calendar-management","title":"EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"97174ec0-a2b7-455e-9bf8-b6f51546beee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97174ec0-a2b7-455e-9bf8-b6f51546beee?source=api-prod","cve":"CVE-2024-8369","affectedVersions":"<=4.0.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/98ef80a3-4d57-45ae-87cf-d5768b26c27e/eventprime-event-calendar-management","title":"EventPrime <= 3.3.2 - Improper Server-Side Checks to Booking Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"98ef80a3-4d57-45ae-87cf-d5768b26c27e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98ef80a3-4d57-45ae-87cf-d5768b26c27e?source=api-prod","cve":"CVE-2023-4252","affectedVersions":"<=3.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9ca6f612-a777-4962-848b-2a81bf35ae4c/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"9ca6f612-a777-4962-848b-2a81bf35ae4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9ca6f612-a777-4962-848b-2a81bf35ae4c?source=api-prod","cve":"CVE-2026-42669","affectedVersions":"<=4.3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-16 20:40:44","sources":[{"name":"Wordfence","remoteId":"9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=api-prod","cve":"CVE-2024-12024","affectedVersions":"<=4.0.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/ac3fbecc-43c5-42da-85c9-8a732be71503/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.4.1 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"ac3fbecc-43c5-42da-85c9-8a732be71503"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ac3fbecc-43c5-42da-85c9-8a732be71503?source=api-prod","cve":"CVE-2026-56053","affectedVersions":"<=4.3.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/b3d71289-e5a3-4145-817f-c2cac8405202/eventprime-event-calendar-management","title":"EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3d71289-e5a3-4145-817f-c2cac8405202"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d71289-e5a3-4145-817f-c2cac8405202?source=api-prod","cve":"CVE-2024-29776","affectedVersions":"<=3.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=api-prod","cve":"CVE-2024-1125","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc2a66cb-ad13-428f-a25a-b2807450aa16/eventprime-event-calendar-management","title":"EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc2a66cb-ad13-428f-a25a-b2807450aa16"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=api-prod","cve":"CVE-2024-9864","affectedVersions":"<=4.0.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c603bd67-2e14-45ed-bbff-1bcbd3c18425/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"c603bd67-2e14-45ed-bbff-1bcbd3c18425"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c603bd67-2e14-45ed-bbff-1bcbd3c18425?source=api-prod","cve":"CVE-2026-25312","affectedVersions":"<=4.2.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceebbad1-a239-485e-b021-5d4880f99f8a/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.8.0 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceebbad1-a239-485e-b021-5d4880f99f8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceebbad1-a239-485e-b021-5d4880f99f8a?source=api-prod","cve":"CVE-2026-24378","affectedVersions":"<=4.2.8.0","severity":"high"},{"advisoryId":"WPSECADV/WF/d266b6ee-24ec-4363-a986-5ccd4db5ae3c/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"d266b6ee-24ec-4363-a986-5ccd4db5ae3c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=api-prod","cve":"CVE-2024-1126","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d32f7e98-8203-400e-bc26-4556ddba2510/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d32f7e98-8203-400e-bc26-4556ddba2510"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d32f7e98-8203-400e-bc26-4556ddba2510?source=api-prod","cve":"CVE-2025-12498","affectedVersions":"<=4.2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5be210c-9116-4529-90e3-70625a0c40ce/eventprime-event-calendar-management","title":"EventPrime – Events Calendar, Bookings and Tickets <= 4.3.2.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5be210c-9116-4529-90e3-70625a0c40ce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5be210c-9116-4529-90e3-70625a0c40ce?source=api-prod","cve":"CVE-2026-42687","affectedVersions":"<=4.3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/e8ffdd43-b353-4296-bcb6-978751aae1b6/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8ffdd43-b353-4296-bcb6-978751aae1b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ffdd43-b353-4296-bcb6-978751aae1b6?source=api-prod","cve":"CVE-2023-4251","affectedVersions":"<3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ed881d06-e652-45ac-8f56-c2db9e403485/eventprime-event-calendar-management","title":"EventPrime < 3.2.0 - Reflected HTML Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ed881d06-e652-45ac-8f56-c2db9e403485"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed881d06-e652-45ac-8f56-c2db9e403485?source=api-prod","cve":"CVE-2023-5238","affectedVersions":"<3.2.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_657665726573742d666f726d73811c9dc5_gen.json b/internal/data/assets/plugin_657665726573742d666f726d73811c9dc5_gen.json index f8b1cf2d..e78bb2aa 100644 --- a/internal/data/assets/plugin_657665726573742d666f726d73811c9dc5_gen.json +++ b/internal/data/assets/plugin_657665726573742d666f726d73811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0e5617a2-5670-4d98-a36b-942f71634642/everest-forms","title":"Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e5617a2-5670-4d98-a36b-942f71634642"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=api-prod","cve":"CVE-2025-3439","affectedVersions":"<=3.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/131614fa-fcaa-4105-b3ce-9926a413dd42/everest-forms","title":"Everest Forms <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"131614fa-fcaa-4105-b3ce-9926a413dd42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/131614fa-fcaa-4105-b3ce-9926a413dd42?source=api-prod","cve":"CVE-2024-8542","affectedVersions":"<=3.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2693ae37-790d-4b18-a9ec-054c8c27b8bc/everest-forms","title":"Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 11:35:53","sources":[{"name":"Wordfence","remoteId":"2693ae37-790d-4b18-a9ec-054c8c27b8bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2693ae37-790d-4b18-a9ec-054c8c27b8bc?source=api-prod","cve":"CVE-2026-3296","affectedVersions":"<=3.4.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/381ec612-2086-4925-98cd-652a6c2ac081/everest-forms","title":"Everest Forms <= 2.0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"381ec612-2086-4925-98cd-652a6c2ac081"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/381ec612-2086-4925-98cd-652a6c2ac081?source=api-prod","cve":"CVE-2023-51695","affectedVersions":"<=2.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3d5256ea-61ba-4b2d-90d6-714176bc19aa/everest-forms","title":"Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms <= 1.4.9 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d5256ea-61ba-4b2d-90d6-714176bc19aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5256ea-61ba-4b2d-90d6-714176bc19aa?source=api-prod","cve":"CVE-2019-13575","affectedVersions":"<1.5.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/3db1d9a0-ea68-4979-a36d-864c649f7aca/everest-forms","title":"Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3db1d9a0-ea68-4979-a36d-864c649f7aca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3db1d9a0-ea68-4979-a36d-864c649f7aca?source=api-prod","cve":"CVE-2025-3422","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7f6f1c16-afd6-4c69-8988-70c6c0105748/everest-forms","title":"Everest Forms <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"7f6f1c16-afd6-4c69-8988-70c6c0105748"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f6f1c16-afd6-4c69-8988-70c6c0105748?source=api-prod","cve":"CVE-2024-10471","affectedVersions":"<=3.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8641eb53-6a9a-4549-b8ef-e37acbcc7f03/everest-forms","title":"Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 07:13:38","sources":[{"name":"Wordfence","remoteId":"8641eb53-6a9a-4549-b8ef-e37acbcc7f03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8641eb53-6a9a-4549-b8ef-e37acbcc7f03?source=api-prod","cve":"CVE-2026-5478","affectedVersions":"<=3.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/8b8c85f2-11c7-491f-9b91-0ddf4814e40d/everest-forms","title":"Everest Forms <= 3.4.1 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b8c85f2-11c7-491f-9b91-0ddf4814e40d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b8c85f2-11c7-491f-9b91-0ddf4814e40d?source=api-prod","cve":"CVE-2026-22422","affectedVersions":"<=3.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bced7df-3e1a-4d7b-9ad0-64be5e18900f/everest-forms","title":"Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 10:58:29","sources":[{"name":"Wordfence","remoteId":"8bced7df-3e1a-4d7b-9ad0-64be5e18900f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bced7df-3e1a-4d7b-9ad0-64be5e18900f?source=api-prod","cve":"CVE-2026-4888","affectedVersions":"<=3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c04d8c9-acad-4832-aa8a-8372c58a0387/everest-forms","title":"Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c04d8c9-acad-4832-aa8a-8372c58a0387"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c04d8c9-acad-4832-aa8a-8372c58a0387?source=api-prod","cve":"CVE-2025-1128","affectedVersions":"<=3.0.9.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/cc3d49c5-3054-4e1f-b571-6591a0b31d69/everest-forms","title":"Everest Forms <= 2.0.3 - Unauthorized Form Submission via Disabled Forms\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc3d49c5-3054-4e1f-b571-6591a0b31d69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc3d49c5-3054-4e1f-b571-6591a0b31d69?source=api-prod","cve":"CVE-2023-51377","affectedVersions":"<=2.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d4561441-d147-4c02-a837-c1656e17627d/everest-forms","title":"Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"d4561441-d147-4c02-a837-c1656e17627d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d4561441-d147-4c02-a837-c1656e17627d?source=api-prod","cve":"CVE-2024-1812","affectedVersions":"<=2.0.7","severity":"high"},{"advisoryId":"WPSECADV/WF/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1/everest-forms","title":"Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1?source=api-prod","cve":"CVE-2025-3421","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/db1f8575-aff7-43b3-83ed-8fd146914d0e/everest-forms","title":"Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"db1f8575-aff7-43b3-83ed-8fd146914d0e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db1f8575-aff7-43b3-83ed-8fd146914d0e?source=api-prod","cve":"CVE-2024-13125","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5d67eb3-c399-437e-a504-2ccdda7c7882/everest-forms","title":"Everest Forms <= 1.7.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5d67eb3-c399-437e-a504-2ccdda7c7882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d67eb3-c399-437e-a504-2ccdda7c7882?source=api-prod","cve":"CVE-2021-24907","affectedVersions":"<1.8.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0e5617a2-5670-4d98-a36b-942f71634642/everest-forms","title":"Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e5617a2-5670-4d98-a36b-942f71634642"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5617a2-5670-4d98-a36b-942f71634642?source=api-prod","cve":"CVE-2025-3439","affectedVersions":"<=3.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/131614fa-fcaa-4105-b3ce-9926a413dd42/everest-forms","title":"Everest Forms <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"131614fa-fcaa-4105-b3ce-9926a413dd42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/131614fa-fcaa-4105-b3ce-9926a413dd42?source=api-prod","cve":"CVE-2024-8542","affectedVersions":"<=3.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2693ae37-790d-4b18-a9ec-054c8c27b8bc/everest-forms","title":"Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 11:35:53","sources":[{"name":"Wordfence","remoteId":"2693ae37-790d-4b18-a9ec-054c8c27b8bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2693ae37-790d-4b18-a9ec-054c8c27b8bc?source=api-prod","cve":"CVE-2026-3296","affectedVersions":"<=3.4.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/381ec612-2086-4925-98cd-652a6c2ac081/everest-forms","title":"Everest Forms <= 2.0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"381ec612-2086-4925-98cd-652a6c2ac081"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/381ec612-2086-4925-98cd-652a6c2ac081?source=api-prod","cve":"CVE-2023-51695","affectedVersions":"<=2.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3d5256ea-61ba-4b2d-90d6-714176bc19aa/everest-forms","title":"Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms <= 1.4.9 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d5256ea-61ba-4b2d-90d6-714176bc19aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5256ea-61ba-4b2d-90d6-714176bc19aa?source=api-prod","cve":"CVE-2019-13575","affectedVersions":"<1.5.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/3db1d9a0-ea68-4979-a36d-864c649f7aca/everest-forms","title":"Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3db1d9a0-ea68-4979-a36d-864c649f7aca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3db1d9a0-ea68-4979-a36d-864c649f7aca?source=api-prod","cve":"CVE-2025-3422","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7f6f1c16-afd6-4c69-8988-70c6c0105748/everest-forms","title":"Everest Forms <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"7f6f1c16-afd6-4c69-8988-70c6c0105748"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f6f1c16-afd6-4c69-8988-70c6c0105748?source=api-prod","cve":"CVE-2024-10471","affectedVersions":"<=3.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8641eb53-6a9a-4549-b8ef-e37acbcc7f03/everest-forms","title":"Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 07:13:38","sources":[{"name":"Wordfence","remoteId":"8641eb53-6a9a-4549-b8ef-e37acbcc7f03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8641eb53-6a9a-4549-b8ef-e37acbcc7f03?source=api-prod","cve":"CVE-2026-5478","affectedVersions":"<=3.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/8b8c85f2-11c7-491f-9b91-0ddf4814e40d/everest-forms","title":"Everest Forms <= 3.4.1 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b8c85f2-11c7-491f-9b91-0ddf4814e40d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b8c85f2-11c7-491f-9b91-0ddf4814e40d?source=api-prod","cve":"CVE-2026-22422","affectedVersions":"<=3.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bced7df-3e1a-4d7b-9ad0-64be5e18900f/everest-forms","title":"Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 10:58:29","sources":[{"name":"Wordfence","remoteId":"8bced7df-3e1a-4d7b-9ad0-64be5e18900f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bced7df-3e1a-4d7b-9ad0-64be5e18900f?source=api-prod","cve":"CVE-2026-4888","affectedVersions":"<=3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c04d8c9-acad-4832-aa8a-8372c58a0387/everest-forms","title":"Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c04d8c9-acad-4832-aa8a-8372c58a0387"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c04d8c9-acad-4832-aa8a-8372c58a0387?source=api-prod","cve":"CVE-2025-1128","affectedVersions":"<=3.0.9.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/cc3d49c5-3054-4e1f-b571-6591a0b31d69/everest-forms","title":"Everest Forms <= 2.0.3 - Unauthorized Form Submission via Disabled Forms\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc3d49c5-3054-4e1f-b571-6591a0b31d69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc3d49c5-3054-4e1f-b571-6591a0b31d69?source=api-prod","cve":"CVE-2023-51377","affectedVersions":"<=2.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d4561441-d147-4c02-a837-c1656e17627d/everest-forms","title":"Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"d4561441-d147-4c02-a837-c1656e17627d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d4561441-d147-4c02-a837-c1656e17627d?source=api-prod","cve":"CVE-2024-1812","affectedVersions":"<=2.0.7","severity":"high"},{"advisoryId":"WPSECADV/WF/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1/everest-forms","title":"Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1?source=api-prod","cve":"CVE-2025-3421","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/db1f8575-aff7-43b3-83ed-8fd146914d0e/everest-forms","title":"Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"db1f8575-aff7-43b3-83ed-8fd146914d0e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db1f8575-aff7-43b3-83ed-8fd146914d0e?source=api-prod","cve":"CVE-2024-13125","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5d67eb3-c399-437e-a504-2ccdda7c7882/everest-forms","title":"Everest Forms <= 1.7.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5d67eb3-c399-437e-a504-2ccdda7c7882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d67eb3-c399-437e-a504-2ccdda7c7882?source=api-prod","cve":"CVE-2021-24907","affectedVersions":"<1.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f63bed1e-b5b1-4c95-9304-8656fa7176e9/everest-forms","title":"Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI <= 3.4.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"f63bed1e-b5b1-4c95-9304-8656fa7176e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f63bed1e-b5b1-4c95-9304-8656fa7176e9?source=api-prod","cve":"CVE-2026-57312","affectedVersions":"<=3.4.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6578636c75736976652d6164646f6e732d666f722d656c656d656e746f72811c9dc5_gen.json b/internal/data/assets/plugin_6578636c75736976652d6164646f6e732d666f722d656c656d656e746f72811c9dc5_gen.json index ae11b4eb..d81db70d 100644 --- a/internal/data/assets/plugin_6578636c75736976652d6164646f6e732d666f722d656c656d656e746f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_6578636c75736976652d6164646f6e732d666f722d656c656d656e746f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"1b87fe3d-a88d-477a-8d91-4d7c2dba4a43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=api-prod","cve":"CVE-2024-1234","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/206c5736-d9d9-4029-afdf-d76251cc81ac/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"206c5736-d9d9-4029-afdf-d76251cc81ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/206c5736-d9d9-4029-afdf-d76251cc81ac?source=api-prod","cve":"CVE-2024-3985","affectedVersions":"<=2.6.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/2bd53172-ddfa-481a-818d-626b9db6fe41/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"2bd53172-ddfa-481a-818d-626b9db6fe41"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2bd53172-ddfa-481a-818d-626b9db6fe41?source=api-prod","cve":"CVE-2024-2503","affectedVersions":"<=2.6.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=api-prod","cve":"CVE-2024-0823","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e82478c-e476-4cdf-ab72-f578331058e2/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-14 12:34:47","sources":[{"name":"Wordfence","remoteId":"2e82478c-e476-4cdf-ab72-f578331058e2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e82478c-e476-4cdf-ab72-f578331058e2?source=api-prod","cve":"CVE-2024-4618","affectedVersions":"<=2.6.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/3011b783-e4b4-45d2-81af-2f8d166a30ac/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"3011b783-e4b4-45d2-81af-2f8d166a30ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=api-prod","cve":"CVE-2024-2750","affectedVersions":"<=2.6.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3539fe09-c158-4146-9850-446bc32e7bec/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"3539fe09-c158-4146-9850-446bc32e7bec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3539fe09-c158-4146-9850-446bc32e7bec?source=api-prod","cve":"CVE-2024-49292","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/376c5091-7921-4470-acbf-44db53db38fc/exclusive-addons-for-elementor","title":"Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"376c5091-7921-4470-acbf-44db53db38fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-prod","cve":"CVE-2024-32110","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/4513d7f3-e941-4ea6-a64b-bef5b298f188/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"4513d7f3-e941-4ea6-a64b-bef5b298f188"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4513d7f3-e941-4ea6-a64b-bef5b298f188?source=api-prod","cve":"CVE-2025-48244","affectedVersions":"<=2.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"51d3d738-5c82-4f6b-b8f3-d5af5391b6f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6?source=api-prod","cve":"CVE-2025-7498","affectedVersions":"<=2.7.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/64792dd9-f16b-4929-a2ba-a6f53b2e975f/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"64792dd9-f16b-4929-a2ba-a6f53b2e975f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64792dd9-f16b-4929-a2ba-a6f53b2e975f?source=api-prod","cve":"CVE-2022-45067","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/6a12acf0-932e-4dff-9da6-9fbace11dbe1/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"6a12acf0-932e-4dff-9da6-9fbace11dbe1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=api-prod","cve":"CVE-2024-1414","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/75da181d-3162-448f-afb8-dc05748184f6/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"75da181d-3162-448f-afb8-dc05748184f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75da181d-3162-448f-afb8-dc05748184f6?source=api-prod","cve":"CVE-2024-30177","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/76b987f1-2524-498a-a02c-a3ca390026e1/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"76b987f1-2524-498a-a02c-a3ca390026e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76b987f1-2524-498a-a02c-a3ca390026e1?source=api-prod","cve":"CVE-2024-3489","affectedVersions":"<=2.6.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/84003388-c47c-41db-8d2d-4643aa375a89/exclusive-addons-for-elementor","title":"Appsero <= 1.2.1 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84003388-c47c-41db-8d2d-4643aa375a89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/925b0a86-ed23-471c-84e2-ae78a01b1876/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"925b0a86-ed23-471c-84e2-ae78a01b1876"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=api-prod","cve":"CVE-2024-0824","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/a8c547cc-2820-4138-b042-a0ec2e7f2fca/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"a8c547cc-2820-4138-b042-a0ec2e7f2fca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=api-prod","cve":"CVE-2024-5332","affectedVersions":"<=2.6.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe?source=api-prod","cve":"CVE-2024-30232","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/d44ecf8a-d19a-403a-96c7-89e223a5cc22/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d44ecf8a-d19a-403a-96c7-89e223a5cc22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=api-prod","cve":"CVE-2024-2028","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/dc931943-13f3-4ab1-b70f-c234253ca269/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"dc931943-13f3-4ab1-b70f-c234253ca269"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269?source=api-prod","cve":"CVE-2024-10312","affectedVersions":"<=2.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd2ec0b3-2784-4506-99f4-05187527fe6d/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 18:56:22","sources":[{"name":"Wordfence","remoteId":"dd2ec0b3-2784-4506-99f4-05187527fe6d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd2ec0b3-2784-4506-99f4-05187527fe6d?source=api-prod","cve":"CVE-2025-1571","affectedVersions":"<=2.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e869800a-6fbc-4a1a-97fd-92ecbf3305ff/exclusive-addons-for-elementor","title":"Appsero <= 1.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e869800a-6fbc-4a1a-97fd-92ecbf3305ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod","cve":"CVE-2022-47150","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e9ad2dff-0c6d-4d91-a35d-803b97def01f/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"e9ad2dff-0c6d-4d91-a35d-803b97def01f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=api-prod","cve":"CVE-2024-2751","affectedVersions":"<=2.6.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/eae9b960-36b1-4b83-855a-d1beaa60a93f/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"eae9b960-36b1-4b83-855a-d1beaa60a93f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eae9b960-36b1-4b83-855a-d1beaa60a93f?source=api-prod","cve":"CVE-2024-33914","affectedVersions":"<=2.6.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-26 10:52:00","sources":[{"name":"Wordfence","remoteId":"ec41956f-eefc-4c8b-ade1-2a3a0f3d86df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df?source=api-prod","cve":"CVE-2025-4783","affectedVersions":"<=2.7.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f40956e0-6e5c-4965-84f8-2420ad14a299/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"f40956e0-6e5c-4965-84f8-2420ad14a299"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=api-prod","cve":"CVE-2024-1413","affectedVersions":"<=2.6.9","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"1b87fe3d-a88d-477a-8d91-4d7c2dba4a43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=api-prod","cve":"CVE-2024-1234","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/206c5736-d9d9-4029-afdf-d76251cc81ac/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"206c5736-d9d9-4029-afdf-d76251cc81ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/206c5736-d9d9-4029-afdf-d76251cc81ac?source=api-prod","cve":"CVE-2024-3985","affectedVersions":"<=2.6.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/2bd53172-ddfa-481a-818d-626b9db6fe41/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"2bd53172-ddfa-481a-818d-626b9db6fe41"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2bd53172-ddfa-481a-818d-626b9db6fe41?source=api-prod","cve":"CVE-2024-2503","affectedVersions":"<=2.6.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=api-prod","cve":"CVE-2024-0823","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e82478c-e476-4cdf-ab72-f578331058e2/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-14 12:34:47","sources":[{"name":"Wordfence","remoteId":"2e82478c-e476-4cdf-ab72-f578331058e2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e82478c-e476-4cdf-ab72-f578331058e2?source=api-prod","cve":"CVE-2024-4618","affectedVersions":"<=2.6.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/3011b783-e4b4-45d2-81af-2f8d166a30ac/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"3011b783-e4b4-45d2-81af-2f8d166a30ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=api-prod","cve":"CVE-2024-2750","affectedVersions":"<=2.6.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3539fe09-c158-4146-9850-446bc32e7bec/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"3539fe09-c158-4146-9850-446bc32e7bec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3539fe09-c158-4146-9850-446bc32e7bec?source=api-prod","cve":"CVE-2024-49292","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/376c5091-7921-4470-acbf-44db53db38fc/exclusive-addons-for-elementor","title":"Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"376c5091-7921-4470-acbf-44db53db38fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-prod","cve":"CVE-2024-32110","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/4513d7f3-e941-4ea6-a64b-bef5b298f188/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"4513d7f3-e941-4ea6-a64b-bef5b298f188"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4513d7f3-e941-4ea6-a64b-bef5b298f188?source=api-prod","cve":"CVE-2025-48244","affectedVersions":"<=2.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"51d3d738-5c82-4f6b-b8f3-d5af5391b6f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6?source=api-prod","cve":"CVE-2025-7498","affectedVersions":"<=2.7.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/64792dd9-f16b-4929-a2ba-a6f53b2e975f/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"64792dd9-f16b-4929-a2ba-a6f53b2e975f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64792dd9-f16b-4929-a2ba-a6f53b2e975f?source=api-prod","cve":"CVE-2022-45067","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/6a12acf0-932e-4dff-9da6-9fbace11dbe1/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"6a12acf0-932e-4dff-9da6-9fbace11dbe1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=api-prod","cve":"CVE-2024-1414","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/75da181d-3162-448f-afb8-dc05748184f6/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"75da181d-3162-448f-afb8-dc05748184f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75da181d-3162-448f-afb8-dc05748184f6?source=api-prod","cve":"CVE-2024-30177","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/76b987f1-2524-498a-a02c-a3ca390026e1/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"76b987f1-2524-498a-a02c-a3ca390026e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76b987f1-2524-498a-a02c-a3ca390026e1?source=api-prod","cve":"CVE-2024-3489","affectedVersions":"<=2.6.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7fd2e4ab-61a2-4a92-b11e-746ef64f2f2a/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7fd2e4ab-61a2-4a92-b11e-746ef64f2f2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd2e4ab-61a2-4a92-b11e-746ef64f2f2a?source=api-prod","cve":"CVE-2026-57620","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/84003388-c47c-41db-8d2d-4643aa375a89/exclusive-addons-for-elementor","title":"Appsero <= 1.2.1 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84003388-c47c-41db-8d2d-4643aa375a89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/925b0a86-ed23-471c-84e2-ae78a01b1876/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"925b0a86-ed23-471c-84e2-ae78a01b1876"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=api-prod","cve":"CVE-2024-0824","affectedVersions":"<=2.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/a8c547cc-2820-4138-b042-a0ec2e7f2fca/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"a8c547cc-2820-4138-b042-a0ec2e7f2fca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=api-prod","cve":"CVE-2024-5332","affectedVersions":"<=2.6.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe?source=api-prod","cve":"CVE-2024-30232","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/d44ecf8a-d19a-403a-96c7-89e223a5cc22/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d44ecf8a-d19a-403a-96c7-89e223a5cc22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=api-prod","cve":"CVE-2024-2028","affectedVersions":"<=2.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/dc931943-13f3-4ab1-b70f-c234253ca269/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"dc931943-13f3-4ab1-b70f-c234253ca269"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269?source=api-prod","cve":"CVE-2024-10312","affectedVersions":"<=2.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd2ec0b3-2784-4506-99f4-05187527fe6d/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 18:56:22","sources":[{"name":"Wordfence","remoteId":"dd2ec0b3-2784-4506-99f4-05187527fe6d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd2ec0b3-2784-4506-99f4-05187527fe6d?source=api-prod","cve":"CVE-2025-1571","affectedVersions":"<=2.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e869800a-6fbc-4a1a-97fd-92ecbf3305ff/exclusive-addons-for-elementor","title":"Appsero <= 1.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e869800a-6fbc-4a1a-97fd-92ecbf3305ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod","cve":"CVE-2022-47150","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e9ad2dff-0c6d-4d91-a35d-803b97def01f/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"e9ad2dff-0c6d-4d91-a35d-803b97def01f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=api-prod","cve":"CVE-2024-2751","affectedVersions":"<=2.6.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/eae9b960-36b1-4b83-855a-d1beaa60a93f/exclusive-addons-for-elementor","title":"Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"eae9b960-36b1-4b83-855a-d1beaa60a93f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eae9b960-36b1-4b83-855a-d1beaa60a93f?source=api-prod","cve":"CVE-2024-33914","affectedVersions":"<=2.6.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-26 10:52:00","sources":[{"name":"Wordfence","remoteId":"ec41956f-eefc-4c8b-ade1-2a3a0f3d86df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df?source=api-prod","cve":"CVE-2025-4783","affectedVersions":"<=2.7.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f40956e0-6e5c-4965-84f8-2420ad14a299/exclusive-addons-for-elementor","title":"Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"f40956e0-6e5c-4965-84f8-2420ad14a299"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=api-prod","cve":"CVE-2024-1413","affectedVersions":"<=2.6.9","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6578706f72742d757365722d64617461811c9dc5_gen.json b/internal/data/assets/plugin_6578706f72742d757365722d64617461811c9dc5_gen.json new file mode 100644 index 00000000..aa1209fe --- /dev/null +++ b/internal/data/assets/plugin_6578706f72742d757365722d64617461811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/39f12ff1-63ee-4131-a708-49633f22ccd4/export-user-data","title":"Export User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 18:15:59","sources":[{"name":"Wordfence","remoteId":"39f12ff1-63ee-4131-a708-49633f22ccd4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39f12ff1-63ee-4131-a708-49633f22ccd4?source=api-prod","cve":"CVE-2026-12240","affectedVersions":"<=2.2.6","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_66656174757265642d696d616765811c9dc5_gen.json b/internal/data/assets/plugin_66656174757265642d696d616765811c9dc5_gen.json index 1ccd89dc..22f20be9 100644 --- a/internal/data/assets/plugin_66656174757265642d696d616765811c9dc5_gen.json +++ b/internal/data/assets/plugin_66656174757265642d696d616765811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/fa16605a-12bd-48a8-b9a9-db53bf3c2c39/featured-image","title":"Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-10 15:23:26","sources":[{"name":"Wordfence","remoteId":"fa16605a-12bd-48a8-b9a9-db53bf3c2c39"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa16605a-12bd-48a8-b9a9-db53bf3c2c39?source=api-prod","cve":"CVE-2025-12019","affectedVersions":"<=2.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/9f65661b-be33-4a84-9432-7f1ff7fd722c/featured-image","title":"Featured Image <= 2.1 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"9f65661b-be33-4a84-9432-7f1ff7fd722c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f65661b-be33-4a84-9432-7f1ff7fd722c?source=api-prod","cve":"CVE-2026-57431","affectedVersions":"<=2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/fa16605a-12bd-48a8-b9a9-db53bf3c2c39/featured-image","title":"Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-10 15:23:26","sources":[{"name":"Wordfence","remoteId":"fa16605a-12bd-48a8-b9a9-db53bf3c2c39"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa16605a-12bd-48a8-b9a9-db53bf3c2c39?source=api-prod","cve":"CVE-2025-12019","affectedVersions":"<=2.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_666c75656e742d626f6f6b696e67811c9dc5_gen.json b/internal/data/assets/plugin_666c75656e742d626f6f6b696e67811c9dc5_gen.json index adb92503..d5dc9725 100644 --- a/internal/data/assets/plugin_666c75656e742d626f6f6b696e67811c9dc5_gen.json +++ b/internal/data/assets/plugin_666c75656e742d626f6f6b696e67811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/23689d5e-46a4-4387-8f49-1bf9a5e7c550/fluent-booking","title":"Fluent Booking <= 1.9.11 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"23689d5e-46a4-4387-8f49-1bf9a5e7c550"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23689d5e-46a4-4387-8f49-1bf9a5e7c550?source=api-prod","cve":"CVE-2025-67597","affectedVersions":"<=1.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/37441cc0-c43c-40e4-a170-1be59e112272/fluent-booking","title":"Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"37441cc0-c43c-40e4-a170-1be59e112272"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37441cc0-c43c-40e4-a170-1be59e112272?source=api-prod","cve":"CVE-2026-2231","affectedVersions":"<=2.0.01","severity":"high"},{"advisoryId":"WPSECADV/WF/7860dfa8-de76-4ca3-bd80-98550afab56b/fluent-booking","title":"Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-03 00:41:01","sources":[{"name":"Wordfence","remoteId":"7860dfa8-de76-4ca3-bd80-98550afab56b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7860dfa8-de76-4ca3-bd80-98550afab56b?source=api-prod","cve":"CVE-2025-13756","affectedVersions":"<=1.9.11","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/23689d5e-46a4-4387-8f49-1bf9a5e7c550/fluent-booking","title":"Fluent Booking <= 1.9.11 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"23689d5e-46a4-4387-8f49-1bf9a5e7c550"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23689d5e-46a4-4387-8f49-1bf9a5e7c550?source=api-prod","cve":"CVE-2025-67597","affectedVersions":"<=1.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/37441cc0-c43c-40e4-a170-1be59e112272/fluent-booking","title":"Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"37441cc0-c43c-40e4-a170-1be59e112272"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37441cc0-c43c-40e4-a170-1be59e112272?source=api-prod","cve":"CVE-2026-2231","affectedVersions":"<=2.0.01","severity":"high"},{"advisoryId":"WPSECADV/WF/7860dfa8-de76-4ca3-bd80-98550afab56b/fluent-booking","title":"Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-03 00:41:01","sources":[{"name":"Wordfence","remoteId":"7860dfa8-de76-4ca3-bd80-98550afab56b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7860dfa8-de76-4ca3-bd80-98550afab56b?source=api-prod","cve":"CVE-2025-13756","affectedVersions":"<=1.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/c0eef272-4e17-4bc9-aa9f-90da55795aea/fluent-booking","title":"Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"c0eef272-4e17-4bc9-aa9f-90da55795aea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c0eef272-4e17-4bc9-aa9f-90da55795aea?source=api-prod","cve":"CVE-2026-57638","affectedVersions":"<=2.1.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_666f726765742d61626f75742d73686f7274636f64652d627574746f6e73811c9dc5_gen.json b/internal/data/assets/plugin_666f726765742d61626f75742d73686f7274636f64652d627574746f6e73811c9dc5_gen.json index f2974f89..8c351177 100644 --- a/internal/data/assets/plugin_666f726765742d61626f75742d73686f7274636f64652d627574746f6e73811c9dc5_gen.json +++ b/internal/data/assets/plugin_666f726765742d61626f75742d73686f7274636f64652d627574746f6e73811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/212dd123-42d4-4dd2-a2e2-bf0c43e805bf/forget-about-shortcode-buttons","title":"Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"212dd123-42d4-4dd2-a2e2-bf0c43e805bf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/212dd123-42d4-4dd2-a2e2-bf0c43e805bf?source=api-prod","cve":"CVE-2023-32579","affectedVersions":"<=2.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03/forget-about-shortcode-buttons","title":"Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03?source=api-prod","cve":"CVE-2016-1000133","affectedVersions":"<=1.1.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/212dd123-42d4-4dd2-a2e2-bf0c43e805bf/forget-about-shortcode-buttons","title":"Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"212dd123-42d4-4dd2-a2e2-bf0c43e805bf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/212dd123-42d4-4dd2-a2e2-bf0c43e805bf?source=api-prod","cve":"CVE-2023-32579","affectedVersions":"<=2.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03/forget-about-shortcode-buttons","title":"Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-02-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03?source=api-prod","cve":"CVE-2016-1000133","affectedVersions":"<=1.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/fd2fed79-3ed2-4a05-b0b1-e902f53a1933/forget-about-shortcode-buttons","title":"Forget About Shortcode Buttons <= 2.1.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd2fed79-3ed2-4a05-b0b1-e902f53a1933"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd2fed79-3ed2-4a05-b0b1-e902f53a1933?source=api-prod","cve":"CVE-2025-63041","affectedVersions":"<=2.1.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_666f726d696e61746f72811c9dc5_gen.json b/internal/data/assets/plugin_666f726d696e61746f72811c9dc5_gen.json index 58045fc2..665e1df3 100644 --- a/internal/data/assets/plugin_666f726d696e61746f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_666f726d696e61746f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/00272fe2-52aa-4183-8b57-6b51ad57c657/forminator","title":"Forminator <= 1.24.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"00272fe2-52aa-4183-8b57-6b51ad57c657"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00272fe2-52aa-4183-8b57-6b51ad57c657?source=api-prod","cve":"CVE-2023-3134","affectedVersions":"<=1.24.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0d04b822-a48a-485e-b9b5-f5a213307c71/forminator","title":"Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d04b822-a48a-485e-b9b5-f5a213307c71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=api-prod","cve":"CVE-2024-7389","affectedVersions":"<=1.29.1","severity":"high"},{"advisoryId":"WPSECADV/WF/13cfa202-ab90-46c0-ab53-00995bfdcaa3/forminator","title":"Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"13cfa202-ab90-46c0-ab53-00995bfdcaa3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=api-prod","cve":"CVE-2023-6133","affectedVersions":"<=1.27.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/14043276-ba0a-4862-a1a7-00b4c372c5bc/forminator","title":"Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-26 16:21:30","sources":[{"name":"Wordfence","remoteId":"14043276-ba0a-4862-a1a7-00b4c372c5bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/14043276-ba0a-4862-a1a7-00b4c372c5bc?source=api-prod","cve":"CVE-2025-0469","affectedVersions":"=1.39.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/19439622-6396-4f10-ab71-aa243b6812fa/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"19439622-6396-4f10-ab71-aa243b6812fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19439622-6396-4f10-ab71-aa243b6812fa?source=api-prod","cve":"CVE-2024-3053","affectedVersions":"<=1.29.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1a6fbb60-811a-4763-b301-694bc8d387e7/forminator","title":"Forminator <= 1.29.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"1a6fbb60-811a-4763-b301-694bc8d387e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a6fbb60-811a-4763-b301-694bc8d387e7?source=api-prod","cve":"CVE-2024-29777","affectedVersions":"<=1.29.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/1afb94ab-b3ba-4598-8ff4-f9ffc6717371/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 17:34:23","sources":[{"name":"Wordfence","remoteId":"1afb94ab-b3ba-4598-8ff4-f9ffc6717371"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1afb94ab-b3ba-4598-8ff4-f9ffc6717371?source=api-prod","cve":"CVE-2026-2729","affectedVersions":"<=1.52.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/224233bc-68f3-40e4-8182-4831ccce93fb/forminator","title":"Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"224233bc-68f3-40e4-8182-4831ccce93fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/224233bc-68f3-40e4-8182-4831ccce93fb?source=api-prod","cve":"CVE-2024-31077","affectedVersions":"<=1.29.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/2283b147-b904-4086-8cb1-6d8969ccbaf6/forminator","title":"Forminator <= 1.50.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"2283b147-b904-4086-8cb1-6d8969ccbaf6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2283b147-b904-4086-8cb1-6d8969ccbaf6?source=api-prod","cve":"CVE-2026-32409","affectedVersions":"<=1.50.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/23feb72c-7e6f-436b-b56e-dc6185302d31/forminator","title":"Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"23feb72c-7e6f-436b-b56e-dc6185302d31"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31?source=api-prod","cve":"CVE-2024-1794","affectedVersions":"<=1.29.0","severity":"high"},{"advisoryId":"WPSECADV/WF/286df83a-d723-4443-b265-f91cf5abb385/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.38.2 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"286df83a-d723-4443-b265-f91cf5abb385"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/286df83a-d723-4443-b265-f91cf5abb385?source=api-prod","cve":"CVE-2024-7052","affectedVersions":"<=1.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2b28ddeb-44f5-4d19-b866-94fc2088ee6d/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 17:47:08","sources":[{"name":"Wordfence","remoteId":"2b28ddeb-44f5-4d19-b866-94fc2088ee6d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b28ddeb-44f5-4d19-b866-94fc2088ee6d?source=api-prod","cve":"CVE-2025-14782","affectedVersions":"<=1.49.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"2ef15cb1-b320-42d9-a2fd-afff2ec8a93b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/415bfddb-5223-439f-8a08-535f79631ff0/forminator","title":"Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-04 21:58:40","sources":[{"name":"Wordfence","remoteId":"415bfddb-5223-439f-8a08-535f79631ff0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/415bfddb-5223-439f-8a08-535f79631ff0?source=api-prod","cve":"CVE-2025-5341","affectedVersions":"<=1.44.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-16 16:02:17","sources":[{"name":"Wordfence","remoteId":"4ada2055-3c4a-4b6f-8803-2eac8ede5ec7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7?source=api-prod","cve":"CVE-2026-2002","affectedVersions":"<=1.50.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5039d63b-377d-435a-be31-4ae81ea30dd3/forminator","title":"Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 22:33:14","sources":[{"name":"Wordfence","remoteId":"5039d63b-377d-435a-be31-4ae81ea30dd3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5039d63b-377d-435a-be31-4ae81ea30dd3?source=api-prod","cve":"CVE-2025-3487","affectedVersions":"<=1.42.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5f5a1eb3-3fda-49de-aefb-2205c9ca3520/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-17 16:22:47","sources":[{"name":"Wordfence","remoteId":"5f5a1eb3-3fda-49de-aefb-2205c9ca3520"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f5a1eb3-3fda-49de-aefb-2205c9ca3520?source=api-prod","cve":"CVE-2025-7638","affectedVersions":"<=1.45.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/64e14944-db83-413f-82a3-cda594398c7e/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"64e14944-db83-413f-82a3-cda594398c7e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64e14944-db83-413f-82a3-cda594398c7e?source=api-prod","cve":"CVE-2024-45625","affectedVersions":"<=1.34.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6707aa4c-c652-42c0-bdb9-00be984e7271/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-01 17:04:22","sources":[{"name":"Wordfence","remoteId":"6707aa4c-c652-42c0-bdb9-00be984e7271"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6707aa4c-c652-42c0-bdb9-00be984e7271?source=api-prod","cve":"CVE-2025-6464","affectedVersions":"<=1.44.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6dc9b4cb-d36b-4693-a7b9-1dad123b6639/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-01 16:22:05","sources":[{"name":"Wordfence","remoteId":"6dc9b4cb-d36b-4693-a7b9-1dad123b6639"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc9b4cb-d36b-4693-a7b9-1dad123b6639?source=api-prod","cve":"CVE-2025-6463","affectedVersions":"<=1.44.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6f34b94f-ea72-4a42-abea-2f2eb565ffdd/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f34b94f-ea72-4a42-abea-2f2eb565ffdd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f34b94f-ea72-4a42-abea-2f2eb565ffdd?source=api-prod","cve":"CVE-2023-5119","affectedVersions":"<=1.26.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/718e54f5-f040-42d6-958d-255d905615d5/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"718e54f5-f040-42d6-958d-255d905615d5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/718e54f5-f040-42d6-958d-255d905615d5?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/788422c4-e070-48aa-a85d-a5d5a25a6a1d/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 17:49:05","sources":[{"name":"Wordfence","remoteId":"788422c4-e070-48aa-a85d-a5d5a25a6a1d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/788422c4-e070-48aa-a85d-a5d5a25a6a1d?source=api-prod","cve":"CVE-2026-5192","affectedVersions":"<=1.52.1","severity":"high"},{"advisoryId":"WPSECADV/WF/81e6e266-078a-4f4f-a335-c9d388f41ef2/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"81e6e266-078a-4f4f-a335-c9d388f41ef2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=api-prod","cve":"CVE-2024-9352","affectedVersions":"<=1.35.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8d89e3b7-d980-42bb-ab0c-d86ab174a69c/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8d89e3b7-d980-42bb-ab0c-d86ab174a69c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=api-prod","cve":"CVE-2024-9351","affectedVersions":"<=1.35.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/97cbf2d7-2fdc-4c10-872d-add54687dd9b/forminator","title":"Forminator <= 1.15.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"97cbf2d7-2fdc-4c10-872d-add54687dd9b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97cbf2d7-2fdc-4c10-872d-add54687dd9b?source=api-prod","cve":"CVE-2024-31857","affectedVersions":"<=1.15.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513/forminator","title":"Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=api-prod","cve":"CVE-2023-4596","affectedVersions":"<=1.24.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e/forminator","title":"Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e?source=api-prod","cve":"CVE-2021-24700","affectedVersions":"<1.15.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a40cb2da-dc13-4e20-9602-a4e6c2eade43/forminator","title":"Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a40cb2da-dc13-4e20-9602-a4e6c2eade43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a40cb2da-dc13-4e20-9602-a4e6c2eade43?source=api-prod","cve":"CVE-2023-2010","affectedVersions":"<=1.23.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/be1d9d2b-cbdf-4d62-85fe-2616eaf02848/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"be1d9d2b-cbdf-4d62-85fe-2616eaf02848"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=api-prod","cve":"CVE-2024-10402","affectedVersions":"<=1.35.1","severity":"high"},{"advisoryId":"WPSECADV/WF/c873c04e-516e-41ee-a295-b8c5235abc1b/forminator","title":"Forminator <= 1.42.0 - Order Replay Vulnerability\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 22:33:04","sources":[{"name":"Wordfence","remoteId":"c873c04e-516e-41ee-a295-b8c5235abc1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c873c04e-516e-41ee-a295-b8c5235abc1b?source=api-prod","cve":"CVE-2025-3479","affectedVersions":"<=1.42.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/cdee0cd8-b83b-4436-aebe-533f5af03ef1/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"cdee0cd8-b83b-4436-aebe-533f5af03ef1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=api-prod","cve":"CVE-2021-4417","affectedVersions":"<1.13.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/d0cb4434-94c5-42a9-bd86-869058dcbf67/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0cb4434-94c5-42a9-bd86-869058dcbf67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0cb4434-94c5-42a9-bd86-869058dcbf67?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7b8d42c-bceb-456e-a682-358e8df831e3/forminator","title":"Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 14:41:59","sources":[{"name":"Wordfence","remoteId":"d7b8d42c-bceb-456e-a682-358e8df831e3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b8d42c-bceb-456e-a682-358e8df831e3?source=api-prod","cve":"CVE-2026-6214","affectedVersions":"<=1.53.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e558100a-5866-4e7f-bae7-47a1f492ab27/forminator","title":"Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e558100a-5866-4e7f-bae7-47a1f492ab27"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e558100a-5866-4e7f-bae7-47a1f492ab27?source=api-prod","cve":"CVE-2021-36821","affectedVersions":"<1.14.12","severity":"high"},{"advisoryId":"WPSECADV/WF/e860aa70-b8ef-4b2a-a035-b01efce30a79/forminator","title":"Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 12:50:38","sources":[{"name":"Wordfence","remoteId":"e860aa70-b8ef-4b2a-a035-b01efce30a79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e860aa70-b8ef-4b2a-a035-b01efce30a79?source=api-prod","cve":"CVE-2026-6222","affectedVersions":"<=1.51.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00/forminator","title":"Forminator Plugin <= 1.5.4 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00?source=api-prod","cve":"CVE-2019-9567","affectedVersions":"<1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5281d4b-c2cd-4972-b837-e101a8893c6e/forminator","title":"Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-30 15:07:49","sources":[{"name":"Wordfence","remoteId":"f5281d4b-c2cd-4972-b837-e101a8893c6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5281d4b-c2cd-4972-b837-e101a8893c6e?source=api-prod","cve":"CVE-2025-0470","affectedVersions":"<=1.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f58d5464-b12d-4d01-985a-68854b0b2fdd/forminator","title":"Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f58d5464-b12d-4d01-985a-68854b0b2fdd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f58d5464-b12d-4d01-985a-68854b0b2fdd?source=api-prod","cve":"CVE-2024-28890","affectedVersions":"<=1.28.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef/forminator","title":"Forminator Plugin <= 1.5.3.1 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"f88286b9-16b2-42a9-b8c6-0a6fe6c136ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef?source=api-prod","cve":"CVE-2019-9568","affectedVersions":"<1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/fbed35ca-1630-46a4-8b1f-60cc7216f294/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"fbed35ca-1630-46a4-8b1f-60cc7216f294"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=api-prod","cve":"CVE-2024-9700","affectedVersions":"<=1.36.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/00272fe2-52aa-4183-8b57-6b51ad57c657/forminator","title":"Forminator <= 1.24.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"00272fe2-52aa-4183-8b57-6b51ad57c657"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00272fe2-52aa-4183-8b57-6b51ad57c657?source=api-prod","cve":"CVE-2023-3134","affectedVersions":"<=1.24.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0d04b822-a48a-485e-b9b5-f5a213307c71/forminator","title":"Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d04b822-a48a-485e-b9b5-f5a213307c71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=api-prod","cve":"CVE-2024-7389","affectedVersions":"<=1.29.1","severity":"high"},{"advisoryId":"WPSECADV/WF/13cfa202-ab90-46c0-ab53-00995bfdcaa3/forminator","title":"Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"13cfa202-ab90-46c0-ab53-00995bfdcaa3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=api-prod","cve":"CVE-2023-6133","affectedVersions":"<=1.27.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/14043276-ba0a-4862-a1a7-00b4c372c5bc/forminator","title":"Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-26 16:21:30","sources":[{"name":"Wordfence","remoteId":"14043276-ba0a-4862-a1a7-00b4c372c5bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/14043276-ba0a-4862-a1a7-00b4c372c5bc?source=api-prod","cve":"CVE-2025-0469","affectedVersions":"=1.39.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/19439622-6396-4f10-ab71-aa243b6812fa/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"19439622-6396-4f10-ab71-aa243b6812fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19439622-6396-4f10-ab71-aa243b6812fa?source=api-prod","cve":"CVE-2024-3053","affectedVersions":"<=1.29.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1a6fbb60-811a-4763-b301-694bc8d387e7/forminator","title":"Forminator <= 1.29.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"1a6fbb60-811a-4763-b301-694bc8d387e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a6fbb60-811a-4763-b301-694bc8d387e7?source=api-prod","cve":"CVE-2024-29777","affectedVersions":"<=1.29.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/1afb94ab-b3ba-4598-8ff4-f9ffc6717371/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 17:34:23","sources":[{"name":"Wordfence","remoteId":"1afb94ab-b3ba-4598-8ff4-f9ffc6717371"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1afb94ab-b3ba-4598-8ff4-f9ffc6717371?source=api-prod","cve":"CVE-2026-2729","affectedVersions":"<=1.52.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/224233bc-68f3-40e4-8182-4831ccce93fb/forminator","title":"Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"224233bc-68f3-40e4-8182-4831ccce93fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/224233bc-68f3-40e4-8182-4831ccce93fb?source=api-prod","cve":"CVE-2024-31077","affectedVersions":"<=1.29.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/2283b147-b904-4086-8cb1-6d8969ccbaf6/forminator","title":"Forminator <= 1.50.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"2283b147-b904-4086-8cb1-6d8969ccbaf6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2283b147-b904-4086-8cb1-6d8969ccbaf6?source=api-prod","cve":"CVE-2026-32409","affectedVersions":"<=1.50.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/23feb72c-7e6f-436b-b56e-dc6185302d31/forminator","title":"Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"23feb72c-7e6f-436b-b56e-dc6185302d31"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31?source=api-prod","cve":"CVE-2024-1794","affectedVersions":"<=1.29.0","severity":"high"},{"advisoryId":"WPSECADV/WF/286df83a-d723-4443-b265-f91cf5abb385/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.38.2 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"286df83a-d723-4443-b265-f91cf5abb385"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/286df83a-d723-4443-b265-f91cf5abb385?source=api-prod","cve":"CVE-2024-7052","affectedVersions":"<=1.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2b28ddeb-44f5-4d19-b866-94fc2088ee6d/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 17:47:08","sources":[{"name":"Wordfence","remoteId":"2b28ddeb-44f5-4d19-b866-94fc2088ee6d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b28ddeb-44f5-4d19-b866-94fc2088ee6d?source=api-prod","cve":"CVE-2025-14782","affectedVersions":"<=1.49.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"2ef15cb1-b320-42d9-a2fd-afff2ec8a93b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/415bfddb-5223-439f-8a08-535f79631ff0/forminator","title":"Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-04 21:58:40","sources":[{"name":"Wordfence","remoteId":"415bfddb-5223-439f-8a08-535f79631ff0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/415bfddb-5223-439f-8a08-535f79631ff0?source=api-prod","cve":"CVE-2025-5341","affectedVersions":"<=1.44.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-16 16:02:17","sources":[{"name":"Wordfence","remoteId":"4ada2055-3c4a-4b6f-8803-2eac8ede5ec7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7?source=api-prod","cve":"CVE-2026-2002","affectedVersions":"<=1.50.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5039d63b-377d-435a-be31-4ae81ea30dd3/forminator","title":"Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 22:33:14","sources":[{"name":"Wordfence","remoteId":"5039d63b-377d-435a-be31-4ae81ea30dd3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5039d63b-377d-435a-be31-4ae81ea30dd3?source=api-prod","cve":"CVE-2025-3487","affectedVersions":"<=1.42.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/504aff5b-5951-4d07-9ff0-e6f7cfe5dc32/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.53.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"504aff5b-5951-4d07-9ff0-e6f7cfe5dc32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/504aff5b-5951-4d07-9ff0-e6f7cfe5dc32?source=api-prod","cve":"CVE-2026-56071","affectedVersions":"<=1.53.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5f5a1eb3-3fda-49de-aefb-2205c9ca3520/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-17 16:22:47","sources":[{"name":"Wordfence","remoteId":"5f5a1eb3-3fda-49de-aefb-2205c9ca3520"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f5a1eb3-3fda-49de-aefb-2205c9ca3520?source=api-prod","cve":"CVE-2025-7638","affectedVersions":"<=1.45.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/64e14944-db83-413f-82a3-cda594398c7e/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"64e14944-db83-413f-82a3-cda594398c7e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64e14944-db83-413f-82a3-cda594398c7e?source=api-prod","cve":"CVE-2024-45625","affectedVersions":"<=1.34.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6707aa4c-c652-42c0-bdb9-00be984e7271/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-01 17:04:22","sources":[{"name":"Wordfence","remoteId":"6707aa4c-c652-42c0-bdb9-00be984e7271"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6707aa4c-c652-42c0-bdb9-00be984e7271?source=api-prod","cve":"CVE-2025-6464","affectedVersions":"<=1.44.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6dc9b4cb-d36b-4693-a7b9-1dad123b6639/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-01 16:22:05","sources":[{"name":"Wordfence","remoteId":"6dc9b4cb-d36b-4693-a7b9-1dad123b6639"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc9b4cb-d36b-4693-a7b9-1dad123b6639?source=api-prod","cve":"CVE-2025-6463","affectedVersions":"<=1.44.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6f34b94f-ea72-4a42-abea-2f2eb565ffdd/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"6f34b94f-ea72-4a42-abea-2f2eb565ffdd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f34b94f-ea72-4a42-abea-2f2eb565ffdd?source=api-prod","cve":"CVE-2023-5119","affectedVersions":"<=1.26.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/718e54f5-f040-42d6-958d-255d905615d5/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"718e54f5-f040-42d6-958d-255d905615d5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/718e54f5-f040-42d6-958d-255d905615d5?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/788422c4-e070-48aa-a85d-a5d5a25a6a1d/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 17:49:05","sources":[{"name":"Wordfence","remoteId":"788422c4-e070-48aa-a85d-a5d5a25a6a1d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/788422c4-e070-48aa-a85d-a5d5a25a6a1d?source=api-prod","cve":"CVE-2026-5192","affectedVersions":"<=1.52.1","severity":"high"},{"advisoryId":"WPSECADV/WF/81e6e266-078a-4f4f-a335-c9d388f41ef2/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"81e6e266-078a-4f4f-a335-c9d388f41ef2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=api-prod","cve":"CVE-2024-9352","affectedVersions":"<=1.35.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8d89e3b7-d980-42bb-ab0c-d86ab174a69c/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8d89e3b7-d980-42bb-ab0c-d86ab174a69c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=api-prod","cve":"CVE-2024-9351","affectedVersions":"<=1.35.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/97cbf2d7-2fdc-4c10-872d-add54687dd9b/forminator","title":"Forminator <= 1.15.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"97cbf2d7-2fdc-4c10-872d-add54687dd9b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97cbf2d7-2fdc-4c10-872d-add54687dd9b?source=api-prod","cve":"CVE-2024-31857","affectedVersions":"<=1.15.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513/forminator","title":"Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=api-prod","cve":"CVE-2023-4596","affectedVersions":"<=1.24.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e/forminator","title":"Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e?source=api-prod","cve":"CVE-2021-24700","affectedVersions":"<1.15.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a40cb2da-dc13-4e20-9602-a4e6c2eade43/forminator","title":"Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a40cb2da-dc13-4e20-9602-a4e6c2eade43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a40cb2da-dc13-4e20-9602-a4e6c2eade43?source=api-prod","cve":"CVE-2023-2010","affectedVersions":"<=1.23.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/be1d9d2b-cbdf-4d62-85fe-2616eaf02848/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"be1d9d2b-cbdf-4d62-85fe-2616eaf02848"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=api-prod","cve":"CVE-2024-10402","affectedVersions":"<=1.35.1","severity":"high"},{"advisoryId":"WPSECADV/WF/c873c04e-516e-41ee-a295-b8c5235abc1b/forminator","title":"Forminator <= 1.42.0 - Order Replay Vulnerability\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 22:33:04","sources":[{"name":"Wordfence","remoteId":"c873c04e-516e-41ee-a295-b8c5235abc1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c873c04e-516e-41ee-a295-b8c5235abc1b?source=api-prod","cve":"CVE-2025-3479","affectedVersions":"<=1.42.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/cdee0cd8-b83b-4436-aebe-533f5af03ef1/forminator","title":"Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"cdee0cd8-b83b-4436-aebe-533f5af03ef1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=api-prod","cve":"CVE-2021-4417","affectedVersions":"<1.13.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/d0cb4434-94c5-42a9-bd86-869058dcbf67/forminator","title":"Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0cb4434-94c5-42a9-bd86-869058dcbf67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0cb4434-94c5-42a9-bd86-869058dcbf67?source=api-prod","affectedVersions":"<=1.22.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7b8d42c-bceb-456e-a682-358e8df831e3/forminator","title":"Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 14:41:59","sources":[{"name":"Wordfence","remoteId":"d7b8d42c-bceb-456e-a682-358e8df831e3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b8d42c-bceb-456e-a682-358e8df831e3?source=api-prod","cve":"CVE-2026-6214","affectedVersions":"<=1.53.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e558100a-5866-4e7f-bae7-47a1f492ab27/forminator","title":"Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e558100a-5866-4e7f-bae7-47a1f492ab27"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e558100a-5866-4e7f-bae7-47a1f492ab27?source=api-prod","cve":"CVE-2021-36821","affectedVersions":"<1.14.12","severity":"high"},{"advisoryId":"WPSECADV/WF/e860aa70-b8ef-4b2a-a035-b01efce30a79/forminator","title":"Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 12:50:38","sources":[{"name":"Wordfence","remoteId":"e860aa70-b8ef-4b2a-a035-b01efce30a79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e860aa70-b8ef-4b2a-a035-b01efce30a79?source=api-prod","cve":"CVE-2026-6222","affectedVersions":"<=1.51.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00/forminator","title":"Forminator Plugin <= 1.5.4 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00?source=api-prod","cve":"CVE-2019-9567","affectedVersions":"<1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5281d4b-c2cd-4972-b837-e101a8893c6e/forminator","title":"Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-30 15:07:49","sources":[{"name":"Wordfence","remoteId":"f5281d4b-c2cd-4972-b837-e101a8893c6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5281d4b-c2cd-4972-b837-e101a8893c6e?source=api-prod","cve":"CVE-2025-0470","affectedVersions":"<=1.38.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f58d5464-b12d-4d01-985a-68854b0b2fdd/forminator","title":"Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f58d5464-b12d-4d01-985a-68854b0b2fdd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f58d5464-b12d-4d01-985a-68854b0b2fdd?source=api-prod","cve":"CVE-2024-28890","affectedVersions":"<=1.28.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef/forminator","title":"Forminator Plugin <= 1.5.3.1 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"f88286b9-16b2-42a9-b8c6-0a6fe6c136ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef?source=api-prod","cve":"CVE-2019-9568","affectedVersions":"<1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/fbed35ca-1630-46a4-8b1f-60cc7216f294/forminator","title":"Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"fbed35ca-1630-46a4-8b1f-60cc7216f294"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=api-prod","cve":"CVE-2024-9700","affectedVersions":"<=1.36.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_66756e6e656c2d6275696c646572811c9dc5_gen.json b/internal/data/assets/plugin_66756e6e656c2d6275696c646572811c9dc5_gen.json index 9a718c3a..494da4bf 100644 --- a/internal/data/assets/plugin_66756e6e656c2d6275696c646572811c9dc5_gen.json +++ b/internal/data/assets/plugin_66756e6e656c2d6275696c646572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0f54574f-e640-4cfb-b03e-fd23f3bd574b/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0f54574f-e640-4cfb-b03e-fd23f3bd574b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f54574f-e640-4cfb-b03e-fd23f3bd574b?source=api-prod","cve":"CVE-2025-26979","affectedVersions":"<=3.9.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/2b77703e-b3d3-4105-a162-0afe86d5b3eb/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b77703e-b3d3-4105-a162-0afe86d5b3eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b77703e-b3d3-4105-a162-0afe86d5b3eb?source=api-prod","cve":"CVE-2024-5192","affectedVersions":"<=3.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bfafa37-b28f-4951-9741-46046fb11a15/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.11.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bfafa37-b28f-4951-9741-46046fb11a15"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bfafa37-b28f-4951-9741-46046fb11a15?source=api-prod","cve":"CVE-2025-54750","affectedVersions":"<=3.11.1","severity":"high"},{"advisoryId":"WPSECADV/WF/4fd7af43-5b49-4c4c-a51c-0cce5529ea1b/funnel-builder","title":"FunnelKit <= 3.12.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"4fd7af43-5b49-4c4c-a51c-0cce5529ea1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd7af43-5b49-4c4c-a51c-0cce5529ea1b?source=api-prod","cve":"CVE-2025-10567","affectedVersions":"<=3.12.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6222d255-47cc-469a-850d-fc11d7860d75/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.10.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"6222d255-47cc-469a-850d-fc11d7860d75"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6222d255-47cc-469a-850d-fc11d7860d75?source=api-prod","cve":"CVE-2025-49034","affectedVersions":"<=3.10.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6f54053e-30ff-449b-b696-92d503011a4d/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 17:41:21","sources":[{"name":"Wordfence","remoteId":"6f54053e-30ff-449b-b696-92d503011a4d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f54053e-30ff-449b-b696-92d503011a4d?source=api-prod","cve":"CVE-2025-12878","affectedVersions":"<=3.13.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/86df2310-aad5-48ef-ad31-1b5dbcbccb44/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"86df2310-aad5-48ef-ad31-1b5dbcbccb44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86df2310-aad5-48ef-ad31-1b5dbcbccb44?source=api-prod","cve":"CVE-2026-48966","affectedVersions":"<=3.15.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/b1978b8f-d207-44e5-8ec0-f2c047192d02/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit <= 3.10.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b1978b8f-d207-44e5-8ec0-f2c047192d02"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1978b8f-d207-44e5-8ec0-f2c047192d02?source=api-prod","cve":"CVE-2025-2203","affectedVersions":"<=3.10.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc0983d7-6c7e-41cb-8997-578d362d9c9f/funnel-builder","title":"Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-18 18:57:21","sources":[{"name":"Wordfence","remoteId":"bc0983d7-6c7e-41cb-8997-578d362d9c9f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=api-prod","cve":"CVE-2025-7654","affectedVersions":"<=3.11.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/bf172a41-31dc-4864-9385-53decdc70aeb/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf172a41-31dc-4864-9385-53decdc70aeb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf172a41-31dc-4864-9385-53decdc70aeb?source=api-prod","cve":"CVE-2023-50856","affectedVersions":"<2.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d9022afe-0c79-413b-ac0a-a1d32ec09619/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9022afe-0c79-413b-ac0a-a1d32ec09619"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=api-prod","cve":"CVE-2024-6836","affectedVersions":"<=3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6df591d-110d-4b0f-a651-2efdb0f1e1f7/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6df591d-110d-4b0f-a651-2efdb0f1e1f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6df591d-110d-4b0f-a651-2efdb0f1e1f7?source=api-prod","cve":"CVE-2026-42381","affectedVersions":"<=3.15.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/fb19f920-0fd0-491e-9e87-62c828cad9b9/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 18:43:58","sources":[{"name":"Wordfence","remoteId":"fb19f920-0fd0-491e-9e87-62c828cad9b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb19f920-0fd0-491e-9e87-62c828cad9b9?source=api-prod","cve":"CVE-2025-14169","affectedVersions":"<=3.13.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/fc18643b-028f-46c5-b337-640de427ebdf/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"fc18643b-028f-46c5-b337-640de427ebdf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fc18643b-028f-46c5-b337-640de427ebdf?source=api-prod","cve":"CVE-2025-66067","affectedVersions":"<=3.13.1.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0f54574f-e640-4cfb-b03e-fd23f3bd574b/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0f54574f-e640-4cfb-b03e-fd23f3bd574b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f54574f-e640-4cfb-b03e-fd23f3bd574b?source=api-prod","cve":"CVE-2025-26979","affectedVersions":"<=3.9.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/2b77703e-b3d3-4105-a162-0afe86d5b3eb/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b77703e-b3d3-4105-a162-0afe86d5b3eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b77703e-b3d3-4105-a162-0afe86d5b3eb?source=api-prod","cve":"CVE-2024-5192","affectedVersions":"<=3.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bfafa37-b28f-4951-9741-46046fb11a15/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.11.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bfafa37-b28f-4951-9741-46046fb11a15"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bfafa37-b28f-4951-9741-46046fb11a15?source=api-prod","cve":"CVE-2025-54750","affectedVersions":"<=3.11.1","severity":"high"},{"advisoryId":"WPSECADV/WF/4fd7af43-5b49-4c4c-a51c-0cce5529ea1b/funnel-builder","title":"FunnelKit <= 3.12.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"4fd7af43-5b49-4c4c-a51c-0cce5529ea1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd7af43-5b49-4c4c-a51c-0cce5529ea1b?source=api-prod","cve":"CVE-2025-10567","affectedVersions":"<=3.12.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5300f1dc-d110-45d0-9e08-6339b12c2bdd/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.5 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"5300f1dc-d110-45d0-9e08-6339b12c2bdd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5300f1dc-d110-45d0-9e08-6339b12c2bdd?source=api-prod","cve":"CVE-2026-56052","affectedVersions":"<=3.15.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/6222d255-47cc-469a-850d-fc11d7860d75/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.10.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"6222d255-47cc-469a-850d-fc11d7860d75"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6222d255-47cc-469a-850d-fc11d7860d75?source=api-prod","cve":"CVE-2025-49034","affectedVersions":"<=3.10.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6f54053e-30ff-449b-b696-92d503011a4d/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 17:41:21","sources":[{"name":"Wordfence","remoteId":"6f54053e-30ff-449b-b696-92d503011a4d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f54053e-30ff-449b-b696-92d503011a4d?source=api-prod","cve":"CVE-2025-12878","affectedVersions":"<=3.13.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/86df2310-aad5-48ef-ad31-1b5dbcbccb44/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"86df2310-aad5-48ef-ad31-1b5dbcbccb44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86df2310-aad5-48ef-ad31-1b5dbcbccb44?source=api-prod","cve":"CVE-2026-48966","affectedVersions":"<=3.15.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/b1978b8f-d207-44e5-8ec0-f2c047192d02/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit <= 3.10.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b1978b8f-d207-44e5-8ec0-f2c047192d02"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1978b8f-d207-44e5-8ec0-f2c047192d02?source=api-prod","cve":"CVE-2025-2203","affectedVersions":"<=3.10.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc0983d7-6c7e-41cb-8997-578d362d9c9f/funnel-builder","title":"Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-18 18:57:21","sources":[{"name":"Wordfence","remoteId":"bc0983d7-6c7e-41cb-8997-578d362d9c9f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=api-prod","cve":"CVE-2025-7654","affectedVersions":"<=3.11.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/bf172a41-31dc-4864-9385-53decdc70aeb/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf172a41-31dc-4864-9385-53decdc70aeb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf172a41-31dc-4864-9385-53decdc70aeb?source=api-prod","cve":"CVE-2023-50856","affectedVersions":"<2.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d9022afe-0c79-413b-ac0a-a1d32ec09619/funnel-builder","title":"Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9022afe-0c79-413b-ac0a-a1d32ec09619"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=api-prod","cve":"CVE-2024-6836","affectedVersions":"<=3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6df591d-110d-4b0f-a651-2efdb0f1e1f7/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6df591d-110d-4b0f-a651-2efdb0f1e1f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6df591d-110d-4b0f-a651-2efdb0f1e1f7?source=api-prod","cve":"CVE-2026-42381","affectedVersions":"<=3.15.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/fb19f920-0fd0-491e-9e87-62c828cad9b9/funnel-builder","title":"FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 18:43:58","sources":[{"name":"Wordfence","remoteId":"fb19f920-0fd0-491e-9e87-62c828cad9b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb19f920-0fd0-491e-9e87-62c828cad9b9?source=api-prod","cve":"CVE-2025-14169","affectedVersions":"<=3.13.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/fc18643b-028f-46c5-b337-640de427ebdf/funnel-builder","title":"Funnel Builder by FunnelKit <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"fc18643b-028f-46c5-b337-640de427ebdf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fc18643b-028f-46c5-b337-640de427ebdf?source=api-prod","cve":"CVE-2025-66067","affectedVersions":"<=3.13.1.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_66756e6e656c6b69742d7374726970652d776f6f2d7061796d656e742d67617465776179811c9dc5_gen.json b/internal/data/assets/plugin_66756e6e656c6b69742d7374726970652d776f6f2d7061796d656e742d67617465776179811c9dc5_gen.json new file mode 100644 index 00000000..595d4968 --- /dev/null +++ b/internal/data/assets/plugin_66756e6e656c6b69742d7374726970652d776f6f2d7061796d656e742d67617465776179811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/c9d2431d-32ea-4f2d-9fce-bd44dc6680ba/funnelkit-stripe-woo-payment-gateway","title":"FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"c9d2431d-32ea-4f2d-9fce-bd44dc6680ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d2431d-32ea-4f2d-9fce-bd44dc6680ba?source=api-prod","cve":"CVE-2026-57635","affectedVersions":"<=1.14.0.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_67616c6c6572792d706c7567696e811c9dc5_gen.json b/internal/data/assets/plugin_67616c6c6572792d706c7567696e811c9dc5_gen.json index 07d3dd1b..f4782c9c 100644 --- a/internal/data/assets/plugin_67616c6c6572792d706c7567696e811c9dc5_gen.json +++ b/internal/data/assets/plugin_67616c6c6572792d706c7567696e811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/2a6d72d0-f262-46a1-91c7-1c34ab995614/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress < 4.5.0 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a6d72d0-f262-46a1-91c7-1c34ab995614"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6d72d0-f262-46a1-91c7-1c34ab995614?source=api-prod","affectedVersions":"<4.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3adf6b20-110f-4057-9fab-5248e9c18555/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"3adf6b20-110f-4057-9fab-5248e9c18555"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3adf6b20-110f-4057-9fab-5248e9c18555?source=api-prod","affectedVersions":"<=4.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c5559d-f9dd-43cf-8c8e-07188b4edf7f/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c5559d-f9dd-43cf-8c8e-07188b4edf7f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c5559d-f9dd-43cf-8c8e-07188b4edf7f?source=api-prod","cve":"CVE-2024-13906","affectedVersions":"<=4.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/94868d48-2d36-49f1-9da1-7965ecaeae3c/gallery-plugin","title":"Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"94868d48-2d36-49f1-9da1-7965ecaeae3c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c?source=api-prod","cve":"CVE-2023-0764","affectedVersions":"<=4.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/cbfbb06c-f048-4912-9ff7-59aa10bc96bd/gallery-plugin","title":"Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"cbfbb06c-f048-4912-9ff7-59aa10bc96bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd?source=api-prod","cve":"CVE-2023-0765","affectedVersions":"<=4.6.9","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/2a6d72d0-f262-46a1-91c7-1c34ab995614/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress < 4.5.0 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-04-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a6d72d0-f262-46a1-91c7-1c34ab995614"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6d72d0-f262-46a1-91c7-1c34ab995614?source=api-prod","affectedVersions":"<4.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3adf6b20-110f-4057-9fab-5248e9c18555/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"3adf6b20-110f-4057-9fab-5248e9c18555"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3adf6b20-110f-4057-9fab-5248e9c18555?source=api-prod","affectedVersions":"<=4.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c5559d-f9dd-43cf-8c8e-07188b4edf7f/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c5559d-f9dd-43cf-8c8e-07188b4edf7f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c5559d-f9dd-43cf-8c8e-07188b4edf7f?source=api-prod","cve":"CVE-2024-13906","affectedVersions":"<=4.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/94868d48-2d36-49f1-9da1-7965ecaeae3c/gallery-plugin","title":"Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"94868d48-2d36-49f1-9da1-7965ecaeae3c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c?source=api-prod","cve":"CVE-2023-0764","affectedVersions":"<=4.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/cbfbb06c-f048-4912-9ff7-59aa10bc96bd/gallery-plugin","title":"Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"cbfbb06c-f048-4912-9ff7-59aa10bc96bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd?source=api-prod","cve":"CVE-2023-0765","affectedVersions":"<=4.6.9","severity":"high"},{"advisoryId":"WPSECADV/WF/f0c5d1f4-6c6d-413b-8f0d-a6d36556dc4a/gallery-plugin","title":"Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.8 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"f0c5d1f4-6c6d-413b-8f0d-a6d36556dc4a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0c5d1f4-6c6d-413b-8f0d-a6d36556dc4a?source=api-prod","cve":"CVE-2026-57642","affectedVersions":"<=4.7.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_67686f73746b6974811c9dc5_gen.json b/internal/data/assets/plugin_67686f73746b6974811c9dc5_gen.json index 80acea9f..90f03929 100644 --- a/internal/data/assets/plugin_67686f73746b6974811c9dc5_gen.json +++ b/internal/data/assets/plugin_67686f73746b6974811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/a58bdc25-6171-47d5-bdcc-b4fe89b906f1/ghostkit","title":"Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-17 20:48:21","sources":[{"name":"Wordfence","remoteId":"a58bdc25-6171-47d5-bdcc-b4fe89b906f1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a58bdc25-6171-47d5-bdcc-b4fe89b906f1?source=api-prod","cve":"CVE-2025-9992","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c729d5d4-9629-46f1-b90f-f7b4771e50e1/ghostkit","title":"Ghost Kit <= 3.4.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c729d5d4-9629-46f1-b90f-f7b4771e50e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c729d5d4-9629-46f1-b90f-f7b4771e50e1?source=api-prod","cve":"CVE-2025-53567","affectedVersions":"<=3.4.1","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/63feaadc-27f2-4e87-892d-07595e08021a/ghostkit","title":"Ghost Kit – Page Builder Blocks, Motion Effects & Extensions <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"63feaadc-27f2-4e87-892d-07595e08021a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/63feaadc-27f2-4e87-892d-07595e08021a?source=api-prod","cve":"CVE-2026-57651","affectedVersions":"<=3.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a58bdc25-6171-47d5-bdcc-b4fe89b906f1/ghostkit","title":"Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-17 20:48:21","sources":[{"name":"Wordfence","remoteId":"a58bdc25-6171-47d5-bdcc-b4fe89b906f1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a58bdc25-6171-47d5-bdcc-b4fe89b906f1?source=api-prod","cve":"CVE-2025-9992","affectedVersions":"<=3.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c729d5d4-9629-46f1-b90f-f7b4771e50e1/ghostkit","title":"Ghost Kit <= 3.4.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c729d5d4-9629-46f1-b90f-f7b4771e50e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c729d5d4-9629-46f1-b90f-f7b4771e50e1?source=api-prod","cve":"CVE-2025-53567","affectedVersions":"<=3.4.1","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6769667434752d676966742d63617264732d616c6c2d696e2d6f6e652d666f722d776f6f811c9dc5_gen.json b/internal/data/assets/plugin_6769667434752d676966742d63617264732d616c6c2d696e2d6f6e652d666f722d776f6f811c9dc5_gen.json index 9b240d0c..eb2d1039 100644 --- a/internal/data/assets/plugin_6769667434752d676966742d63617264732d616c6c2d696e2d6f6e652d666f722d776f6f811c9dc5_gen.json +++ b/internal/data/assets/plugin_6769667434752d676966742d63617264732d616c6c2d696e2d6f6e652d666f722d776f6f811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/e6504623-5356-4eba-97e7-c6dc1245e9c1/gift4u-gift-cards-all-in-one-for-woo","title":"GIFT4U – Gift Cards All in One for Woo <= 1.0.10 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6504623-5356-4eba-97e7-c6dc1245e9c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6504623-5356-4eba-97e7-c6dc1245e9c1?source=api-prod","cve":"CVE-2026-54809","affectedVersions":"<=1.0.10","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1128aca9-329d-4a3f-b0b0-36a4172524c5/gift4u-gift-cards-all-in-one-for-woo","title":"GIFT4U – Gift Cards All in One for Woo <= 1.0.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"1128aca9-329d-4a3f-b0b0-36a4172524c5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1128aca9-329d-4a3f-b0b0-36a4172524c5?source=api-prod","cve":"CVE-2026-57324","affectedVersions":"<=1.0.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6504623-5356-4eba-97e7-c6dc1245e9c1/gift4u-gift-cards-all-in-one-for-woo","title":"GIFT4U – Gift Cards All in One for Woo <= 1.0.10 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6504623-5356-4eba-97e7-c6dc1245e9c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6504623-5356-4eba-97e7-c6dc1245e9c1?source=api-prod","cve":"CVE-2026-54809","affectedVersions":"<=1.0.10","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_676d61696c2d736d7470811c9dc5_gen.json b/internal/data/assets/plugin_676d61696c2d736d7470811c9dc5_gen.json new file mode 100644 index 00000000..98ac87c1 --- /dev/null +++ b/internal/data/assets/plugin_676d61696c2d736d7470811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/8c384d30-be18-4dfa-a385-5a8bee38bd14/gmail-smtp","title":"Gmail SMTP <= 1.2.3.19 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c384d30-be18-4dfa-a385-5a8bee38bd14"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c384d30-be18-4dfa-a385-5a8bee38bd14?source=api-prod","cve":"CVE-2026-57657","affectedVersions":"<=1.2.3.19","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_67726f756e64686f6767811c9dc5_gen.json b/internal/data/assets/plugin_67726f756e64686f6767811c9dc5_gen.json index 56911343..eddd61ef 100644 --- a/internal/data/assets/plugin_67726f756e64686f6767811c9dc5_gen.json +++ b/internal/data/assets/plugin_67726f756e64686f6767811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0256b4ad-6094-4062-bdf7-c3fc0410557b/groundhogg","title":"WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0256b4ad-6094-4062-bdf7-c3fc0410557b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=api-prod","cve":"CVE-2025-4206","affectedVersions":"<=4.1.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/060dd6aa-0864-4357-9e78-bd7797af58a0/groundhogg","title":"Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"060dd6aa-0864-4357-9e78-bd7797af58a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/060dd6aa-0864-4357-9e78-bd7797af58a0?source=api-prod","cve":"CVE-2024-56289","affectedVersions":"<=3.7.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0788e172-c9f0-4aa5-806b-183491f92bc3/groundhogg","title":"Groundhogg <= 4.2.2 - Authenticated (Sales Representative+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"0788e172-c9f0-4aa5-806b-183491f92bc3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0788e172-c9f0-4aa5-806b-183491f92bc3?source=api-prod","cve":"CVE-2025-54053","affectedVersions":"<=4.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2052278d-f1df-4a31-8688-11c7c8d20e07/groundhogg","title":"Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-09-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"2052278d-f1df-4a31-8688-11c7c8d20e07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2052278d-f1df-4a31-8688-11c7c8d20e07?source=api-prod","affectedVersions":"<=2.0.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/20ee6bc7-2732-4da3-b005-a971d12b0e32/groundhogg","title":"Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"20ee6bc7-2732-4da3-b005-a971d12b0e32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/20ee6bc7-2732-4da3-b005-a971d12b0e32?source=api-prod","cve":"CVE-2026-13331","affectedVersions":"<=4.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/22506d45-40db-47c4-91b2-ab4f49703bf9/groundhogg","title":"Groundhogg <= 2.7.11 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"22506d45-40db-47c4-91b2-ab4f49703bf9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22506d45-40db-47c4-91b2-ab4f49703bf9?source=api-prod","cve":"CVE-2023-34178","affectedVersions":"<=2.7.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/24747507-8f24-499e-a257-d379dc171e18/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"24747507-8f24-499e-a257-d379dc171e18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=api-prod","cve":"CVE-2023-2715","affectedVersions":"<=2.7.8.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/29700844-b41d-4f10-90a7-06c8574d8d2a/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Update License\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"29700844-b41d-4f10-90a7-06c8574d8d2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=api-prod","cve":"CVE-2023-2714","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b/groundhogg","title":"WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg < 1.3.5 - Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b?source=api-prod","cve":"CVE-2019-15647","affectedVersions":"<1.3.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3c5bde0e-3138-4995-92ae-6deaf6b7be5b/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"3c5bde0e-3138-4995-92ae-6deaf6b7be5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=api-prod","cve":"CVE-2023-2716","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4938206e-2ea4-47ed-a307-87cf67dd74a4/groundhogg","title":"Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"4938206e-2ea4-47ed-a307-87cf67dd74a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=api-prod","cve":"CVE-2023-2735","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060/groundhogg","title":"Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 12:59:49","sources":[{"name":"Wordfence","remoteId":"4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060?source=api-prod","cve":"CVE-2026-13333","affectedVersions":"<=4.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/59c29b29-fc4d-4ecd-a678-3ddeb39d2baf/groundhogg","title":"Groundhogg <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"59c29b29-fc4d-4ecd-a678-3ddeb39d2baf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59c29b29-fc4d-4ecd-a678-3ddeb39d2baf?source=api-prod","cve":"CVE-2025-64367","affectedVersions":"<=4.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/763a9aff-9bc0-4c79-9383-778a9034b436/groundhogg","title":"Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"763a9aff-9bc0-4c79-9383-778a9034b436"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/763a9aff-9bc0-4c79-9383-778a9034b436?source=api-prod","cve":"CVE-2025-1267","affectedVersions":"<=3.7.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61/groundhogg","title":"Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c468cb-8ad6-4b62-8de5-dc8efd4b8e61"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61?source=api-prod","cve":"CVE-2023-1425","affectedVersions":"<=2.7.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/92d048a2-3ecb-466d-9e0c-f1b654d2a944/groundhogg","title":"Groundhogg <= 4.2.1 - Authenticated (Sales Rep+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"92d048a2-3ecb-466d-9e0c-f1b654d2a944"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/92d048a2-3ecb-466d-9e0c-f1b654d2a944?source=api-prod","cve":"CVE-2025-48300","affectedVersions":"<=4.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/98a734d2-ea6f-4053-94b5-d20d6418b3ae/groundhogg","title":"Groundhogg <= 3.4.2.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"98a734d2-ea6f-4053-94b5-d20d6418b3ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98a734d2-ea6f-4053-94b5-d20d6418b3ae?source=api-prod","cve":"CVE-2024-37235","affectedVersions":"<=3.4.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bf472f1-5980-48ee-aa10-aad19b6f2456/groundhogg","title":"Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"9bf472f1-5980-48ee-aa10-aad19b6f2456"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=api-prod","cve":"CVE-2023-2736","affectedVersions":"<=2.7.9.8","severity":"high"},{"advisoryId":"WPSECADV/WF/9cacf087-c501-47b2-ab9b-a395e95ae245/groundhogg","title":"Groundhogg — CRM, Newsletters, and Marketing Automation <= 4.4 - Authenticated (Sales Representative+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cacf087-c501-47b2-ab9b-a395e95ae245"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cacf087-c501-47b2-ab9b-a395e95ae245?source=api-prod","cve":"CVE-2026-40727","affectedVersions":"<=4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/af73240c-b711-4e91-9998-5f7e6a9a4fb9/groundhogg","title":"Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"af73240c-b711-4e91-9998-5f7e6a9a4fb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=api-prod","cve":"CVE-2023-2717","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb/groundhogg","title":"Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-13 20:19:33","sources":[{"name":"Wordfence","remoteId":"b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=api-prod","cve":"CVE-2025-0394","affectedVersions":"<=3.7.3.5","severity":"high"},{"advisoryId":"WPSECADV/WF/b4f2554d-c047-4be2-a4e6-2ae51f077376/groundhogg","title":"Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4f2554d-c047-4be2-a4e6-2ae51f077376"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4f2554d-c047-4be2-a4e6-2ae51f077376?source=api-prod","cve":"CVE-2023-34179","affectedVersions":"<=2.7.11","severity":"high"},{"advisoryId":"WPSECADV/WF/bc69ec54-b30f-402e-ad3b-24fd680ea72b/groundhogg","title":"Groundhogg <= 1.3.11.13 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc69ec54-b30f-402e-ad3b-24fd680ea72b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc69ec54-b30f-402e-ad3b-24fd680ea72b?source=api-prod","affectedVersions":"<=1.3.11.13","severity":"high"},{"advisoryId":"WPSECADV/WF/d9e5cbde-6bc6-49f2-91b4-86c1779de2dc/groundhogg","title":"Groundhogg — CRM, Newsletters, and Marketing Automation < 4.4.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9e5cbde-6bc6-49f2-91b4-86c1779de2dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9e5cbde-6bc6-49f2-91b4-86c1779de2dc?source=api-prod","cve":"CVE-2026-40793","affectedVersions":"<4.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/daac4d63-3789-4262-9b06-aadb4ca1f01e/groundhogg","title":"Groundhogg <= 3.4.2.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"daac4d63-3789-4262-9b06-aadb4ca1f01e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/daac4d63-3789-4262-9b06-aadb4ca1f01e?source=api-prod","cve":"CVE-2024-37264","affectedVersions":"<=3.4.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/e3d231e1-a63e-4b41-a6b7-91e6dfc33600/groundhogg","title":"Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-20 20:41:57","sources":[{"name":"Wordfence","remoteId":"e3d231e1-a63e-4b41-a6b7-91e6dfc33600"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d231e1-a63e-4b41-a6b7-91e6dfc33600?source=api-prod","cve":"CVE-2025-12750","affectedVersions":"<=4.2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/edafc213-a95f-483e-ac5f-d5b56817d046/groundhogg","title":"Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"edafc213-a95f-483e-ac5f-d5b56817d046"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edafc213-a95f-483e-ac5f-d5b56817d046?source=api-prod","cve":"CVE-2023-40681","affectedVersions":"<=2.7.11.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/f2ba40d9-2d37-453a-a731-078f1de1fc69/groundhogg","title":"Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 13:02:09","sources":[{"name":"Wordfence","remoteId":"f2ba40d9-2d37-453a-a731-078f1de1fc69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ba40d9-2d37-453a-a731-078f1de1fc69?source=api-prod","cve":"CVE-2026-13226","affectedVersions":"<=4.5.4","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01465fd0-defe-4754-a4a1-10073fcd1902/groundhogg","title":"Groundhogg — CRM, Newsletters, and Marketing Automation <= 4.5 - Authenticated (Sales representative+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"01465fd0-defe-4754-a4a1-10073fcd1902"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01465fd0-defe-4754-a4a1-10073fcd1902?source=api-prod","cve":"CVE-2026-57667","affectedVersions":"<=4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/0256b4ad-6094-4062-bdf7-c3fc0410557b/groundhogg","title":"WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0256b4ad-6094-4062-bdf7-c3fc0410557b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=api-prod","cve":"CVE-2025-4206","affectedVersions":"<=4.1.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/060dd6aa-0864-4357-9e78-bd7797af58a0/groundhogg","title":"Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"060dd6aa-0864-4357-9e78-bd7797af58a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/060dd6aa-0864-4357-9e78-bd7797af58a0?source=api-prod","cve":"CVE-2024-56289","affectedVersions":"<=3.7.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0788e172-c9f0-4aa5-806b-183491f92bc3/groundhogg","title":"Groundhogg <= 4.2.2 - Authenticated (Sales Representative+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"0788e172-c9f0-4aa5-806b-183491f92bc3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0788e172-c9f0-4aa5-806b-183491f92bc3?source=api-prod","cve":"CVE-2025-54053","affectedVersions":"<=4.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2052278d-f1df-4a31-8688-11c7c8d20e07/groundhogg","title":"Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-09-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"2052278d-f1df-4a31-8688-11c7c8d20e07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2052278d-f1df-4a31-8688-11c7c8d20e07?source=api-prod","affectedVersions":"<=2.0.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/20ee6bc7-2732-4da3-b005-a971d12b0e32/groundhogg","title":"Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"20ee6bc7-2732-4da3-b005-a971d12b0e32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/20ee6bc7-2732-4da3-b005-a971d12b0e32?source=api-prod","cve":"CVE-2026-13331","affectedVersions":"<=4.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/22506d45-40db-47c4-91b2-ab4f49703bf9/groundhogg","title":"Groundhogg <= 2.7.11 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"22506d45-40db-47c4-91b2-ab4f49703bf9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22506d45-40db-47c4-91b2-ab4f49703bf9?source=api-prod","cve":"CVE-2023-34178","affectedVersions":"<=2.7.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/24747507-8f24-499e-a257-d379dc171e18/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"24747507-8f24-499e-a257-d379dc171e18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=api-prod","cve":"CVE-2023-2715","affectedVersions":"<=2.7.8.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/29700844-b41d-4f10-90a7-06c8574d8d2a/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Update License\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"29700844-b41d-4f10-90a7-06c8574d8d2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=api-prod","cve":"CVE-2023-2714","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b/groundhogg","title":"WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg < 1.3.5 - Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b?source=api-prod","cve":"CVE-2019-15647","affectedVersions":"<1.3.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3c5bde0e-3138-4995-92ae-6deaf6b7be5b/groundhogg","title":"Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"3c5bde0e-3138-4995-92ae-6deaf6b7be5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=api-prod","cve":"CVE-2023-2716","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4938206e-2ea4-47ed-a307-87cf67dd74a4/groundhogg","title":"Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"4938206e-2ea4-47ed-a307-87cf67dd74a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=api-prod","cve":"CVE-2023-2735","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060/groundhogg","title":"Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 12:59:49","sources":[{"name":"Wordfence","remoteId":"4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0c04fe-7a9f-4a3f-ba2c-3bdcb5dec060?source=api-prod","cve":"CVE-2026-13333","affectedVersions":"<=4.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/59c29b29-fc4d-4ecd-a678-3ddeb39d2baf/groundhogg","title":"Groundhogg <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"59c29b29-fc4d-4ecd-a678-3ddeb39d2baf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59c29b29-fc4d-4ecd-a678-3ddeb39d2baf?source=api-prod","cve":"CVE-2025-64367","affectedVersions":"<=4.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/763a9aff-9bc0-4c79-9383-778a9034b436/groundhogg","title":"Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"763a9aff-9bc0-4c79-9383-778a9034b436"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/763a9aff-9bc0-4c79-9383-778a9034b436?source=api-prod","cve":"CVE-2025-1267","affectedVersions":"<=3.7.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61/groundhogg","title":"Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c468cb-8ad6-4b62-8de5-dc8efd4b8e61"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61?source=api-prod","cve":"CVE-2023-1425","affectedVersions":"<=2.7.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/92d048a2-3ecb-466d-9e0c-f1b654d2a944/groundhogg","title":"Groundhogg <= 4.2.1 - Authenticated (Sales Rep+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"92d048a2-3ecb-466d-9e0c-f1b654d2a944"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/92d048a2-3ecb-466d-9e0c-f1b654d2a944?source=api-prod","cve":"CVE-2025-48300","affectedVersions":"<=4.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/98a734d2-ea6f-4053-94b5-d20d6418b3ae/groundhogg","title":"Groundhogg <= 3.4.2.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"98a734d2-ea6f-4053-94b5-d20d6418b3ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98a734d2-ea6f-4053-94b5-d20d6418b3ae?source=api-prod","cve":"CVE-2024-37235","affectedVersions":"<=3.4.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bf472f1-5980-48ee-aa10-aad19b6f2456/groundhogg","title":"Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"9bf472f1-5980-48ee-aa10-aad19b6f2456"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=api-prod","cve":"CVE-2023-2736","affectedVersions":"<=2.7.9.8","severity":"high"},{"advisoryId":"WPSECADV/WF/9cacf087-c501-47b2-ab9b-a395e95ae245/groundhogg","title":"Groundhogg — CRM, Newsletters, and Marketing Automation <= 4.4 - Authenticated (Sales Representative+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cacf087-c501-47b2-ab9b-a395e95ae245"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cacf087-c501-47b2-ab9b-a395e95ae245?source=api-prod","cve":"CVE-2026-40727","affectedVersions":"<=4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/af73240c-b711-4e91-9998-5f7e6a9a4fb9/groundhogg","title":"Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"af73240c-b711-4e91-9998-5f7e6a9a4fb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=api-prod","cve":"CVE-2023-2717","affectedVersions":"<=2.7.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb/groundhogg","title":"Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-13 20:19:33","sources":[{"name":"Wordfence","remoteId":"b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=api-prod","cve":"CVE-2025-0394","affectedVersions":"<=3.7.3.5","severity":"high"},{"advisoryId":"WPSECADV/WF/b4f2554d-c047-4be2-a4e6-2ae51f077376/groundhogg","title":"Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4f2554d-c047-4be2-a4e6-2ae51f077376"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4f2554d-c047-4be2-a4e6-2ae51f077376?source=api-prod","cve":"CVE-2023-34179","affectedVersions":"<=2.7.11","severity":"high"},{"advisoryId":"WPSECADV/WF/bc69ec54-b30f-402e-ad3b-24fd680ea72b/groundhogg","title":"Groundhogg <= 1.3.11.13 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc69ec54-b30f-402e-ad3b-24fd680ea72b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc69ec54-b30f-402e-ad3b-24fd680ea72b?source=api-prod","affectedVersions":"<=1.3.11.13","severity":"high"},{"advisoryId":"WPSECADV/WF/d9e5cbde-6bc6-49f2-91b4-86c1779de2dc/groundhogg","title":"Groundhogg — CRM, Newsletters, and Marketing Automation < 4.4.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9e5cbde-6bc6-49f2-91b4-86c1779de2dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9e5cbde-6bc6-49f2-91b4-86c1779de2dc?source=api-prod","cve":"CVE-2026-40793","affectedVersions":"<4.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/daac4d63-3789-4262-9b06-aadb4ca1f01e/groundhogg","title":"Groundhogg <= 3.4.2.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"daac4d63-3789-4262-9b06-aadb4ca1f01e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/daac4d63-3789-4262-9b06-aadb4ca1f01e?source=api-prod","cve":"CVE-2024-37264","affectedVersions":"<=3.4.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/e3d231e1-a63e-4b41-a6b7-91e6dfc33600/groundhogg","title":"Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-20 20:41:57","sources":[{"name":"Wordfence","remoteId":"e3d231e1-a63e-4b41-a6b7-91e6dfc33600"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d231e1-a63e-4b41-a6b7-91e6dfc33600?source=api-prod","cve":"CVE-2025-12750","affectedVersions":"<=4.2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/edafc213-a95f-483e-ac5f-d5b56817d046/groundhogg","title":"Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"edafc213-a95f-483e-ac5f-d5b56817d046"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edafc213-a95f-483e-ac5f-d5b56817d046?source=api-prod","cve":"CVE-2023-40681","affectedVersions":"<=2.7.11.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/f2ba40d9-2d37-453a-a731-078f1de1fc69/groundhogg","title":"Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 13:02:09","sources":[{"name":"Wordfence","remoteId":"f2ba40d9-2d37-453a-a731-078f1de1fc69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ba40d9-2d37-453a-a731-078f1de1fc69?source=api-prod","cve":"CVE-2026-13226","affectedVersions":"<=4.5.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_677574656e76657273652d666f726d811c9dc5_gen.json b/internal/data/assets/plugin_677574656e76657273652d666f726d811c9dc5_gen.json index b6356271..674feeec 100644 --- a/internal/data/assets/plugin_677574656e76657273652d666f726d811c9dc5_gen.json +++ b/internal/data/assets/plugin_677574656e76657273652d666f726d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/5d18f911-a766-4b13-a00e-8cdeee788d7a/gutenverse-form","title":"Gutenverse Form <= 2.2.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d18f911-a766-4b13-a00e-8cdeee788d7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d18f911-a766-4b13-a00e-8cdeee788d7a?source=api-prod","cve":"CVE-2025-66079","affectedVersions":"<=2.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/792fa6cb-e55a-4f68-b8a8-9039fb1ff694/gutenverse-form","title":"Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-07 20:40:47","sources":[{"name":"Wordfence","remoteId":"792fa6cb-e55a-4f68-b8a8-9039fb1ff694"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/792fa6cb-e55a-4f68-b8a8-9039fb1ff694?source=api-prod","cve":"CVE-2025-14984","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b/gutenverse-form","title":"Gutenverse Form <= 2.3.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b?source=api-prod","cve":"CVE-2025-68511","affectedVersions":"<=2.3.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/5d18f911-a766-4b13-a00e-8cdeee788d7a/gutenverse-form","title":"Gutenverse Form <= 2.2.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d18f911-a766-4b13-a00e-8cdeee788d7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d18f911-a766-4b13-a00e-8cdeee788d7a?source=api-prod","cve":"CVE-2025-66079","affectedVersions":"<=2.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/792fa6cb-e55a-4f68-b8a8-9039fb1ff694/gutenverse-form","title":"Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-07 20:40:47","sources":[{"name":"Wordfence","remoteId":"792fa6cb-e55a-4f68-b8a8-9039fb1ff694"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/792fa6cb-e55a-4f68-b8a8-9039fb1ff694?source=api-prod","cve":"CVE-2025-14984","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bde6d5c-85a1-47d4-a017-23ce69a3bb5e/gutenverse-form","title":"Gutenverse Form – Contact Form Builder, Block Form & Booking Form <= 2.4.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"7bde6d5c-85a1-47d4-a017-23ce69a3bb5e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bde6d5c-85a1-47d4-a017-23ce69a3bb5e?source=api-prod","cve":"CVE-2026-56040","affectedVersions":"<=2.4.7","severity":"high"},{"advisoryId":"WPSECADV/WF/d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b/gutenverse-form","title":"Gutenverse Form <= 2.3.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b?source=api-prod","cve":"CVE-2025-68511","affectedVersions":"<=2.3.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6865737465722d636f7265811c9dc5_gen.json b/internal/data/assets/plugin_6865737465722d636f7265811c9dc5_gen.json new file mode 100644 index 00000000..6ab78c8b --- /dev/null +++ b/internal/data/assets/plugin_6865737465722d636f7265811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/b25c27ee-0d50-4b1e-ac07-469c99e601d1/hester-core","title":"Hester Core <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b25c27ee-0d50-4b1e-ac07-469c99e601d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b25c27ee-0d50-4b1e-ac07-469c99e601d1?source=api-prod","cve":"CVE-2026-57656","affectedVersions":"<=1.1.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_68746d6c352d766964656f2d706c61796572811c9dc5_gen.json b/internal/data/assets/plugin_68746d6c352d766964656f2d706c61796572811c9dc5_gen.json index 260063ac..0abfa2c1 100644 --- a/internal/data/assets/plugin_68746d6c352d766964656f2d706c61796572811c9dc5_gen.json +++ b/internal/data/assets/plugin_68746d6c352d766964656f2d706c61796572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0abd2533-5cb3-4568-8ad2-f2852ab3a8db/html5-video-player","title":"HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"0abd2533-5cb3-4568-8ad2-f2852ab3a8db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0abd2533-5cb3-4568-8ad2-f2852ab3a8db?source=api-prod","cve":"CVE-2024-1061","affectedVersions":"<=2.5.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6/html5-video-player","title":"Html5 Video Player <= 2.5.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6?source=api-prod","cve":"CVE-2023-6485","affectedVersions":"<=2.5.18","severity":"medium"},{"advisoryId":"WPSECADV/WF/43a7f1b0-c2c0-4832-9819-22625c8b727e/html5-video-player","title":"HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"43a7f1b0-c2c0-4832-9819-22625c8b727e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43a7f1b0-c2c0-4832-9819-22625c8b727e?source=api-prod","cve":"CVE-2024-5522","affectedVersions":"<=2.5.26","severity":"critical"},{"advisoryId":"WPSECADV/WF/604862d9-e032-4806-8a14-3e4ad0ae1ee2/html5-video-player","title":"Flash & HTML5 Video <= 2.5.31 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"604862d9-e032-4806-8a14-3e4ad0ae1ee2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/604862d9-e032-4806-8a14-3e4ad0ae1ee2?source=api-prod","cve":"CVE-2024-43319","affectedVersions":"<=2.5.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dc3f308-d1e1-430b-bccd-168c0972fe7c/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-10 15:52:47","sources":[{"name":"Wordfence","remoteId":"6dc3f308-d1e1-430b-bccd-168c0972fe7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc3f308-d1e1-430b-bccd-168c0972fe7c?source=api-prod","cve":"CVE-2024-7721","affectedVersions":"<=2.5.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/84ce21b9-91ac-4990-8665-69a1461147ab/html5-video-player","title":"Flash & HTML5 Video <= 2.5.30 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84ce21b9-91ac-4990-8665-69a1461147ab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84ce21b9-91ac-4990-8665-69a1461147ab?source=api-prod","cve":"CVE-2024-43296","affectedVersions":"<=2.5.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/908df18e-7178-4d40-becb-86e1a714a7da/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"908df18e-7178-4d40-becb-86e1a714a7da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/908df18e-7178-4d40-becb-86e1a714a7da?source=api-prod","cve":"CVE-2024-7727","affectedVersions":"<=2.5.32","severity":"medium"},{"advisoryId":"WPSECADV/WF/e0b26af2-d559-49bf-841a-1974360b3ad6/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-13 20:11:53","sources":[{"name":"Wordfence","remoteId":"e0b26af2-d559-49bf-841a-1974360b3ad6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b26af2-d559-49bf-841a-1974360b3ad6?source=api-prod","cve":"CVE-2024-13156","affectedVersions":"<=2.5.35","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0abd2533-5cb3-4568-8ad2-f2852ab3a8db/html5-video-player","title":"HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"0abd2533-5cb3-4568-8ad2-f2852ab3a8db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0abd2533-5cb3-4568-8ad2-f2852ab3a8db?source=api-prod","cve":"CVE-2024-1061","affectedVersions":"<=2.5.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6/html5-video-player","title":"Html5 Video Player <= 2.5.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6?source=api-prod","cve":"CVE-2023-6485","affectedVersions":"<=2.5.18","severity":"medium"},{"advisoryId":"WPSECADV/WF/43a7f1b0-c2c0-4832-9819-22625c8b727e/html5-video-player","title":"HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"43a7f1b0-c2c0-4832-9819-22625c8b727e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43a7f1b0-c2c0-4832-9819-22625c8b727e?source=api-prod","cve":"CVE-2024-5522","affectedVersions":"<=2.5.26","severity":"critical"},{"advisoryId":"WPSECADV/WF/604862d9-e032-4806-8a14-3e4ad0ae1ee2/html5-video-player","title":"Flash & HTML5 Video <= 2.5.31 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"604862d9-e032-4806-8a14-3e4ad0ae1ee2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/604862d9-e032-4806-8a14-3e4ad0ae1ee2?source=api-prod","cve":"CVE-2024-43319","affectedVersions":"<=2.5.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dc3f308-d1e1-430b-bccd-168c0972fe7c/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-10 15:52:47","sources":[{"name":"Wordfence","remoteId":"6dc3f308-d1e1-430b-bccd-168c0972fe7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc3f308-d1e1-430b-bccd-168c0972fe7c?source=api-prod","cve":"CVE-2024-7721","affectedVersions":"<=2.5.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/84ce21b9-91ac-4990-8665-69a1461147ab/html5-video-player","title":"Flash & HTML5 Video <= 2.5.30 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84ce21b9-91ac-4990-8665-69a1461147ab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84ce21b9-91ac-4990-8665-69a1461147ab?source=api-prod","cve":"CVE-2024-43296","affectedVersions":"<=2.5.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/908df18e-7178-4d40-becb-86e1a714a7da/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"908df18e-7178-4d40-becb-86e1a714a7da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/908df18e-7178-4d40-becb-86e1a714a7da?source=api-prod","cve":"CVE-2024-7727","affectedVersions":"<=2.5.32","severity":"medium"},{"advisoryId":"WPSECADV/WF/cb64128c-0342-4365-bf46-0170fc876694/html5-video-player","title":"HTML5 Video Player – Embed and Play Videos in Custom Player <= 2.11.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"cb64128c-0342-4365-bf46-0170fc876694"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb64128c-0342-4365-bf46-0170fc876694?source=api-prod","cve":"CVE-2026-57323","affectedVersions":"<=2.11.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e0b26af2-d559-49bf-841a-1974360b3ad6/html5-video-player","title":"HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-13 20:11:53","sources":[{"name":"Wordfence","remoteId":"e0b26af2-d559-49bf-841a-1974360b3ad6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b26af2-d559-49bf-841a-1974360b3ad6?source=api-prod","cve":"CVE-2024-13156","affectedVersions":"<=2.5.35","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_696d6167652d6361726f7573656c811c9dc5_gen.json b/internal/data/assets/plugin_696d6167652d6361726f7573656c811c9dc5_gen.json new file mode 100644 index 00000000..cfb117c5 --- /dev/null +++ b/internal/data/assets/plugin_696d6167652d6361726f7573656c811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/6eec349a-0b85-4d3f-bdb7-f9eb3b9e35d9/image-carousel","title":"Image Carousel <= 1.0.0.41 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6eec349a-0b85-4d3f-bdb7-f9eb3b9e35d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6eec349a-0b85-4d3f-bdb7-f9eb3b9e35d9?source=api-prod","cve":"CVE-2025-68074","affectedVersions":"<=1.0.0.41","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_696e66696c6974792d676c6f62616c811c9dc5_gen.json b/internal/data/assets/plugin_696e66696c6974792d676c6f62616c811c9dc5_gen.json index 341ed532..d8e9e1cb 100644 --- a/internal/data/assets/plugin_696e66696c6974792d676c6f62616c811c9dc5_gen.json +++ b/internal/data/assets/plugin_696e66696c6974792d676c6f62616c811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2/infility-global","title":"Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-19 12:07:43","sources":[{"name":"Wordfence","remoteId":"1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2?source=api-prod","cve":"CVE-2026-8685","affectedVersions":"<=2.15.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f3a01fe-8c84-4219-98fe-14e4ac74b7f7/infility-global","title":"Infility Global <= 2.13.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f3a01fe-8c84-4219-98fe-14e4ac74b7f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3a01fe-8c84-4219-98fe-14e4ac74b7f7?source=api-prod","cve":"CVE-2025-47652","affectedVersions":"<=2.13.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/542a18f6-9d17-4e54-85e1-e01630ca371e/infility-global","title":"Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 15:11:30","sources":[{"name":"Wordfence","remoteId":"542a18f6-9d17-4e54-85e1-e01630ca371e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/542a18f6-9d17-4e54-85e1-e01630ca371e?source=api-prod","cve":"CVE-2025-12968","affectedVersions":"<=2.14.42","severity":"high"},{"advisoryId":"WPSECADV/WF/58ab78f2-199b-44e8-9213-8c46025b55fb/infility-global","title":"Infility Global <= 2.14.49 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"58ab78f2-199b-44e8-9213-8c46025b55fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58ab78f2-199b-44e8-9213-8c46025b55fb?source=api-prod","cve":"CVE-2025-68864","affectedVersions":"<=2.14.49","severity":"high"},{"advisoryId":"WPSECADV/WF/603734a3-f471-4a40-9253-92e0d1ef5ac2/infility-global","title":"Infility Global <= 2.14.7 - Authenticated (Subscriber+) Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"603734a3-f471-4a40-9253-92e0d1ef5ac2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/603734a3-f471-4a40-9253-92e0d1ef5ac2?source=api-prod","cve":"CVE-2025-47650","affectedVersions":"<=2.14.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0/infility-global","title":"Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 16:09:03","sources":[{"name":"Wordfence","remoteId":"6127576b-5ce2-4a3e-95de-8a2b3d90d3a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=api-prod","cve":"CVE-2024-12290","affectedVersions":"<=2.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/648941b8-d1ab-4587-bd87-f23008ac9a00/infility-global","title":"Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 19:43:35","sources":[{"name":"Wordfence","remoteId":"648941b8-d1ab-4587-bd87-f23008ac9a00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/648941b8-d1ab-4587-bd87-f23008ac9a00?source=api-prod","cve":"CVE-2025-15268","affectedVersions":"<=2.14.46","severity":"high"},{"advisoryId":"WPSECADV/WF/befc411f-8c50-44a2-b1af-10a507230df9/infility-global","title":"Infility Global <= 2.14.49 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"befc411f-8c50-44a2-b1af-10a507230df9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/befc411f-8c50-44a2-b1af-10a507230df9?source=api-prod","cve":"CVE-2025-68865","affectedVersions":"<=2.14.49","severity":"high"},{"advisoryId":"WPSECADV/WF/d0fd1c19-b752-4562-9365-165d709b91b2/infility-global","title":"Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 16:09:04","sources":[{"name":"Wordfence","remoteId":"d0fd1c19-b752-4562-9365-165d709b91b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fd1c19-b752-4562-9365-165d709b91b2?source=api-prod","cve":"CVE-2024-11496","affectedVersions":"<=2.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7bca584-05d8-4ecf-bf6c-5c2256cb5a61/infility-global","title":"Infility Global <= 2.13.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7bca584-05d8-4ecf-bf6c-5c2256cb5a61"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7bca584-05d8-4ecf-bf6c-5c2256cb5a61?source=api-prod","cve":"CVE-2025-52774","affectedVersions":"<=2.13.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffb8c561-ce2a-447c-add6-d7e01c8c9435/infility-global","title":"Infility Global <= 2.12.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffb8c561-ce2a-447c-add6-d7e01c8c9435"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb8c561-ce2a-447c-add6-d7e01c8c9435?source=api-prod","cve":"CVE-2025-47651","affectedVersions":"<=2.12.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2/infility-global","title":"Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-19 12:07:43","sources":[{"name":"Wordfence","remoteId":"1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2?source=api-prod","cve":"CVE-2026-8685","affectedVersions":"<=2.15.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ba63578-c65e-4050-aa68-1d6351fccd06/infility-global","title":"Infility Global < 2.15.19 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2ba63578-c65e-4050-aa68-1d6351fccd06"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ba63578-c65e-4050-aa68-1d6351fccd06?source=api-prod","cve":"CVE-2026-8163","affectedVersions":"<2.15.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f3a01fe-8c84-4219-98fe-14e4ac74b7f7/infility-global","title":"Infility Global <= 2.13.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f3a01fe-8c84-4219-98fe-14e4ac74b7f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3a01fe-8c84-4219-98fe-14e4ac74b7f7?source=api-prod","cve":"CVE-2025-47652","affectedVersions":"<=2.13.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/542a18f6-9d17-4e54-85e1-e01630ca371e/infility-global","title":"Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 15:11:30","sources":[{"name":"Wordfence","remoteId":"542a18f6-9d17-4e54-85e1-e01630ca371e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/542a18f6-9d17-4e54-85e1-e01630ca371e?source=api-prod","cve":"CVE-2025-12968","affectedVersions":"<=2.14.42","severity":"high"},{"advisoryId":"WPSECADV/WF/58ab78f2-199b-44e8-9213-8c46025b55fb/infility-global","title":"Infility Global <= 2.14.49 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"58ab78f2-199b-44e8-9213-8c46025b55fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58ab78f2-199b-44e8-9213-8c46025b55fb?source=api-prod","cve":"CVE-2025-68864","affectedVersions":"<=2.14.49","severity":"high"},{"advisoryId":"WPSECADV/WF/603734a3-f471-4a40-9253-92e0d1ef5ac2/infility-global","title":"Infility Global <= 2.14.7 - Authenticated (Subscriber+) Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"603734a3-f471-4a40-9253-92e0d1ef5ac2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/603734a3-f471-4a40-9253-92e0d1ef5ac2?source=api-prod","cve":"CVE-2025-47650","affectedVersions":"<=2.14.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0/infility-global","title":"Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 16:09:03","sources":[{"name":"Wordfence","remoteId":"6127576b-5ce2-4a3e-95de-8a2b3d90d3a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=api-prod","cve":"CVE-2024-12290","affectedVersions":"<=2.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/648941b8-d1ab-4587-bd87-f23008ac9a00/infility-global","title":"Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 19:43:35","sources":[{"name":"Wordfence","remoteId":"648941b8-d1ab-4587-bd87-f23008ac9a00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/648941b8-d1ab-4587-bd87-f23008ac9a00?source=api-prod","cve":"CVE-2025-15268","affectedVersions":"<=2.14.46","severity":"high"},{"advisoryId":"WPSECADV/WF/76b1f8d8-ab5f-4ce8-a30b-8e9eb0e127a5/infility-global","title":"Infility Global < 2.15.20 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"76b1f8d8-ab5f-4ce8-a30b-8e9eb0e127a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76b1f8d8-ab5f-4ce8-a30b-8e9eb0e127a5?source=api-prod","cve":"CVE-2026-7842","affectedVersions":"<2.15.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/befc411f-8c50-44a2-b1af-10a507230df9/infility-global","title":"Infility Global <= 2.14.49 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"befc411f-8c50-44a2-b1af-10a507230df9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/befc411f-8c50-44a2-b1af-10a507230df9?source=api-prod","cve":"CVE-2025-68865","affectedVersions":"<=2.14.49","severity":"high"},{"advisoryId":"WPSECADV/WF/d0fd1c19-b752-4562-9365-165d709b91b2/infility-global","title":"Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 16:09:04","sources":[{"name":"Wordfence","remoteId":"d0fd1c19-b752-4562-9365-165d709b91b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fd1c19-b752-4562-9365-165d709b91b2?source=api-prod","cve":"CVE-2024-11496","affectedVersions":"<=2.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7bca584-05d8-4ecf-bf6c-5c2256cb5a61/infility-global","title":"Infility Global <= 2.13.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7bca584-05d8-4ecf-bf6c-5c2256cb5a61"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7bca584-05d8-4ecf-bf6c-5c2256cb5a61?source=api-prod","cve":"CVE-2025-52774","affectedVersions":"<=2.13.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffb8c561-ce2a-447c-add6-d7e01c8c9435/infility-global","title":"Infility Global <= 2.12.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffb8c561-ce2a-447c-add6-d7e01c8c9435"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb8c561-ce2a-447c-add6-d7e01c8c9435?source=api-prod","cve":"CVE-2025-47651","affectedVersions":"<=2.12.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_696f2d656e676167656d656e742d616e616c7974696373811c9dc5_gen.json b/internal/data/assets/plugin_696f2d656e676167656d656e742d616e616c7974696373811c9dc5_gen.json new file mode 100644 index 00000000..63ea8150 --- /dev/null +++ b/internal/data/assets/plugin_696f2d656e676167656d656e742d616e616c7974696373811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/16f9ca70-50fe-4fab-8a58-57af795dc000/io-engagement-analytics","title":"Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 16:17:18","sources":[{"name":"Wordfence","remoteId":"16f9ca70-50fe-4fab-8a58-57af795dc000"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16f9ca70-50fe-4fab-8a58-57af795dc000?source=api-prod","cve":"CVE-2026-8944","affectedVersions":"<=1.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6a65742d656e67696e65811c9dc5_gen.json b/internal/data/assets/plugin_6a65742d656e67696e65811c9dc5_gen.json index 6efb8229..c808216d 100644 --- a/internal/data/assets/plugin_6a65742d656e67696e65811c9dc5_gen.json +++ b/internal/data/assets/plugin_6a65742d656e67696e65811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/099e8784-48d2-4be7-9549-b9dbe57fe637/jet-engine","title":"JetEngine <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"099e8784-48d2-4be7-9549-b9dbe57fe637"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/099e8784-48d2-4be7-9549-b9dbe57fe637?source=api-prod","cve":"CVE-2025-49938","affectedVersions":"<=3.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0ef8f81e-b241-43c3-9045-610cdbc08be1/jet-engine","title":"JetEngine <= 3.6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0ef8f81e-b241-43c3-9045-610cdbc08be1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0ef8f81e-b241-43c3-9045-610cdbc08be1?source=api-prod","cve":"CVE-2025-26870","affectedVersions":"<=3.6.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c1e1c18-fecd-45a9-a515-11073c9f1aec/jet-engine","title":"JetEngine <= 3.7.0 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c1e1c18-fecd-45a9-a515-11073c9f1aec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c1e1c18-fecd-45a9-a515-11073c9f1aec?source=api-prod","cve":"CVE-2025-53196","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c85e5e0-d8ee-46d3-99b1-df6c6744f020/jet-engine","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c85e5e0-d8ee-46d3-99b1-df6c6744f020"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-prod","cve":"CVE-2023-48762","affectedVersions":"<=3.2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb?source=api-prod","cve":"CVE-2026-54189","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/29a5701f-92f7-4a02-a990-b189a381cff5/jet-engine","title":"JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 12:57:24","sources":[{"name":"Wordfence","remoteId":"29a5701f-92f7-4a02-a990-b189a381cff5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29a5701f-92f7-4a02-a990-b189a381cff5?source=api-prod","cve":"CVE-2026-4352","affectedVersions":"<=3.8.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/303fc526-ffaf-4266-a606-4d21ac4c295f/jet-engine","title":"JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"303fc526-ffaf-4266-a606-4d21ac4c295f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/303fc526-ffaf-4266-a606-4d21ac4c295f?source=api-prod","cve":"CVE-2026-54187","affectedVersions":"<=3.8.10.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c/jet-engine","title":"JetEngine <= 3.2.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f2c97f4-0a6e-4693-a6c8-bd81ca76988c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c?source=api-prod","cve":"CVE-2023-48758","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/40abaa5e-7dd5-4a4e-877c-0a56386f5ffe/jet-engine","title":"JetEngine <= 3.7.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"40abaa5e-7dd5-4a4e-877c-0a56386f5ffe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40abaa5e-7dd5-4a4e-877c-0a56386f5ffe?source=api-prod","cve":"CVE-2025-67923","affectedVersions":"<=3.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/512f68c0-3041-44b0-86de-b3e640cf5055/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"512f68c0-3041-44b0-86de-b3e640cf5055"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/512f68c0-3041-44b0-86de-b3e640cf5055?source=api-prod","cve":"CVE-2026-52706","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/594431b7-9bc7-4e86-bc20-311fdab657b6/jet-engine","title":"JetEngine <= 3.8.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"594431b7-9bc7-4e86-bc20-311fdab657b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/594431b7-9bc7-4e86-bc20-311fdab657b6?source=api-prod","cve":"CVE-2025-68495","affectedVersions":"<=3.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/77d6d38a-f590-4188-8941-ea6936ae5cf4/jet-engine","title":"JetEngine < 3.8.9.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"77d6d38a-f590-4188-8941-ea6936ae5cf4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/77d6d38a-f590-4188-8941-ea6936ae5cf4?source=api-prod","cve":"CVE-2026-49084","affectedVersions":"<3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/84875591-2754-4415-9a77-8824fdfa89dd/jet-engine","title":"JetEngine <= 3.8.1.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"84875591-2754-4415-9a77-8824fdfa89dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84875591-2754-4415-9a77-8824fdfa89dd?source=api-prod","cve":"CVE-2025-69333","affectedVersions":"<=3.8.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/850590a0-2bbc-45ff-8538-4d11b587383f/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"850590a0-2bbc-45ff-8538-4d11b587383f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/850590a0-2bbc-45ff-8538-4d11b587383f?source=api-prod","cve":"CVE-2026-54188","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/893500ba-cc16-4429-bbe1-725aa65589c9/jet-engine","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"893500ba-cc16-4429-bbe1-725aa65589c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-prod","cve":"CVE-2023-48761","affectedVersions":"<=3.2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ad473d5-f54b-4801-9ba3-54e4dddf26f7/jet-engine","title":"JetEngine <= 3.7.1 - Authenticated (Contributor+) Server-Side Template Injection to Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ad473d5-f54b-4801-9ba3-54e4dddf26f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ad473d5-f54b-4801-9ba3-54e4dddf26f7?source=api-prod","cve":"CVE-2025-53194","affectedVersions":"<=3.7.1","severity":"high"},{"advisoryId":"WPSECADV/WF/9a4f28bb-7669-483a-b93a-276b7a10826a/jet-engine","title":"JetEngine <= 3.7.2 - Authenticated (Contributor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a4f28bb-7669-483a-b93a-276b7a10826a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a4f28bb-7669-483a-b93a-276b7a10826a?source=api-prod","cve":"CVE-2026-28134","affectedVersions":"<=3.7.2","severity":"high"},{"advisoryId":"WPSECADV/WF/ad66015d-7831-4590-9583-3abf7ca43c3b/jet-engine","title":"JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad66015d-7831-4590-9583-3abf7ca43c3b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad66015d-7831-4590-9583-3abf7ca43c3b?source=api-prod","cve":"CVE-2023-48757","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/d36856c1-5b61-403d-816e-7efa8ca4d41a/jet-engine","title":"JetEngine <= 3.8.9.1 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"d36856c1-5b61-403d-816e-7efa8ca4d41a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d36856c1-5b61-403d-816e-7efa8ca4d41a?source=api-prod","cve":"CVE-2026-49075","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e/jet-engine","title":"Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e?source=api-prod","cve":"CVE-2023-1406","affectedVersions":"<=3.1.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d938b867-a29a-460b-bfc2-1ba4490ee105/jet-engine","title":"JetEngine <= 3.7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"d938b867-a29a-460b-bfc2-1ba4490ee105"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d938b867-a29a-460b-bfc2-1ba4490ee105?source=api-prod","cve":"CVE-2025-54688","affectedVersions":"<=3.7.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e37cabad-c41c-4fba-b01d-a5eb5c7d5254/jet-engine","title":"JetEngine <= 3.8.8.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"e37cabad-c41c-4fba-b01d-a5eb5c7d5254"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e37cabad-c41c-4fba-b01d-a5eb5c7d5254?source=api-prod","cve":"CVE-2026-42774","affectedVersions":"<=3.8.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f0e97124-641c-4d35-a274-6a127d2d7d18/jet-engine","title":"JetEngine < 3.8.4.1 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"f0e97124-641c-4d35-a274-6a127d2d7d18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0e97124-641c-4d35-a274-6a127d2d7d18?source=api-prod","cve":"CVE-2026-32355","affectedVersions":"<3.8.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f10cf49b-1b78-43c1-b0d1-c1dbb74d5696/jet-engine","title":"JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 16:17:43","sources":[{"name":"Wordfence","remoteId":"f10cf49b-1b78-43c1-b0d1-c1dbb74d5696"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f10cf49b-1b78-43c1-b0d1-c1dbb74d5696?source=api-prod","cve":"CVE-2026-4662","affectedVersions":"<=3.8.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f27979a8-0e68-4a45-9e3e-3667d88361d8/jet-engine","title":"Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-17 18:34:33","sources":[{"name":"Wordfence","remoteId":"f27979a8-0e68-4a45-9e3e-3667d88361d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f27979a8-0e68-4a45-9e3e-3667d88361d8?source=api-prod","cve":"CVE-2025-0369","affectedVersions":"<=3.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f866ef19-2662-49c1-a90a-920403c8799d/jet-engine","title":"JetEngine <= 3.8.9.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"f866ef19-2662-49c1-a90a-920403c8799d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f866ef19-2662-49c1-a90a-920403c8799d?source=api-prod","cve":"CVE-2026-49074","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f920d63e-2101-4192-8916-be2d42929a54/jet-engine","title":"JetEngine <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f920d63e-2101-4192-8916-be2d42929a54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f920d63e-2101-4192-8916-be2d42929a54?source=api-prod","cve":"CVE-2025-53195","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/fd5fb3fb-425a-458b-b3cb-92cd23f50726/jet-engine","title":"JetEngine <= 3.8.9.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd5fb3fb-425a-458b-b3cb-92cd23f50726"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5fb3fb-425a-458b-b3cb-92cd23f50726?source=api-prod","cve":"CVE-2026-49076","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/fd839b20-69d1-4cad-80fc-3e7b9940fd30/jet-engine","title":"JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd839b20-69d1-4cad-80fc-3e7b9940fd30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd839b20-69d1-4cad-80fc-3e7b9940fd30?source=api-prod","cve":"CVE-2026-12360","affectedVersions":"<=3.8.10.1","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/083dd550-6d62-4e2e-8571-ef3c5597e816/jet-engine","title":"JetEngine <= 3.8.10.2 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"083dd550-6d62-4e2e-8571-ef3c5597e816"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/083dd550-6d62-4e2e-8571-ef3c5597e816?source=api-prod","cve":"CVE-2026-56068","affectedVersions":"<=3.8.10.2","severity":"high"},{"advisoryId":"WPSECADV/WF/099e8784-48d2-4be7-9549-b9dbe57fe637/jet-engine","title":"JetEngine <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"099e8784-48d2-4be7-9549-b9dbe57fe637"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/099e8784-48d2-4be7-9549-b9dbe57fe637?source=api-prod","cve":"CVE-2025-49938","affectedVersions":"<=3.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0ef8f81e-b241-43c3-9045-610cdbc08be1/jet-engine","title":"JetEngine <= 3.6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0ef8f81e-b241-43c3-9045-610cdbc08be1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0ef8f81e-b241-43c3-9045-610cdbc08be1?source=api-prod","cve":"CVE-2025-26870","affectedVersions":"<=3.6.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c1e1c18-fecd-45a9-a515-11073c9f1aec/jet-engine","title":"JetEngine <= 3.7.0 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c1e1c18-fecd-45a9-a515-11073c9f1aec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c1e1c18-fecd-45a9-a515-11073c9f1aec?source=api-prod","cve":"CVE-2025-53196","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c85e5e0-d8ee-46d3-99b1-df6c6744f020/jet-engine","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c85e5e0-d8ee-46d3-99b1-df6c6744f020"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-prod","cve":"CVE-2023-48762","affectedVersions":"<=3.2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24c9ff14-1d24-4c8c-b3d5-c2e0b5eb25fb?source=api-prod","cve":"CVE-2026-54189","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/29a5701f-92f7-4a02-a990-b189a381cff5/jet-engine","title":"JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 12:57:24","sources":[{"name":"Wordfence","remoteId":"29a5701f-92f7-4a02-a990-b189a381cff5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29a5701f-92f7-4a02-a990-b189a381cff5?source=api-prod","cve":"CVE-2026-4352","affectedVersions":"<=3.8.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/303fc526-ffaf-4266-a606-4d21ac4c295f/jet-engine","title":"JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"303fc526-ffaf-4266-a606-4d21ac4c295f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/303fc526-ffaf-4266-a606-4d21ac4c295f?source=api-prod","cve":"CVE-2026-54187","affectedVersions":"<=3.8.10.1","severity":"high"},{"advisoryId":"WPSECADV/WF/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c/jet-engine","title":"JetEngine <= 3.2.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f2c97f4-0a6e-4693-a6c8-bd81ca76988c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c?source=api-prod","cve":"CVE-2023-48758","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/40abaa5e-7dd5-4a4e-877c-0a56386f5ffe/jet-engine","title":"JetEngine <= 3.7.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"40abaa5e-7dd5-4a4e-877c-0a56386f5ffe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40abaa5e-7dd5-4a4e-877c-0a56386f5ffe?source=api-prod","cve":"CVE-2025-67923","affectedVersions":"<=3.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/512f68c0-3041-44b0-86de-b3e640cf5055/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"512f68c0-3041-44b0-86de-b3e640cf5055"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/512f68c0-3041-44b0-86de-b3e640cf5055?source=api-prod","cve":"CVE-2026-52706","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/594431b7-9bc7-4e86-bc20-311fdab657b6/jet-engine","title":"JetEngine <= 3.8.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"594431b7-9bc7-4e86-bc20-311fdab657b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/594431b7-9bc7-4e86-bc20-311fdab657b6?source=api-prod","cve":"CVE-2025-68495","affectedVersions":"<=3.8.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/77d6d38a-f590-4188-8941-ea6936ae5cf4/jet-engine","title":"JetEngine < 3.8.9.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"77d6d38a-f590-4188-8941-ea6936ae5cf4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/77d6d38a-f590-4188-8941-ea6936ae5cf4?source=api-prod","cve":"CVE-2026-49084","affectedVersions":"<3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/84875591-2754-4415-9a77-8824fdfa89dd/jet-engine","title":"JetEngine <= 3.8.1.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"84875591-2754-4415-9a77-8824fdfa89dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84875591-2754-4415-9a77-8824fdfa89dd?source=api-prod","cve":"CVE-2025-69333","affectedVersions":"<=3.8.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/850590a0-2bbc-45ff-8538-4d11b587383f/jet-engine","title":"JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"850590a0-2bbc-45ff-8538-4d11b587383f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/850590a0-2bbc-45ff-8538-4d11b587383f?source=api-prod","cve":"CVE-2026-54188","affectedVersions":"<=3.8.10","severity":"high"},{"advisoryId":"WPSECADV/WF/893500ba-cc16-4429-bbe1-725aa65589c9/jet-engine","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"893500ba-cc16-4429-bbe1-725aa65589c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-prod","cve":"CVE-2023-48761","affectedVersions":"<=3.2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ad473d5-f54b-4801-9ba3-54e4dddf26f7/jet-engine","title":"JetEngine <= 3.7.1 - Authenticated (Contributor+) Server-Side Template Injection to Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ad473d5-f54b-4801-9ba3-54e4dddf26f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ad473d5-f54b-4801-9ba3-54e4dddf26f7?source=api-prod","cve":"CVE-2025-53194","affectedVersions":"<=3.7.1","severity":"high"},{"advisoryId":"WPSECADV/WF/9a4f28bb-7669-483a-b93a-276b7a10826a/jet-engine","title":"JetEngine <= 3.7.2 - Authenticated (Contributor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a4f28bb-7669-483a-b93a-276b7a10826a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a4f28bb-7669-483a-b93a-276b7a10826a?source=api-prod","cve":"CVE-2026-28134","affectedVersions":"<=3.7.2","severity":"high"},{"advisoryId":"WPSECADV/WF/ad66015d-7831-4590-9583-3abf7ca43c3b/jet-engine","title":"JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad66015d-7831-4590-9583-3abf7ca43c3b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad66015d-7831-4590-9583-3abf7ca43c3b?source=api-prod","cve":"CVE-2023-48757","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/d36856c1-5b61-403d-816e-7efa8ca4d41a/jet-engine","title":"JetEngine <= 3.8.9.1 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"d36856c1-5b61-403d-816e-7efa8ca4d41a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d36856c1-5b61-403d-816e-7efa8ca4d41a?source=api-prod","cve":"CVE-2026-49075","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e/jet-engine","title":"Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e?source=api-prod","cve":"CVE-2023-1406","affectedVersions":"<=3.1.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d938b867-a29a-460b-bfc2-1ba4490ee105/jet-engine","title":"JetEngine <= 3.7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"d938b867-a29a-460b-bfc2-1ba4490ee105"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d938b867-a29a-460b-bfc2-1ba4490ee105?source=api-prod","cve":"CVE-2025-54688","affectedVersions":"<=3.7.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e37cabad-c41c-4fba-b01d-a5eb5c7d5254/jet-engine","title":"JetEngine <= 3.8.8.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"e37cabad-c41c-4fba-b01d-a5eb5c7d5254"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e37cabad-c41c-4fba-b01d-a5eb5c7d5254?source=api-prod","cve":"CVE-2026-42774","affectedVersions":"<=3.8.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f0e97124-641c-4d35-a274-6a127d2d7d18/jet-engine","title":"JetEngine < 3.8.4.1 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"f0e97124-641c-4d35-a274-6a127d2d7d18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0e97124-641c-4d35-a274-6a127d2d7d18?source=api-prod","cve":"CVE-2026-32355","affectedVersions":"<3.8.4.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f10cf49b-1b78-43c1-b0d1-c1dbb74d5696/jet-engine","title":"JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 16:17:43","sources":[{"name":"Wordfence","remoteId":"f10cf49b-1b78-43c1-b0d1-c1dbb74d5696"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f10cf49b-1b78-43c1-b0d1-c1dbb74d5696?source=api-prod","cve":"CVE-2026-4662","affectedVersions":"<=3.8.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f27979a8-0e68-4a45-9e3e-3667d88361d8/jet-engine","title":"Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-17 18:34:33","sources":[{"name":"Wordfence","remoteId":"f27979a8-0e68-4a45-9e3e-3667d88361d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f27979a8-0e68-4a45-9e3e-3667d88361d8?source=api-prod","cve":"CVE-2025-0369","affectedVersions":"<=3.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f866ef19-2662-49c1-a90a-920403c8799d/jet-engine","title":"JetEngine <= 3.8.9.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"f866ef19-2662-49c1-a90a-920403c8799d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f866ef19-2662-49c1-a90a-920403c8799d?source=api-prod","cve":"CVE-2026-49074","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f920d63e-2101-4192-8916-be2d42929a54/jet-engine","title":"JetEngine <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f920d63e-2101-4192-8916-be2d42929a54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f920d63e-2101-4192-8916-be2d42929a54?source=api-prod","cve":"CVE-2025-53195","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/fd5fb3fb-425a-458b-b3cb-92cd23f50726/jet-engine","title":"JetEngine <= 3.8.9.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd5fb3fb-425a-458b-b3cb-92cd23f50726"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5fb3fb-425a-458b-b3cb-92cd23f50726?source=api-prod","cve":"CVE-2026-49076","affectedVersions":"<=3.8.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/fd839b20-69d1-4cad-80fc-3e7b9940fd30/jet-engine","title":"JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd839b20-69d1-4cad-80fc-3e7b9940fd30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd839b20-69d1-4cad-80fc-3e7b9940fd30?source=api-prod","cve":"CVE-2026-12360","affectedVersions":"<=3.8.10.1","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6a65742d736d6172742d66696c74657273811c9dc5_gen.json b/internal/data/assets/plugin_6a65742d736d6172742d66696c74657273811c9dc5_gen.json index c701ef0a..c9817597 100644 --- a/internal/data/assets/plugin_6a65742d736d6172742d66696c74657273811c9dc5_gen.json +++ b/internal/data/assets/plugin_6a65742d736d6172742d66696c74657273811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1c85e5e0-d8ee-46d3-99b1-df6c6744f020/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c85e5e0-d8ee-46d3-99b1-df6c6744f020"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-prod","cve":"CVE-2023-48762","affectedVersions":"<=3.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/53704fa2-9607-4e5c-8249-699a4db1a2c0/jet-smart-filters","title":"JetSmartFilters <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"53704fa2-9607-4e5c-8249-699a4db1a2c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53704fa2-9607-4e5c-8249-699a4db1a2c0?source=api-prod","cve":"CVE-2025-30963","affectedVersions":"<=3.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7addc83b-cde5-4f91-b286-70db6f384a9f/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"7addc83b-cde5-4f91-b286-70db6f384a9f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-prod","cve":"CVE-2023-48760","affectedVersions":"<=3.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/7c9c36b3-f76b-4af9-bb2d-8b16e021cf12/jet-smart-filters","title":"JetSmartFilters <= 3.8.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c9c36b3-f76b-4af9-bb2d-8b16e021cf12"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9c36b3-f76b-4af9-bb2d-8b16e021cf12?source=api-prod","cve":"CVE-2026-48875","affectedVersions":"<=3.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/7cff6946-3983-49ea-ab4f-22cf9fa149a4/jet-smart-filters","title":"JetSmartFilters <= 3.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"7cff6946-3983-49ea-ab4f-22cf9fa149a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7cff6946-3983-49ea-ab4f-22cf9fa149a4?source=api-prod","cve":"CVE-2025-54009","affectedVersions":"<=3.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/893500ba-cc16-4429-bbe1-725aa65589c9/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"893500ba-cc16-4429-bbe1-725aa65589c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-prod","cve":"CVE-2023-48761","affectedVersions":"<=3.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb/jet-smart-filters","title":"JetSmartFilters <= 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb?source=api-prod","cve":"CVE-2025-54008","affectedVersions":"<=3.6.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1c85e5e0-d8ee-46d3-99b1-df6c6744f020/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c85e5e0-d8ee-46d3-99b1-df6c6744f020"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-prod","cve":"CVE-2023-48762","affectedVersions":"<=3.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/53704fa2-9607-4e5c-8249-699a4db1a2c0/jet-smart-filters","title":"JetSmartFilters <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"53704fa2-9607-4e5c-8249-699a4db1a2c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53704fa2-9607-4e5c-8249-699a4db1a2c0?source=api-prod","cve":"CVE-2025-30963","affectedVersions":"<=3.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7addc83b-cde5-4f91-b286-70db6f384a9f/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"7addc83b-cde5-4f91-b286-70db6f384a9f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-prod","cve":"CVE-2023-48760","affectedVersions":"<=3.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/7c9c36b3-f76b-4af9-bb2d-8b16e021cf12/jet-smart-filters","title":"JetSmartFilters <= 3.8.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c9c36b3-f76b-4af9-bb2d-8b16e021cf12"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9c36b3-f76b-4af9-bb2d-8b16e021cf12?source=api-prod","cve":"CVE-2026-48875","affectedVersions":"<=3.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/7cff6946-3983-49ea-ab4f-22cf9fa149a4/jet-smart-filters","title":"JetSmartFilters <= 3.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"7cff6946-3983-49ea-ab4f-22cf9fa149a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7cff6946-3983-49ea-ab4f-22cf9fa149a4?source=api-prod","cve":"CVE-2025-54009","affectedVersions":"<=3.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/893500ba-cc16-4429-bbe1-725aa65589c9/jet-smart-filters","title":"Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"893500ba-cc16-4429-bbe1-725aa65589c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-prod","cve":"CVE-2023-48761","affectedVersions":"<=3.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/8cee662f-f639-47ba-9534-92f4c1fe7068/jet-smart-filters","title":"JetSmartFilters <= 3.8.3 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cee662f-f639-47ba-9534-92f4c1fe7068"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cee662f-f639-47ba-9534-92f4c1fe7068?source=api-prod","cve":"CVE-2026-56067","affectedVersions":"<=3.8.3","severity":"high"},{"advisoryId":"WPSECADV/WF/918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb/jet-smart-filters","title":"JetSmartFilters <= 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/918cddb9-ecd6-4ae0-8f6e-da44c60fc5cb?source=api-prod","cve":"CVE-2025-54008","affectedVersions":"<=3.6.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6c6962726172792d6d616e6167656d656e742d73797374656d811c9dc5_gen.json b/internal/data/assets/plugin_6c6962726172792d6d616e6167656d656e742d73797374656d811c9dc5_gen.json index 9db08246..699148f8 100644 --- a/internal/data/assets/plugin_6c6962726172792d6d616e6167656d656e742d73797374656d811c9dc5_gen.json +++ b/internal/data/assets/plugin_6c6962726172792d6d616e6167656d656e742d73797374656d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0b4cb873-77b7-44f9-820c-38e5d43393f3/library-management-system","title":"Library Management System <= 3.2.0 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 15:36:49","sources":[{"name":"Wordfence","remoteId":"0b4cb873-77b7-44f9-820c-38e5d43393f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4cb873-77b7-44f9-820c-38e5d43393f3?source=api-prod","cve":"CVE-2024-12406","affectedVersions":"<=3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/70b2f35d-c58b-480c-a893-e970daca5f3f/library-management-system","title":"Library Management System <= 3.2.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"70b2f35d-c58b-480c-a893-e970daca5f3f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/70b2f35d-c58b-480c-a893-e970daca5f3f?source=api-prod","cve":"CVE-2025-12707","affectedVersions":"<=3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/9e45feb6-5ffa-4ad3-9549-4414988f040e/library-management-system","title":"Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-14 19:59:53","sources":[{"name":"Wordfence","remoteId":"9e45feb6-5ffa-4ad3-9549-4414988f040e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e45feb6-5ffa-4ad3-9549-4414988f040e?source=api-prod","cve":"CVE-2025-10303","affectedVersions":"<=3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee792903-3b55-4f1d-bba1-59ea3f1826a1/library-management-system","title":"Library Management System <= 3.1 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee792903-3b55-4f1d-bba1-59ea3f1826a1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=api-prod","cve":"CVE-2024-8679","affectedVersions":"<=3.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0b4cb873-77b7-44f9-820c-38e5d43393f3/library-management-system","title":"Library Management System <= 3.2.0 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 15:36:49","sources":[{"name":"Wordfence","remoteId":"0b4cb873-77b7-44f9-820c-38e5d43393f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4cb873-77b7-44f9-820c-38e5d43393f3?source=api-prod","cve":"CVE-2024-12406","affectedVersions":"<=3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/28ccfa60-10ad-47f5-b694-3b96857f8d22/library-management-system","title":"Library Management System <= 3.5.7 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"28ccfa60-10ad-47f5-b694-3b96857f8d22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28ccfa60-10ad-47f5-b694-3b96857f8d22?source=api-prod","cve":"CVE-2026-56034","affectedVersions":"<=3.5.7","severity":"high"},{"advisoryId":"WPSECADV/WF/70b2f35d-c58b-480c-a893-e970daca5f3f/library-management-system","title":"Library Management System <= 3.2.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"70b2f35d-c58b-480c-a893-e970daca5f3f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/70b2f35d-c58b-480c-a893-e970daca5f3f?source=api-prod","cve":"CVE-2025-12707","affectedVersions":"<=3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/9e45feb6-5ffa-4ad3-9549-4414988f040e/library-management-system","title":"Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-14 19:59:53","sources":[{"name":"Wordfence","remoteId":"9e45feb6-5ffa-4ad3-9549-4414988f040e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e45feb6-5ffa-4ad3-9549-4414988f040e?source=api-prod","cve":"CVE-2025-10303","affectedVersions":"<=3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee792903-3b55-4f1d-bba1-59ea3f1826a1/library-management-system","title":"Library Management System <= 3.1 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee792903-3b55-4f1d-bba1-59ea3f1826a1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=api-prod","cve":"CVE-2024-8679","affectedVersions":"<=3.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6c6976652d636f70792d7061737465811c9dc5_gen.json b/internal/data/assets/plugin_6c6976652d636f70792d7061737465811c9dc5_gen.json new file mode 100644 index 00000000..51b41580 --- /dev/null +++ b/internal/data/assets/plugin_6c6976652d636f70792d7061737465811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/69beccd3-864c-42d7-8bf9-2e9cc9f6c81e/live-copy-paste","title":"Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator <= 1.5.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"69beccd3-864c-42d7-8bf9-2e9cc9f6c81e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69beccd3-864c-42d7-8bf9-2e9cc9f6c81e?source=api-prod","cve":"CVE-2025-63079","affectedVersions":"<=1.5.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d6162656c2d73686f707061626c652d696d616765732d6c697465811c9dc5_gen.json b/internal/data/assets/plugin_6d6162656c2d73686f707061626c652d696d616765732d6c697465811c9dc5_gen.json index 90475304..3b71fd05 100644 --- a/internal/data/assets/plugin_6d6162656c2d73686f707061626c652d696d616765732d6c697465811c9dc5_gen.json +++ b/internal/data/assets/plugin_6d6162656c2d73686f707061626c652d696d616765732d6c697465811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13/mabel-shoppable-images-lite","title":"Shoppable Images <= 1.2.3 - Cross Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e6a78dc-9b67-4ab5-83f9-be82d05d3a13"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13?source=api-prod","cve":"CVE-2023-25698","affectedVersions":"<=1.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/413b2b38-44f2-4756-b66d-b6544c7ecaa2/mabel-shoppable-images-lite","title":"Shoppable Images Lite <= 1.2.3 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"413b2b38-44f2-4756-b66d-b6544c7ecaa2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2?source=api-prod","affectedVersions":"<=1.2.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/22f6a369-7068-4df8-9c6c-f20cceb0c39b/mabel-shoppable-images-lite","title":"Shoppable Images (Lookbook) for WooCommerce <= 1.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"22f6a369-7068-4df8-9c6c-f20cceb0c39b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22f6a369-7068-4df8-9c6c-f20cceb0c39b?source=api-prod","cve":"CVE-2026-57649","affectedVersions":"<=1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13/mabel-shoppable-images-lite","title":"Shoppable Images <= 1.2.3 - Cross Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e6a78dc-9b67-4ab5-83f9-be82d05d3a13"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13?source=api-prod","cve":"CVE-2023-25698","affectedVersions":"<=1.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/413b2b38-44f2-4756-b66d-b6544c7ecaa2/mabel-shoppable-images-lite","title":"Shoppable Images Lite <= 1.2.3 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"413b2b38-44f2-4756-b66d-b6544c7ecaa2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2?source=api-prod","affectedVersions":"<=1.2.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d6167617a696e652d626c6f636b73811c9dc5_gen.json b/internal/data/assets/plugin_6d6167617a696e652d626c6f636b73811c9dc5_gen.json index e0bbec69..8158c9ab 100644 --- a/internal/data/assets/plugin_6d6167617a696e652d626c6f636b73811c9dc5_gen.json +++ b/internal/data/assets/plugin_6d6167617a696e652d626c6f636b73811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/246bf014-c52b-4d5d-b80a-7f3345aaa47a/magazine-blocks","title":"Magazine Blocks <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"246bf014-c52b-4d5d-b80a-7f3345aaa47a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/246bf014-c52b-4d5d-b80a-7f3345aaa47a?source=api-prod","cve":"CVE-2024-50429","affectedVersions":"<=1.3.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c32a5f5-65f1-44d0-b133-0a304131b1f7/magazine-blocks","title":"Magazine Blocks <= 1.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c32a5f5-65f1-44d0-b133-0a304131b1f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c32a5f5-65f1-44d0-b133-0a304131b1f7?source=api-prod","cve":"CVE-2026-40728","affectedVersions":"<=1.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7fdc9003-35e9-4fe9-a3e9-353d6bab525a/magazine-blocks","title":"Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"7fdc9003-35e9-4fe9-a3e9-353d6bab525a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fdc9003-35e9-4fe9-a3e9-353d6bab525a?source=api-prod","cve":"CVE-2024-34760","affectedVersions":"<=1.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4c27225-f9db-4ae5-bb1f-ce8648c216eb/magazine-blocks","title":"Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4c27225-f9db-4ae5-bb1f-ce8648c216eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=api-prod","cve":"CVE-2024-9218","affectedVersions":"<=1.3.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/fb53d658-c596-4d5c-a7be-d7c5415f4733/magazine-blocks","title":"Magazine Blocks <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"fb53d658-c596-4d5c-a7be-d7c5415f4733"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb53d658-c596-4d5c-a7be-d7c5415f4733?source=api-prod","cve":"CVE-2024-56258","affectedVersions":"<=1.3.20","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/246bf014-c52b-4d5d-b80a-7f3345aaa47a/magazine-blocks","title":"Magazine Blocks <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"246bf014-c52b-4d5d-b80a-7f3345aaa47a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/246bf014-c52b-4d5d-b80a-7f3345aaa47a?source=api-prod","cve":"CVE-2024-50429","affectedVersions":"<=1.3.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c32a5f5-65f1-44d0-b133-0a304131b1f7/magazine-blocks","title":"Magazine Blocks <= 1.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c32a5f5-65f1-44d0-b133-0a304131b1f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c32a5f5-65f1-44d0-b133-0a304131b1f7?source=api-prod","cve":"CVE-2026-40728","affectedVersions":"<=1.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/53fc946c-285a-4d48-8430-777e94df07c5/magazine-blocks","title":"Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"53fc946c-285a-4d48-8430-777e94df07c5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53fc946c-285a-4d48-8430-777e94df07c5?source=api-prod","cve":"CVE-2026-57650","affectedVersions":"<=1.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/7fdc9003-35e9-4fe9-a3e9-353d6bab525a/magazine-blocks","title":"Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"7fdc9003-35e9-4fe9-a3e9-353d6bab525a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fdc9003-35e9-4fe9-a3e9-353d6bab525a?source=api-prod","cve":"CVE-2024-34760","affectedVersions":"<=1.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4c27225-f9db-4ae5-bb1f-ce8648c216eb/magazine-blocks","title":"Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4c27225-f9db-4ae5-bb1f-ce8648c216eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=api-prod","cve":"CVE-2024-9218","affectedVersions":"<=1.3.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/fb53d658-c596-4d5c-a7be-d7c5415f4733/magazine-blocks","title":"Magazine Blocks <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"fb53d658-c596-4d5c-a7be-d7c5415f4733"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb53d658-c596-4d5c-a7be-d7c5415f4733?source=api-prod","cve":"CVE-2024-56258","affectedVersions":"<=1.3.20","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d61696e77702d6368696c64811c9dc5_gen.json b/internal/data/assets/plugin_6d61696e77702d6368696c64811c9dc5_gen.json index 988bb6df..d862ad51 100644 --- a/internal/data/assets/plugin_6d61696e77702d6368696c64811c9dc5_gen.json +++ b/internal/data/assets/plugin_6d61696e77702d6368696c64811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/71d63f0d-ce01-489e-bcc4-7632f1a4bb04/mainwp-child","title":"MainWP Dashboard and MainWP Child <= 2.0.22 - Unspecified Vulnerability\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"71d63f0d-ce01-489e-bcc4-7632f1a4bb04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71d63f0d-ce01-489e-bcc4-7632f1a4bb04?source=api-prod","affectedVersions":"<=2.0.22","severity":"high"},{"advisoryId":"WPSECADV/WF/84019c69-32fd-4331-95d7-53ea1aaff616/mainwp-child","title":"MainWP Child – Securely connects sites to the MainWP WordPress Manager Dashboard < 2.0.9.2 - Authentication Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"84019c69-32fd-4331-95d7-53ea1aaff616"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84019c69-32fd-4331-95d7-53ea1aaff616?source=api-prod","affectedVersions":"<2.0.9.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/8a303875-ad8c-40ed-a3ab-4a63080c9845/mainwp-child","title":"MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a303875-ad8c-40ed-a3ab-4a63080c9845"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a303875-ad8c-40ed-a3ab-4a63080c9845?source=api-prod","cve":"CVE-2021-24877","affectedVersions":"<4.1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/9156e536-a58e-4d78-b136-af8a9613ee23/mainwp-child","title":"MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"9156e536-a58e-4d78-b136-af8a9613ee23"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9156e536-a58e-4d78-b136-af8a9613ee23?source=api-prod","cve":"CVE-2024-10783","affectedVersions":"<=5.3.3","severity":"high"},{"advisoryId":"WPSECADV/WF/a1fadba1-674f-4f3d-997f-d29d3a887414/mainwp-child","title":"MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1fadba1-674f-4f3d-997f-d29d3a887414"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=api-prod","cve":"CVE-2023-3132","affectedVersions":"<=4.4.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5a34838-fdc5-4954-9576-abf81cbaac2e/mainwp-child","title":"MainWP Child <= 2.0.27 - Multiple Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5a34838-fdc5-4954-9576-abf81cbaac2e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a34838-fdc5-4954-9576-abf81cbaac2e?source=api-prod","affectedVersions":"<=2.0.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/f83f878d-b708-4677-929a-e1ced535d99f/mainwp-child","title":"MainWP Child < 3.4.5 - Authentication Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f83f878d-b708-4677-929a-e1ced535d99f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f83f878d-b708-4677-929a-e1ced535d99f?source=api-prod","affectedVersions":"<3.4.5","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/71d63f0d-ce01-489e-bcc4-7632f1a4bb04/mainwp-child","title":"MainWP Dashboard and MainWP Child <= 2.0.22 - Unspecified Vulnerability\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"71d63f0d-ce01-489e-bcc4-7632f1a4bb04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71d63f0d-ce01-489e-bcc4-7632f1a4bb04?source=api-prod","affectedVersions":"<=2.0.22","severity":"high"},{"advisoryId":"WPSECADV/WF/84019c69-32fd-4331-95d7-53ea1aaff616/mainwp-child","title":"MainWP Child – Securely connects sites to the MainWP WordPress Manager Dashboard < 2.0.9.2 - Authentication Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"84019c69-32fd-4331-95d7-53ea1aaff616"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84019c69-32fd-4331-95d7-53ea1aaff616?source=api-prod","affectedVersions":"<2.0.9.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/8a303875-ad8c-40ed-a3ab-4a63080c9845/mainwp-child","title":"MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a303875-ad8c-40ed-a3ab-4a63080c9845"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a303875-ad8c-40ed-a3ab-4a63080c9845?source=api-prod","cve":"CVE-2021-24877","affectedVersions":"<4.1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/9156e536-a58e-4d78-b136-af8a9613ee23/mainwp-child","title":"MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"9156e536-a58e-4d78-b136-af8a9613ee23"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9156e536-a58e-4d78-b136-af8a9613ee23?source=api-prod","cve":"CVE-2024-10783","affectedVersions":"<=5.3.3","severity":"high"},{"advisoryId":"WPSECADV/WF/9e9c03af-4d4d-4de6-97a7-416ce22ab2aa/mainwp-child","title":"MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites <= 6.1.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"9e9c03af-4d4d-4de6-97a7-416ce22ab2aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9c03af-4d4d-4de6-97a7-416ce22ab2aa?source=api-prod","cve":"CVE-2026-27366","affectedVersions":"<=6.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1fadba1-674f-4f3d-997f-d29d3a887414/mainwp-child","title":"MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1fadba1-674f-4f3d-997f-d29d3a887414"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=api-prod","cve":"CVE-2023-3132","affectedVersions":"<=4.4.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5a34838-fdc5-4954-9576-abf81cbaac2e/mainwp-child","title":"MainWP Child <= 2.0.27 - Multiple Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5a34838-fdc5-4954-9576-abf81cbaac2e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a34838-fdc5-4954-9576-abf81cbaac2e?source=api-prod","affectedVersions":"<=2.0.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/f83f878d-b708-4677-929a-e1ced535d99f/mainwp-child","title":"MainWP Child < 3.4.5 - Authentication Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f83f878d-b708-4677-929a-e1ced535d99f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f83f878d-b708-4677-929a-e1ced535d99f?source=api-prod","affectedVersions":"<3.4.5","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d617374657273747564792d6c6d732d6c6561726e696e672d6d616e6167656d656e742d73797374656d811c9dc5_gen.json b/internal/data/assets/plugin_6d617374657273747564792d6c6d732d6c6561726e696e672d6d616e6167656d656e742d73797374656d811c9dc5_gen.json index 972bbbce..6a1dc541 100644 --- a/internal/data/assets/plugin_6d617374657273747564792d6c6d732d6c6561726e696e672d6d616e6167656d656e742d73797374656d811c9dc5_gen.json +++ b/internal/data/assets/plugin_6d617374657273747564792d6c6d732d6c6561726e696e672d6d616e6167656d656e742d73797374656d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/174e2bf3-2531-4a53-ade6-3df7e976ed29/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"174e2bf3-2531-4a53-ade6-3df7e976ed29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/174e2bf3-2531-4a53-ade6-3df7e976ed29?source=api-prod","cve":"CVE-2023-35090","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/18498171-7db1-4ebb-8fe0-a66d9343cb46/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.23 - Unauthenticated Limited Privilege Escalation to Instructor\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"18498171-7db1-4ebb-8fe0-a66d9343cb46"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18498171-7db1-4ebb-8fe0-a66d9343cb46?source=api-prod","cve":"CVE-2024-5973","affectedVersions":"<=3.3.23","severity":"high"},{"advisoryId":"WPSECADV/WF/18fd631d-9e9b-46ee-953f-61ad3458e1dd/masterstudy-lms-learning-management-system","title":"MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"18fd631d-9e9b-46ee-953f-61ad3458e1dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18fd631d-9e9b-46ee-953f-61ad3458e1dd?source=api-prod","cve":"CVE-2022-0441","affectedVersions":"<=2.7.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/1be686d3-16b1-4ec7-b304-848ca4d7162c/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be686d3-16b1-4ec7-b304-848ca4d7162c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=api-prod","cve":"CVE-2024-1904","affectedVersions":"<=3.2.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734?source=api-prod","affectedVersions":"<=2.9.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/1f404b2f-536d-4549-b74b-90b8bbd0edae/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Authenticated (Subscriber+) Race Condition to Multiple Reviews\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"1f404b2f-536d-4549-b74b-90b8bbd0edae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1f404b2f-536d-4549-b74b-90b8bbd0edae?source=api-prod","cve":"CVE-2025-59577","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/231f1e11-661d-40e4-a139-0ee2be95d551/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.12 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"231f1e11-661d-40e4-a139-0ee2be95d551"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/231f1e11-661d-40e4-a139-0ee2be95d551?source=api-prod","cve":"CVE-2024-37094","affectedVersions":"<=3.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/2719739a-90dc-470b-9270-8578e0cead59/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 19:29:47","sources":[{"name":"Wordfence","remoteId":"2719739a-90dc-470b-9270-8578e0cead59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2719739a-90dc-470b-9270-8578e0cead59?source=api-prod","cve":"CVE-2025-13766","affectedVersions":"<=3.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/27e4d519-bc98-44d3-a519-72674184e7f2/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"27e4d519-bc98-44d3-a519-72674184e7f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=api-prod","cve":"CVE-2024-2106","affectedVersions":"<=3.2.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/37331768-c838-44e0-a22d-4bf4141dd820/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Authenticated (Instructor+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"37331768-c838-44e0-a22d-4bf4141dd820"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37331768-c838-44e0-a22d-4bf4141dd820?source=api-prod","cve":"CVE-2025-59575","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/417ae2f2-e245-49bb-8b77-0eabf6095459/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"417ae2f2-e245-49bb-8b77-0eabf6095459"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/417ae2f2-e245-49bb-8b77-0eabf6095459?source=api-prod","cve":"CVE-2023-35093","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/masterstudy-lms-learning-management-system","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=2.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/64eb3d67-7056-4a03-ba3b-a04c2e96648d/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"64eb3d67-7056-4a03-ba3b-a04c2e96648d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=api-prod","cve":"CVE-2024-3942","affectedVersions":"<=3.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ed96d76-ef7d-46c5-a164-992dd4f15afe/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ed96d76-ef7d-46c5-a164-992dd4f15afe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed96d76-ef7d-46c5-a164-992dd4f15afe?source=api-prod","cve":"CVE-2025-59576","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 12:48:08","sources":[{"name":"Wordfence","remoteId":"7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05?source=api-prod","cve":"CVE-2026-4817","affectedVersions":"<=3.7.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bd3c653-249c-42b1-8af7-beac4ac3dd30/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.29 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"7bd3c653-249c-42b1-8af7-beac4ac3dd30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bd3c653-249c-42b1-8af7-beac4ac3dd30?source=api-prod","cve":"CVE-2026-42730","affectedVersions":"<=3.7.29","severity":"medium"},{"advisoryId":"WPSECADV/WF/93d8ed64-0b3e-4410-9166-6e7861d885ca/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.25 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"93d8ed64-0b3e-4410-9166-6e7861d885ca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93d8ed64-0b3e-4410-9166-6e7861d885ca?source=api-prod","cve":"CVE-2026-40766","affectedVersions":"<=3.7.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/94736152-b365-4b3a-a786-ed49f7d0fc7a/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"94736152-b365-4b3a-a786-ed49f7d0fc7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=api-prod","cve":"CVE-2024-2409","affectedVersions":"<=3.3.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/9a573740-cdfe-4b58-b33b-5e50bcbc4779/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a573740-cdfe-4b58-b33b-5e50bcbc4779"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=api-prod","cve":"CVE-2024-3136","affectedVersions":"<=3.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/9c97283b-404d-4138-b8a1-057f068e3564/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.5.28 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c97283b-404d-4138-b8a1-057f068e3564"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c97283b-404d-4138-b8a1-057f068e3564?source=api-prod","cve":"CVE-2025-32141","affectedVersions":"<=3.5.28","severity":"high"},{"advisoryId":"WPSECADV/WF/b1146350-4491-4fa0-8b78-6dbc00903160/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-13 18:22:45","sources":[{"name":"Wordfence","remoteId":"b1146350-4491-4fa0-8b78-6dbc00903160"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1146350-4491-4fa0-8b78-6dbc00903160?source=api-prod","cve":"CVE-2026-0559","affectedVersions":"<=3.7.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/c624e17f-66f8-4389-b922-b97c73b3c4a2/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.5.28 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c624e17f-66f8-4389-b922-b97c73b3c4a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c624e17f-66f8-4389-b922-b97c73b3c4a2?source=api-prod","cve":"CVE-2025-32237","affectedVersions":"<=3.5.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68a2b60-ee89-4231-b256-214eba418244/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68a2b60-ee89-4231-b256-214eba418244"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68a2b60-ee89-4231-b256-214eba418244?source=api-prod","cve":"CVE-2024-2411","affectedVersions":"<=3.3.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d6b6d824-51d3-4da9-a39a-b957368df4dc/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6b6d824-51d3-4da9-a39a-b957368df4dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=api-prod","cve":"CVE-2024-1512","affectedVersions":"<=3.2.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/d6d0651a-c2e2-4985-927c-b60e80475450/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.27 - Authenticated (Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6d0651a-c2e2-4985-927c-b60e80475450"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6d0651a-c2e2-4985-927c-b60e80475450?source=api-prod","cve":"CVE-2025-64366","affectedVersions":"<=3.6.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/da744a22-bfb2-4bbe-ab22-f18cec945a3a/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.15 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"da744a22-bfb2-4bbe-ab22-f18cec945a3a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/da744a22-bfb2-4bbe-ab22-f18cec945a3a?source=api-prod","cve":"CVE-2025-54744","affectedVersions":"<=3.6.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/df00c8bc-8acd-4197-86fe-b88cb47d52c3/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.17 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"df00c8bc-8acd-4197-86fe-b88cb47d52c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/df00c8bc-8acd-4197-86fe-b88cb47d52c3?source=api-prod","cve":"CVE-2023-4278","affectedVersions":"<=3.0.17","severity":"high"},{"advisoryId":"WPSECADV/WF/ec56fc7e-9752-4418-87b2-b27b09cf2654/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec56fc7e-9752-4418-87b2-b27b09cf2654"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec56fc7e-9752-4418-87b2-b27b09cf2654?source=api-prod","cve":"CVE-2024-37093","affectedVersions":"<=3.2.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/174e2bf3-2531-4a53-ade6-3df7e976ed29/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"174e2bf3-2531-4a53-ade6-3df7e976ed29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/174e2bf3-2531-4a53-ade6-3df7e976ed29?source=api-prod","cve":"CVE-2023-35090","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/18498171-7db1-4ebb-8fe0-a66d9343cb46/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.23 - Unauthenticated Limited Privilege Escalation to Instructor\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"18498171-7db1-4ebb-8fe0-a66d9343cb46"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18498171-7db1-4ebb-8fe0-a66d9343cb46?source=api-prod","cve":"CVE-2024-5973","affectedVersions":"<=3.3.23","severity":"high"},{"advisoryId":"WPSECADV/WF/18fd631d-9e9b-46ee-953f-61ad3458e1dd/masterstudy-lms-learning-management-system","title":"MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"18fd631d-9e9b-46ee-953f-61ad3458e1dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18fd631d-9e9b-46ee-953f-61ad3458e1dd?source=api-prod","cve":"CVE-2022-0441","affectedVersions":"<=2.7.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/1be686d3-16b1-4ec7-b304-848ca4d7162c/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be686d3-16b1-4ec7-b304-848ca4d7162c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=api-prod","cve":"CVE-2024-1904","affectedVersions":"<=3.2.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734?source=api-prod","affectedVersions":"<=2.9.34","severity":"medium"},{"advisoryId":"WPSECADV/WF/1f404b2f-536d-4549-b74b-90b8bbd0edae/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Authenticated (Subscriber+) Race Condition to Multiple Reviews\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"1f404b2f-536d-4549-b74b-90b8bbd0edae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1f404b2f-536d-4549-b74b-90b8bbd0edae?source=api-prod","cve":"CVE-2025-59577","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/231f1e11-661d-40e4-a139-0ee2be95d551/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.12 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"231f1e11-661d-40e4-a139-0ee2be95d551"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/231f1e11-661d-40e4-a139-0ee2be95d551?source=api-prod","cve":"CVE-2024-37094","affectedVersions":"<=3.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/2719739a-90dc-470b-9270-8578e0cead59/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 19:29:47","sources":[{"name":"Wordfence","remoteId":"2719739a-90dc-470b-9270-8578e0cead59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2719739a-90dc-470b-9270-8578e0cead59?source=api-prod","cve":"CVE-2025-13766","affectedVersions":"<=3.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/27e4d519-bc98-44d3-a519-72674184e7f2/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"27e4d519-bc98-44d3-a519-72674184e7f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=api-prod","cve":"CVE-2024-2106","affectedVersions":"<=3.2.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/37331768-c838-44e0-a22d-4bf4141dd820/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Authenticated (Instructor+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"37331768-c838-44e0-a22d-4bf4141dd820"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37331768-c838-44e0-a22d-4bf4141dd820?source=api-prod","cve":"CVE-2025-59575","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/417ae2f2-e245-49bb-8b77-0eabf6095459/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"417ae2f2-e245-49bb-8b77-0eabf6095459"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/417ae2f2-e245-49bb-8b77-0eabf6095459?source=api-prod","cve":"CVE-2023-35093","affectedVersions":"<=3.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/masterstudy-lms-learning-management-system","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=2.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/64eb3d67-7056-4a03-ba3b-a04c2e96648d/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"64eb3d67-7056-4a03-ba3b-a04c2e96648d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=api-prod","cve":"CVE-2024-3942","affectedVersions":"<=3.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ed96d76-ef7d-46c5-a164-992dd4f15afe/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.20 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ed96d76-ef7d-46c5-a164-992dd4f15afe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed96d76-ef7d-46c5-a164-992dd4f15afe?source=api-prod","cve":"CVE-2025-59576","affectedVersions":"<=3.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 12:48:08","sources":[{"name":"Wordfence","remoteId":"7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05?source=api-prod","cve":"CVE-2026-4817","affectedVersions":"<=3.7.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bd3c653-249c-42b1-8af7-beac4ac3dd30/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.29 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"7bd3c653-249c-42b1-8af7-beac4ac3dd30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bd3c653-249c-42b1-8af7-beac4ac3dd30?source=api-prod","cve":"CVE-2026-42730","affectedVersions":"<=3.7.29","severity":"medium"},{"advisoryId":"WPSECADV/WF/93d8ed64-0b3e-4410-9166-6e7861d885ca/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.25 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"93d8ed64-0b3e-4410-9166-6e7861d885ca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93d8ed64-0b3e-4410-9166-6e7861d885ca?source=api-prod","cve":"CVE-2026-40766","affectedVersions":"<=3.7.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/94736152-b365-4b3a-a786-ed49f7d0fc7a/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"94736152-b365-4b3a-a786-ed49f7d0fc7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=api-prod","cve":"CVE-2024-2409","affectedVersions":"<=3.3.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/9a573740-cdfe-4b58-b33b-5e50bcbc4779/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a573740-cdfe-4b58-b33b-5e50bcbc4779"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=api-prod","cve":"CVE-2024-3136","affectedVersions":"<=3.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/9c97283b-404d-4138-b8a1-057f068e3564/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.5.28 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c97283b-404d-4138-b8a1-057f068e3564"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c97283b-404d-4138-b8a1-057f068e3564?source=api-prod","cve":"CVE-2025-32141","affectedVersions":"<=3.5.28","severity":"high"},{"advisoryId":"WPSECADV/WF/b1146350-4491-4fa0-8b78-6dbc00903160/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-13 18:22:45","sources":[{"name":"Wordfence","remoteId":"b1146350-4491-4fa0-8b78-6dbc00903160"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1146350-4491-4fa0-8b78-6dbc00903160?source=api-prod","cve":"CVE-2026-0559","affectedVersions":"<=3.7.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/c624e17f-66f8-4389-b922-b97c73b3c4a2/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.5.28 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c624e17f-66f8-4389-b922-b97c73b3c4a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c624e17f-66f8-4389-b922-b97c73b3c4a2?source=api-prod","cve":"CVE-2025-32237","affectedVersions":"<=3.5.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68a2b60-ee89-4231-b256-214eba418244/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68a2b60-ee89-4231-b256-214eba418244"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68a2b60-ee89-4231-b256-214eba418244?source=api-prod","cve":"CVE-2024-2411","affectedVersions":"<=3.3.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d6b6d824-51d3-4da9-a39a-b957368df4dc/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6b6d824-51d3-4da9-a39a-b957368df4dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=api-prod","cve":"CVE-2024-1512","affectedVersions":"<=3.2.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/d6d0651a-c2e2-4985-927c-b60e80475450/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.27 - Authenticated (Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6d0651a-c2e2-4985-927c-b60e80475450"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6d0651a-c2e2-4985-927c-b60e80475450?source=api-prod","cve":"CVE-2025-64366","affectedVersions":"<=3.6.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/da744a22-bfb2-4bbe-ab22-f18cec945a3a/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.6.15 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"da744a22-bfb2-4bbe-ab22-f18cec945a3a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/da744a22-bfb2-4bbe-ab22-f18cec945a3a?source=api-prod","cve":"CVE-2025-54744","affectedVersions":"<=3.6.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/df00c8bc-8acd-4197-86fe-b88cb47d52c3/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.0.17 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"df00c8bc-8acd-4197-86fe-b88cb47d52c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/df00c8bc-8acd-4197-86fe-b88cb47d52c3?source=api-prod","cve":"CVE-2023-4278","affectedVersions":"<=3.0.17","severity":"high"},{"advisoryId":"WPSECADV/WF/ec56fc7e-9752-4418-87b2-b27b09cf2654/masterstudy-lms-learning-management-system","title":"MasterStudy LMS <= 3.2.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec56fc7e-9752-4418-87b2-b27b09cf2654"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec56fc7e-9752-4418-87b2-b27b09cf2654?source=api-prod","cve":"CVE-2024-37093","affectedVersions":"<=3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/ff6c0ce5-b98e-4005-b8ea-7328119aec97/masterstudy-lms-learning-management-system","title":"MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.30 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"ff6c0ce5-b98e-4005-b8ea-7328119aec97"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6c0ce5-b98e-4005-b8ea-7328119aec97?source=api-prod","cve":"CVE-2026-57640","affectedVersions":"<=3.7.30","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d702d72657374617572616e742d6d656e75811c9dc5_gen.json b/internal/data/assets/plugin_6d702d72657374617572616e742d6d656e75811c9dc5_gen.json index 8c476b61..a5815efb 100644 --- a/internal/data/assets/plugin_6d702d72657374617572616e742d6d656e75811c9dc5_gen.json +++ b/internal/data/assets/plugin_6d702d72657374617572616e742d6d656e75811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0c88c526-5978-4319-885b-8edac3f028a4/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.7 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c88c526-5978-4319-885b-8edac3f028a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c88c526-5978-4319-885b-8edac3f028a4?source=api-prod","cve":"CVE-2025-49914","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/673eb0ec-89c2-4d36-91fb-c18a110fe6c4/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.4 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"673eb0ec-89c2-4d36-91fb-c18a110fe6c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/673eb0ec-89c2-4d36-91fb-c18a110fe6c4?source=api-prod","cve":"CVE-2025-30846","affectedVersions":"<=2.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/8cac4bde-8518-48ec-8cbd-4cdf6094b831/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cac4bde-8518-48ec-8cbd-4cdf6094b831"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cac4bde-8518-48ec-8cbd-4cdf6094b831?source=api-prod","cve":"CVE-2021-24722","affectedVersions":"<2.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c4e13ff2-410e-4a65-8b9c-660629eefd5b/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c4e13ff2-410e-4a65-8b9c-660629eefd5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4e13ff2-410e-4a65-8b9c-660629eefd5b?source=api-prod","cve":"CVE-2025-54038","affectedVersions":"<=2.4.6","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0c88c526-5978-4319-885b-8edac3f028a4/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.7 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c88c526-5978-4319-885b-8edac3f028a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c88c526-5978-4319-885b-8edac3f028a4?source=api-prod","cve":"CVE-2025-49914","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/517f0c5e-7a73-475c-8676-9cd031ca6d9a/mp-restaurant-menu","title":"Restaurant Menu and Food Ordering <= 2.4.11 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"517f0c5e-7a73-475c-8676-9cd031ca6d9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/517f0c5e-7a73-475c-8676-9cd031ca6d9a?source=api-prod","cve":"CVE-2025-63078","affectedVersions":"<=2.4.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/673eb0ec-89c2-4d36-91fb-c18a110fe6c4/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.4 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"673eb0ec-89c2-4d36-91fb-c18a110fe6c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/673eb0ec-89c2-4d36-91fb-c18a110fe6c4?source=api-prod","cve":"CVE-2025-30846","affectedVersions":"<=2.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/8cac4bde-8518-48ec-8cbd-4cdf6094b831/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cac4bde-8518-48ec-8cbd-4cdf6094b831"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cac4bde-8518-48ec-8cbd-4cdf6094b831?source=api-prod","cve":"CVE-2021-24722","affectedVersions":"<2.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c4e13ff2-410e-4a65-8b9c-660629eefd5b/mp-restaurant-menu","title":"Restaurant Menu by MotoPress <= 2.4.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c4e13ff2-410e-4a65-8b9c-660629eefd5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4e13ff2-410e-4a65-8b9c-660629eefd5b?source=api-prod","cve":"CVE-2025-54038","affectedVersions":"<=2.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/fb77413e-3e7a-4315-8dde-59ac4e2534ae/mp-restaurant-menu","title":"Restaurant Menu and Food Ordering <= 2.4.10 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"fb77413e-3e7a-4315-8dde-59ac4e2534ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb77413e-3e7a-4315-8dde-59ac4e2534ae?source=api-prod","cve":"CVE-2026-57644","affectedVersions":"<=2.4.10","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6e656c696f2d636f6e74656e74811c9dc5_gen.json b/internal/data/assets/plugin_6e656c696f2d636f6e74656e74811c9dc5_gen.json index db9671b4..ef427d4e 100644 --- a/internal/data/assets/plugin_6e656c696f2d636f6e74656e74811c9dc5_gen.json +++ b/internal/data/assets/plugin_6e656c696f2d636f6e74656e74811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/150d9d64-6f7f-4646-b03f-dbc63fd0e791/nelio-content","title":"Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"150d9d64-6f7f-4646-b03f-dbc63fd0e791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/150d9d64-6f7f-4646-b03f-dbc63fd0e791?source=api-prod","cve":"CVE-2024-30531","affectedVersions":"<=3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/42cd1d08-4d5a-466b-930c-f4e28ae4d52c/nelio-content","title":"Nelio Content <= 4.2.0 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"42cd1d08-4d5a-466b-930c-f4e28ae4d52c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/42cd1d08-4d5a-466b-930c-f4e28ae4d52c?source=api-prod","cve":"CVE-2026-24572","affectedVersions":"<=4.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/67bacd52-9d23-4222-a8a7-ae98f66c752a/nelio-content","title":"Nelio Content <= 4.3.1 - Authenticated (Contributor+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"67bacd52-9d23-4222-a8a7-ae98f66c752a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67bacd52-9d23-4222-a8a7-ae98f66c752a?source=api-prod","cve":"CVE-2026-39521","affectedVersions":"<=4.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cc6b521b-32a4-40a2-bb4e-c0c7642693c9/nelio-content","title":"Nelio Content <= 4.0.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc6b521b-32a4-40a2-bb4e-c0c7642693c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc6b521b-32a4-40a2-bb4e-c0c7642693c9?source=api-prod","cve":"CVE-2025-62927","affectedVersions":"<=4.0.5","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/150d9d64-6f7f-4646-b03f-dbc63fd0e791/nelio-content","title":"Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"150d9d64-6f7f-4646-b03f-dbc63fd0e791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/150d9d64-6f7f-4646-b03f-dbc63fd0e791?source=api-prod","cve":"CVE-2024-30531","affectedVersions":"<=3.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/42cd1d08-4d5a-466b-930c-f4e28ae4d52c/nelio-content","title":"Nelio Content <= 4.2.0 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"42cd1d08-4d5a-466b-930c-f4e28ae4d52c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/42cd1d08-4d5a-466b-930c-f4e28ae4d52c?source=api-prod","cve":"CVE-2026-24572","affectedVersions":"<=4.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/67bacd52-9d23-4222-a8a7-ae98f66c752a/nelio-content","title":"Nelio Content <= 4.3.1 - Authenticated (Contributor+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"67bacd52-9d23-4222-a8a7-ae98f66c752a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67bacd52-9d23-4222-a8a7-ae98f66c752a?source=api-prod","cve":"CVE-2026-39521","affectedVersions":"<=4.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cc6b521b-32a4-40a2-bb4e-c0c7642693c9/nelio-content","title":"Nelio Content <= 4.0.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc6b521b-32a4-40a2-bb4e-c0c7642693c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc6b521b-32a4-40a2-bb4e-c0c7642693c9?source=api-prod","cve":"CVE-2025-62927","affectedVersions":"<=4.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/d5c9f08b-c02c-44e1-a8ae-3a2b1e06508a/nelio-content","title":"Nelio Content – Editorial Calendar & Social Media Auto-Posting <= 4.3.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5c9f08b-c02c-44e1-a8ae-3a2b1e06508a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c9f08b-c02c-44e1-a8ae-3a2b1e06508a?source=api-prod","cve":"CVE-2026-57648","affectedVersions":"<=4.3.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6e6577736c6574746572732d6c697465811c9dc5_gen.json b/internal/data/assets/plugin_6e6577736c6574746572732d6c697465811c9dc5_gen.json index 6c3507d9..af1d9b0d 100644 --- a/internal/data/assets/plugin_6e6577736c6574746572732d6c697465811c9dc5_gen.json +++ b/internal/data/assets/plugin_6e6577736c6574746572732d6c697465811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01d5f559-d784-4399-9009-6edc584f8f09/newsletters-lite","title":"Newsletters <= 4.9.9.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"01d5f559-d784-4399-9009-6edc584f8f09"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01d5f559-d784-4399-9009-6edc584f8f09?source=api-prod","cve":"CVE-2024-47346","affectedVersions":"<=4.9.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0cd6474f-72e1-4ec2-a056-3c05a0dfa173/newsletters-lite","title":"Newsletters <= 4.8.8 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"0cd6474f-72e1-4ec2-a056-3c05a0dfa173"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd6474f-72e1-4ec2-a056-3c05a0dfa173?source=api-prod","cve":"CVE-2023-30478","affectedVersions":"<=4.8.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/1aa7a7f9-f331-4d06-94ea-182535080a90/newsletters-lite","title":"Newsletters <= 4.6.18 - Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1aa7a7f9-f331-4d06-94ea-182535080a90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7a7f9-f331-4d06-94ea-182535080a90?source=api-prod","cve":"CVE-2019-14788","affectedVersions":"<4.6.19","severity":"high"},{"advisoryId":"WPSECADV/WF/2577102f-6355-4483-bd3d-1948497cb843/newsletters-lite","title":"Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"2577102f-6355-4483-bd3d-1948497cb843"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=api-prod","cve":"CVE-2024-8247","affectedVersions":"<=4.9.9.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2578a863-4129-4f56-8b18-65b2d2b972e3/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:21:50","sources":[{"name":"Wordfence","remoteId":"2578a863-4129-4f56-8b18-65b2d2b972e3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2578a863-4129-4f56-8b18-65b2d2b972e3?source=api-prod","cve":"CVE-2024-13739","affectedVersions":"<=4.9.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e1eb00e-432e-4e40-a758-2451648a8a80/newsletters-lite","title":"Newsletters <= 4.11 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e1eb00e-432e-4e40-a758-2451648a8a80"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1eb00e-432e-4e40-a758-2451648a8a80?source=api-prod","cve":"CVE-2025-67911","affectedVersions":"<=4.11","severity":"high"},{"advisoryId":"WPSECADV/WF/33c0838a-5f86-4368-8bf9-da0582acbabf/newsletters-lite","title":"Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"33c0838a-5f86-4368-8bf9-da0582acbabf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/33c0838a-5f86-4368-8bf9-da0582acbabf?source=api-prod","cve":"CVE-2025-4857","affectedVersions":"<=4.9.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/3825c80c-e4b1-4dd8-be77-38f718920b9a/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"3825c80c-e4b1-4dd8-be77-38f718920b9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3825c80c-e4b1-4dd8-be77-38f718920b9a?source=api-prod","cve":"CVE-2025-2009","affectedVersions":"<=4.9.9.7","severity":"high"},{"advisoryId":"WPSECADV/WF/397555cf-0b0c-4ce5-97ad-59f135f9d195/newsletters-lite","title":"Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-12 17:35:47","sources":[{"name":"Wordfence","remoteId":"397555cf-0b0c-4ce5-97ad-59f135f9d195"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/397555cf-0b0c-4ce5-97ad-59f135f9d195?source=api-prod","cve":"CVE-2025-3107","affectedVersions":"<=4.9.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b/newsletters-lite","title":"Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-14 18:55:15","sources":[{"name":"Wordfence","remoteId":"3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b?source=api-prod","cve":"CVE-2024-7411","affectedVersions":"<=4.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/49d54d19-632b-479f-80dd-d66d4285520e/newsletters-lite","title":"Newsletters <= 4.9.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"49d54d19-632b-479f-80dd-d66d4285520e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49d54d19-632b-479f-80dd-d66d4285520e?source=api-prod","cve":"CVE-2024-37227","affectedVersions":"<=4.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/500ce6fe-0528-4b15-89a7-0e1f92e97364/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"500ce6fe-0528-4b15-89a7-0e1f92e97364"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/500ce6fe-0528-4b15-89a7-0e1f92e97364?source=api-prod","cve":"CVE-2025-30921","affectedVersions":"<=4.9.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5204d111-3dd5-4dd0-bf1a-79ec2900b4d8/newsletters-lite","title":"Newsletters <= 4.9.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"5204d111-3dd5-4dd0-bf1a-79ec2900b4d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5204d111-3dd5-4dd0-bf1a-79ec2900b4d8?source=api-prod","cve":"CVE-2024-35718","affectedVersions":"<=4.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cba7026-04e4-4ace-9298-0177902b7529/newsletters-lite","title":"Newsletters <= 4.6.4.2 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5cba7026-04e4-4ace-9298-0177902b7529"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cba7026-04e4-4ace-9298-0177902b7529?source=api-prod","affectedVersions":"<=4.6.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/64de1220-52f5-46a9-b8ba-cf808d5d2e29/newsletters-lite","title":"Newsletters <= 4.9.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"64de1220-52f5-46a9-b8ba-cf808d5d2e29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64de1220-52f5-46a9-b8ba-cf808d5d2e29?source=api-prod","cve":"CVE-2024-43279","affectedVersions":"<=4.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/867f374c-633f-4384-aa2b-5bb8daa5b7a2/newsletters-lite","title":"Newsletters <= 4.9.5 - Information Exposure via Log files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"867f374c-633f-4384-aa2b-5bb8daa5b7a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/867f374c-633f-4384-aa2b-5bb8daa5b7a2?source=api-prod","cve":"CVE-2024-32953","affectedVersions":"<=4.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae/newsletters-lite","title":"Newsletters <= 4.6.8.5 - Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae?source=api-prod","cve":"CVE-2018-20987","affectedVersions":"<4.6.8.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/8e0e6fdd-49d2-404a-83e8-c4884bbe7088/newsletters-lite","title":"Newsletters <= 4.6.4.2 - Directory Traversal\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8e0e6fdd-49d2-404a-83e8-c4884bbe7088"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e0e6fdd-49d2-404a-83e8-c4884bbe7088?source=api-prod","affectedVersions":"<=4.6.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/8e2672b5-64a2-4b30-b0be-2a9303d46ac1/newsletters-lite","title":"Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-09 20:03:28","sources":[{"name":"Wordfence","remoteId":"8e2672b5-64a2-4b30-b0be-2a9303d46ac1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e2672b5-64a2-4b30-b0be-2a9303d46ac1?source=api-prod","cve":"CVE-2026-3018","affectedVersions":"<=4.13","severity":"high"},{"advisoryId":"WPSECADV/WF/90de88d4-5cd0-4dc9-add1-563bb030e4a6/newsletters-lite","title":"Newsletters <= 4.10 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"90de88d4-5cd0-4dc9-add1-563bb030e4a6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/90de88d4-5cd0-4dc9-add1-563bb030e4a6?source=api-prod","cve":"CVE-2025-54034","affectedVersions":"<=4.10","severity":"high"},{"advisoryId":"WPSECADV/WF/915c46f9-a342-4cc6-a726-2f1581a5d481/newsletters-lite","title":"Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-28 23:13:25","sources":[{"name":"Wordfence","remoteId":"915c46f9-a342-4cc6-a726-2f1581a5d481"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/915c46f9-a342-4cc6-a726-2f1581a5d481?source=api-prod","cve":"CVE-2024-10181","affectedVersions":"<=4.9.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a717fea9-088c-4b65-9624-a1ba66028f4e/newsletters-lite","title":"Newsletters <= 4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"a717fea9-088c-4b65-9624-a1ba66028f4e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a717fea9-088c-4b65-9624-a1ba66028f4e?source=api-prod","cve":"CVE-2025-69020","affectedVersions":"<=4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/b409d2a5-3c4c-4a1e-b222-e2df7257b81f/newsletters-lite","title":"Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b409d2a5-3c4c-4a1e-b222-e2df7257b81f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b409d2a5-3c4c-4a1e-b222-e2df7257b81f?source=api-prod","cve":"CVE-2023-4797","affectedVersions":"<=4.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6bb9df2-cf6e-4357-b75c-afdab55f90d4/newsletters-lite","title":"Newsletters <= 4.13 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6bb9df2-cf6e-4357-b75c-afdab55f90d4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6bb9df2-cf6e-4357-b75c-afdab55f90d4?source=api-prod","cve":"CVE-2026-54840","affectedVersions":"<=4.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb4abe41-fb18-46f4-9fd8-90bb1996b241/newsletters-lite","title":"Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb4abe41-fb18-46f4-9fd8-90bb1996b241"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb4abe41-fb18-46f4-9fd8-90bb1996b241?source=api-prod","cve":"CVE-2019-14787","affectedVersions":"<4.6.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/dbe5def5-3413-4697-9f0f-3bd33c5897af/newsletters-lite","title":"Newsletters <= 4.9.9.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"dbe5def5-3413-4697-9f0f-3bd33c5897af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe5def5-3413-4697-9f0f-3bd33c5897af?source=api-prod","cve":"CVE-2025-24599","affectedVersions":"<=4.9.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7cd51b1-4b56-4ca6-b891-93af9879862d/newsletters-lite","title":"Newsletters <= 4.10 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7cd51b1-4b56-4ca6-b891-93af9879862d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7cd51b1-4b56-4ca6-b891-93af9879862d?source=api-prod","cve":"CVE-2025-54035","affectedVersions":"<=4.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/ead5b943-731d-484a-a6b0-ca4f27eccff0/newsletters-lite","title":"Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"ead5b943-731d-484a-a6b0-ca4f27eccff0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ead5b943-731d-484a-a6b0-ca4f27eccff0?source=api-prod","cve":"CVE-2024-32954","affectedVersions":"<=4.9.5","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01d5f559-d784-4399-9009-6edc584f8f09/newsletters-lite","title":"Newsletters <= 4.9.9.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"01d5f559-d784-4399-9009-6edc584f8f09"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01d5f559-d784-4399-9009-6edc584f8f09?source=api-prod","cve":"CVE-2024-47346","affectedVersions":"<=4.9.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0cd6474f-72e1-4ec2-a056-3c05a0dfa173/newsletters-lite","title":"Newsletters <= 4.8.8 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"0cd6474f-72e1-4ec2-a056-3c05a0dfa173"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd6474f-72e1-4ec2-a056-3c05a0dfa173?source=api-prod","cve":"CVE-2023-30478","affectedVersions":"<=4.8.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/1aa7a7f9-f331-4d06-94ea-182535080a90/newsletters-lite","title":"Newsletters <= 4.6.18 - Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1aa7a7f9-f331-4d06-94ea-182535080a90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7a7f9-f331-4d06-94ea-182535080a90?source=api-prod","cve":"CVE-2019-14788","affectedVersions":"<4.6.19","severity":"high"},{"advisoryId":"WPSECADV/WF/2577102f-6355-4483-bd3d-1948497cb843/newsletters-lite","title":"Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"2577102f-6355-4483-bd3d-1948497cb843"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=api-prod","cve":"CVE-2024-8247","affectedVersions":"<=4.9.9.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2578a863-4129-4f56-8b18-65b2d2b972e3/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:21:50","sources":[{"name":"Wordfence","remoteId":"2578a863-4129-4f56-8b18-65b2d2b972e3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2578a863-4129-4f56-8b18-65b2d2b972e3?source=api-prod","cve":"CVE-2024-13739","affectedVersions":"<=4.9.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e1eb00e-432e-4e40-a758-2451648a8a80/newsletters-lite","title":"Newsletters <= 4.11 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e1eb00e-432e-4e40-a758-2451648a8a80"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1eb00e-432e-4e40-a758-2451648a8a80?source=api-prod","cve":"CVE-2025-67911","affectedVersions":"<=4.11","severity":"high"},{"advisoryId":"WPSECADV/WF/33c0838a-5f86-4368-8bf9-da0582acbabf/newsletters-lite","title":"Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"33c0838a-5f86-4368-8bf9-da0582acbabf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/33c0838a-5f86-4368-8bf9-da0582acbabf?source=api-prod","cve":"CVE-2025-4857","affectedVersions":"<=4.9.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/3825c80c-e4b1-4dd8-be77-38f718920b9a/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"3825c80c-e4b1-4dd8-be77-38f718920b9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3825c80c-e4b1-4dd8-be77-38f718920b9a?source=api-prod","cve":"CVE-2025-2009","affectedVersions":"<=4.9.9.7","severity":"high"},{"advisoryId":"WPSECADV/WF/397555cf-0b0c-4ce5-97ad-59f135f9d195/newsletters-lite","title":"Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-12 17:35:47","sources":[{"name":"Wordfence","remoteId":"397555cf-0b0c-4ce5-97ad-59f135f9d195"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/397555cf-0b0c-4ce5-97ad-59f135f9d195?source=api-prod","cve":"CVE-2025-3107","affectedVersions":"<=4.9.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b/newsletters-lite","title":"Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-14 18:55:15","sources":[{"name":"Wordfence","remoteId":"3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b?source=api-prod","cve":"CVE-2024-7411","affectedVersions":"<=4.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/49d54d19-632b-479f-80dd-d66d4285520e/newsletters-lite","title":"Newsletters <= 4.9.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"49d54d19-632b-479f-80dd-d66d4285520e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49d54d19-632b-479f-80dd-d66d4285520e?source=api-prod","cve":"CVE-2024-37227","affectedVersions":"<=4.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/500ce6fe-0528-4b15-89a7-0e1f92e97364/newsletters-lite","title":"Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"500ce6fe-0528-4b15-89a7-0e1f92e97364"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/500ce6fe-0528-4b15-89a7-0e1f92e97364?source=api-prod","cve":"CVE-2025-30921","affectedVersions":"<=4.9.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5204d111-3dd5-4dd0-bf1a-79ec2900b4d8/newsletters-lite","title":"Newsletters <= 4.9.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"5204d111-3dd5-4dd0-bf1a-79ec2900b4d8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5204d111-3dd5-4dd0-bf1a-79ec2900b4d8?source=api-prod","cve":"CVE-2024-35718","affectedVersions":"<=4.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cba7026-04e4-4ace-9298-0177902b7529/newsletters-lite","title":"Newsletters <= 4.6.4.2 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"5cba7026-04e4-4ace-9298-0177902b7529"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cba7026-04e4-4ace-9298-0177902b7529?source=api-prod","affectedVersions":"<=4.6.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/64de1220-52f5-46a9-b8ba-cf808d5d2e29/newsletters-lite","title":"Newsletters <= 4.9.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"64de1220-52f5-46a9-b8ba-cf808d5d2e29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64de1220-52f5-46a9-b8ba-cf808d5d2e29?source=api-prod","cve":"CVE-2024-43279","affectedVersions":"<=4.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/849f14df-d122-4644-a1af-90a60e1fb003/newsletters-lite","title":"Newsletters <= 4.13 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"849f14df-d122-4644-a1af-90a60e1fb003"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/849f14df-d122-4644-a1af-90a60e1fb003?source=api-prod","cve":"CVE-2026-57645","affectedVersions":"<=4.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/867f374c-633f-4384-aa2b-5bb8daa5b7a2/newsletters-lite","title":"Newsletters <= 4.9.5 - Information Exposure via Log files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"867f374c-633f-4384-aa2b-5bb8daa5b7a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/867f374c-633f-4384-aa2b-5bb8daa5b7a2?source=api-prod","cve":"CVE-2024-32953","affectedVersions":"<=4.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae/newsletters-lite","title":"Newsletters <= 4.6.8.5 - Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae?source=api-prod","cve":"CVE-2018-20987","affectedVersions":"<4.6.8.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/8e0e6fdd-49d2-404a-83e8-c4884bbe7088/newsletters-lite","title":"Newsletters <= 4.6.4.2 - Directory Traversal\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"8e0e6fdd-49d2-404a-83e8-c4884bbe7088"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e0e6fdd-49d2-404a-83e8-c4884bbe7088?source=api-prod","affectedVersions":"<=4.6.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/8e2672b5-64a2-4b30-b0be-2a9303d46ac1/newsletters-lite","title":"Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-09 20:03:28","sources":[{"name":"Wordfence","remoteId":"8e2672b5-64a2-4b30-b0be-2a9303d46ac1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e2672b5-64a2-4b30-b0be-2a9303d46ac1?source=api-prod","cve":"CVE-2026-3018","affectedVersions":"<=4.13","severity":"high"},{"advisoryId":"WPSECADV/WF/90de88d4-5cd0-4dc9-add1-563bb030e4a6/newsletters-lite","title":"Newsletters <= 4.10 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"90de88d4-5cd0-4dc9-add1-563bb030e4a6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/90de88d4-5cd0-4dc9-add1-563bb030e4a6?source=api-prod","cve":"CVE-2025-54034","affectedVersions":"<=4.10","severity":"high"},{"advisoryId":"WPSECADV/WF/915c46f9-a342-4cc6-a726-2f1581a5d481/newsletters-lite","title":"Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-28 23:13:25","sources":[{"name":"Wordfence","remoteId":"915c46f9-a342-4cc6-a726-2f1581a5d481"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/915c46f9-a342-4cc6-a726-2f1581a5d481?source=api-prod","cve":"CVE-2024-10181","affectedVersions":"<=4.9.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a717fea9-088c-4b65-9624-a1ba66028f4e/newsletters-lite","title":"Newsletters <= 4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"a717fea9-088c-4b65-9624-a1ba66028f4e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a717fea9-088c-4b65-9624-a1ba66028f4e?source=api-prod","cve":"CVE-2025-69020","affectedVersions":"<=4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/b409d2a5-3c4c-4a1e-b222-e2df7257b81f/newsletters-lite","title":"Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b409d2a5-3c4c-4a1e-b222-e2df7257b81f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b409d2a5-3c4c-4a1e-b222-e2df7257b81f?source=api-prod","cve":"CVE-2023-4797","affectedVersions":"<=4.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6bb9df2-cf6e-4357-b75c-afdab55f90d4/newsletters-lite","title":"Newsletters <= 4.13 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6bb9df2-cf6e-4357-b75c-afdab55f90d4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6bb9df2-cf6e-4357-b75c-afdab55f90d4?source=api-prod","cve":"CVE-2026-54840","affectedVersions":"<=4.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb4abe41-fb18-46f4-9fd8-90bb1996b241/newsletters-lite","title":"Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb4abe41-fb18-46f4-9fd8-90bb1996b241"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb4abe41-fb18-46f4-9fd8-90bb1996b241?source=api-prod","cve":"CVE-2019-14787","affectedVersions":"<4.6.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/dbe5def5-3413-4697-9f0f-3bd33c5897af/newsletters-lite","title":"Newsletters <= 4.9.9.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"dbe5def5-3413-4697-9f0f-3bd33c5897af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe5def5-3413-4697-9f0f-3bd33c5897af?source=api-prod","cve":"CVE-2025-24599","affectedVersions":"<=4.9.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7cd51b1-4b56-4ca6-b891-93af9879862d/newsletters-lite","title":"Newsletters <= 4.10 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7cd51b1-4b56-4ca6-b891-93af9879862d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7cd51b1-4b56-4ca6-b891-93af9879862d?source=api-prod","cve":"CVE-2025-54035","affectedVersions":"<=4.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/ead5b943-731d-484a-a6b0-ca4f27eccff0/newsletters-lite","title":"Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"ead5b943-731d-484a-a6b0-ca4f27eccff0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ead5b943-731d-484a-a6b0-ca4f27eccff0?source=api-prod","cve":"CVE-2024-32954","affectedVersions":"<=4.9.5","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json b/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json index 9a05246f..191bce5d 100644 --- a/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json +++ b/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/28a7b2c9-5d8d-4b49-a47c-473e3288b563/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"28a7b2c9-5d8d-4b49-a47c-473e3288b563"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-prod","cve":"CVE-2021-4344","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a60d27b-dfcc-464e-a927-eb6bb35f9932/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a60d27b-dfcc-464e-a927-eb6bb35f9932"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a60d27b-dfcc-464e-a927-eb6bb35f9932?source=api-prod","cve":"CVE-2026-5337","affectedVersions":"<=23.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c1e6298-f243-49a5-b1b7-52bd6a6c8858/nmedia-user-file-uploader","title":"Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c1e6298-f243-49a5-b1b7-52bd6a6c8858"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=api-prod","cve":"CVE-2016-15042","affectedVersions":"<4.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"361e2d5c-4355-4e71-91aa-2c1bc6b6fb78"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-prod","cve":"CVE-2022-3126","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/49150180-9de0-4318-b21b-779daaeb7a52/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"49150180-9de0-4318-b21b-779daaeb7a52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=api-prod","cve":"CVE-2021-4350","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/4cbc0dd4-4dea-4890-95d0-9531a669b95d/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"4cbc0dd4-4dea-4890-95d0-9531a669b95d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cbc0dd4-4dea-4890-95d0-9531a669b95d?source=api-prod","cve":"CVE-2026-0829","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/506006ce-7b1c-4f9d-93f3-abc87abea2bb/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-27 11:08:06","sources":[{"name":"Wordfence","remoteId":"506006ce-7b1c-4f9d-93f3-abc87abea2bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/506006ce-7b1c-4f9d-93f3-abc87abea2bb?source=api-prod","cve":"CVE-2026-8095","affectedVersions":"<=23.6","severity":"high"},{"advisoryId":"WPSECADV/WF/5539aa79-66ad-43fa-967c-2bec877061e0/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5539aa79-66ad-43fa-967c-2bec877061e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-prod","cve":"CVE-2021-4351","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/59b63a01-fd8b-4742-a52f-c0a7b59e9e04/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"59b63a01-fd8b-4742-a52f-c0a7b59e9e04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59b63a01-fd8b-4742-a52f-c0a7b59e9e04?source=api-prod","affectedVersions":"<=21.3","severity":"high"},{"advisoryId":"WPSECADV/WF/628eef73-1725-4290-bb30-07792d1d5b6c/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"628eef73-1725-4290-bb30-07792d1d5b6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-prod","cve":"CVE-2022-3125","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"79e2011c-5e4d-4d02-831f-6b4dcfcaa51e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-prod","cve":"CVE-2021-4356","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/84c61d00-20c1-4176-a74d-ea6ff6220f26/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"84c61d00-20c1-4176-a74d-ea6ff6220f26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-prod","cve":"CVE-2021-4359","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8a11c169-a232-49a9-80be-40d45d0c6dc0/nmedia-user-file-uploader","title":"Frontend File Manager Plugin < 3.6 - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a11c169-a232-49a9-80be-40d45d0c6dc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-prod","cve":"CVE-2014-5324","affectedVersions":"<3.6","severity":"high"},{"advisoryId":"WPSECADV/WF/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a?source=api-prod","cve":"CVE-2026-25005","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ff66981-68ed-489a-b53f-4a1029e7590e/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff66981-68ed-489a-b53f-4a1029e7590e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff66981-68ed-489a-b53f-4a1029e7590e?source=api-prod","cve":"CVE-2025-57921","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9615ef3f-e1e3-4791-a5a5-19260fee6354/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9615ef3f-e1e3-4791-a5a5-19260fee6354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9615ef3f-e1e3-4791-a5a5-19260fee6354?source=api-prod","cve":"CVE-2025-14804","affectedVersions":"<=23.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a9c82154-d390-44ba-a54a-89f4bb69cdce/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9c82154-d390-44ba-a54a-89f4bb69cdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-prod","cve":"CVE-2021-4365","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa8d5feb-2ae9-44b8-90b5-9fc67226855a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 19:15:11","sources":[{"name":"Wordfence","remoteId":"aa8d5feb-2ae9-44b8-90b5-9fc67226855a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8d5feb-2ae9-44b8-90b5-9fc67226855a?source=api-prod","cve":"CVE-2025-13382","affectedVersions":"<=23.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/abf422ce-fa03-4bed-a4ec-b31d36de7633/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"abf422ce-fa03-4bed-a4ec-b31d36de7633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=api-prod","cve":"CVE-2023-7306","affectedVersions":"<=21.5","severity":"high"},{"advisoryId":"WPSECADV/WF/adb1d8b0-b1d6-40df-b591-f1062ee744fb/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"adb1d8b0-b1d6-40df-b591-f1062ee744fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-prod","cve":"CVE-2021-4368","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/b59b5c41-6173-485e-869d-4165dc18e2bd/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"b59b5c41-6173-485e-869d-4165dc18e2bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-prod","cve":"CVE-2023-5105","affectedVersions":"<=22.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/bbade634-cd81-41c0-8976-f5cb251da3f2/nmedia-user-file-uploader","title":"Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"bbade634-cd81-41c0-8976-f5cb251da3f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-prod","cve":"CVE-2024-25903","affectedVersions":"<=22.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c434e6b8-0dd5-4ffe-93b1-1af614c08f85/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c434e6b8-0dd5-4ffe-93b1-1af614c08f85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-prod","cve":"CVE-2021-4369","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c56e5250-7cbd-41f4-9b8c-79a644830708/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c56e5250-7cbd-41f4-9b8c-79a644830708"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-prod","cve":"CVE-2022-3124","affectedVersions":"<=21.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6de5295-cb13-4e53-bcb2-3fc6c95b849a/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6de5295-cb13-4e53-bcb2-3fc6c95b849a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6de5295-cb13-4e53-bcb2-3fc6c95b849a?source=api-prod","cve":"CVE-2025-27358","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e739e7d3-756a-4c93-9ca7-f7b9f9657033/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 21:50:20","sources":[{"name":"Wordfence","remoteId":"e739e7d3-756a-4c93-9ca7-f7b9f9657033"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=api-prod","cve":"CVE-2026-1280","affectedVersions":"<=23.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2ed5e51-8783-4b7f-9177-c116bf0fad44/nmedia-user-file-uploader","title":"Frontend File Manager <= 3.7 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2ed5e51-8783-4b7f-9177-c116bf0fad44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ed5e51-8783-4b7f-9177-c116bf0fad44?source=api-prod","affectedVersions":"<=3.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/f8f372cb-739f-44e2-9074-e91b8c903837/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8f372cb-739f-44e2-9074-e91b8c903837"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f372cb-739f-44e2-9074-e91b8c903837?source=api-prod","cve":"CVE-2025-64265","affectedVersions":"<=23.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/28a7b2c9-5d8d-4b49-a47c-473e3288b563/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"28a7b2c9-5d8d-4b49-a47c-473e3288b563"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-prod","cve":"CVE-2021-4344","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a60d27b-dfcc-464e-a927-eb6bb35f9932/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a60d27b-dfcc-464e-a927-eb6bb35f9932"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a60d27b-dfcc-464e-a927-eb6bb35f9932?source=api-prod","cve":"CVE-2026-5337","affectedVersions":"<=23.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c1e6298-f243-49a5-b1b7-52bd6a6c8858/nmedia-user-file-uploader","title":"Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c1e6298-f243-49a5-b1b7-52bd6a6c8858"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=api-prod","cve":"CVE-2016-15042","affectedVersions":"<4.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"361e2d5c-4355-4e71-91aa-2c1bc6b6fb78"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-prod","cve":"CVE-2022-3126","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/49150180-9de0-4318-b21b-779daaeb7a52/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"49150180-9de0-4318-b21b-779daaeb7a52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=api-prod","cve":"CVE-2021-4350","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/4cbc0dd4-4dea-4890-95d0-9531a669b95d/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"4cbc0dd4-4dea-4890-95d0-9531a669b95d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cbc0dd4-4dea-4890-95d0-9531a669b95d?source=api-prod","cve":"CVE-2026-0829","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/506006ce-7b1c-4f9d-93f3-abc87abea2bb/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-27 11:08:06","sources":[{"name":"Wordfence","remoteId":"506006ce-7b1c-4f9d-93f3-abc87abea2bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/506006ce-7b1c-4f9d-93f3-abc87abea2bb?source=api-prod","cve":"CVE-2026-8095","affectedVersions":"<=23.6","severity":"high"},{"advisoryId":"WPSECADV/WF/53706deb-d49c-4397-98f9-dc37f1d35031/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"53706deb-d49c-4397-98f9-dc37f1d35031"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53706deb-d49c-4397-98f9-dc37f1d35031?source=api-prod","cve":"CVE-2026-8378","affectedVersions":"<=23.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/5539aa79-66ad-43fa-967c-2bec877061e0/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5539aa79-66ad-43fa-967c-2bec877061e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-prod","cve":"CVE-2021-4351","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/59b63a01-fd8b-4742-a52f-c0a7b59e9e04/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"59b63a01-fd8b-4742-a52f-c0a7b59e9e04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59b63a01-fd8b-4742-a52f-c0a7b59e9e04?source=api-prod","affectedVersions":"<=21.3","severity":"high"},{"advisoryId":"WPSECADV/WF/628eef73-1725-4290-bb30-07792d1d5b6c/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"628eef73-1725-4290-bb30-07792d1d5b6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-prod","cve":"CVE-2022-3125","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"79e2011c-5e4d-4d02-831f-6b4dcfcaa51e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-prod","cve":"CVE-2021-4356","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/84c61d00-20c1-4176-a74d-ea6ff6220f26/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"84c61d00-20c1-4176-a74d-ea6ff6220f26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-prod","cve":"CVE-2021-4359","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8a11c169-a232-49a9-80be-40d45d0c6dc0/nmedia-user-file-uploader","title":"Frontend File Manager Plugin < 3.6 - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a11c169-a232-49a9-80be-40d45d0c6dc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-prod","cve":"CVE-2014-5324","affectedVersions":"<3.6","severity":"high"},{"advisoryId":"WPSECADV/WF/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a?source=api-prod","cve":"CVE-2026-25005","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ff66981-68ed-489a-b53f-4a1029e7590e/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff66981-68ed-489a-b53f-4a1029e7590e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff66981-68ed-489a-b53f-4a1029e7590e?source=api-prod","cve":"CVE-2025-57921","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9615ef3f-e1e3-4791-a5a5-19260fee6354/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9615ef3f-e1e3-4791-a5a5-19260fee6354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9615ef3f-e1e3-4791-a5a5-19260fee6354?source=api-prod","cve":"CVE-2025-14804","affectedVersions":"<=23.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a9c82154-d390-44ba-a54a-89f4bb69cdce/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9c82154-d390-44ba-a54a-89f4bb69cdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-prod","cve":"CVE-2021-4365","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa8d5feb-2ae9-44b8-90b5-9fc67226855a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 19:15:11","sources":[{"name":"Wordfence","remoteId":"aa8d5feb-2ae9-44b8-90b5-9fc67226855a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8d5feb-2ae9-44b8-90b5-9fc67226855a?source=api-prod","cve":"CVE-2025-13382","affectedVersions":"<=23.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/abf422ce-fa03-4bed-a4ec-b31d36de7633/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"abf422ce-fa03-4bed-a4ec-b31d36de7633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=api-prod","cve":"CVE-2023-7306","affectedVersions":"<=21.5","severity":"high"},{"advisoryId":"WPSECADV/WF/adb1d8b0-b1d6-40df-b591-f1062ee744fb/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"adb1d8b0-b1d6-40df-b591-f1062ee744fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-prod","cve":"CVE-2021-4368","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/b59b5c41-6173-485e-869d-4165dc18e2bd/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"b59b5c41-6173-485e-869d-4165dc18e2bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-prod","cve":"CVE-2023-5105","affectedVersions":"<=22.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/bbade634-cd81-41c0-8976-f5cb251da3f2/nmedia-user-file-uploader","title":"Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"bbade634-cd81-41c0-8976-f5cb251da3f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-prod","cve":"CVE-2024-25903","affectedVersions":"<=22.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c434e6b8-0dd5-4ffe-93b1-1af614c08f85/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c434e6b8-0dd5-4ffe-93b1-1af614c08f85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-prod","cve":"CVE-2021-4369","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c56e5250-7cbd-41f4-9b8c-79a644830708/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c56e5250-7cbd-41f4-9b8c-79a644830708"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-prod","cve":"CVE-2022-3124","affectedVersions":"<=21.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6de5295-cb13-4e53-bcb2-3fc6c95b849a/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6de5295-cb13-4e53-bcb2-3fc6c95b849a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6de5295-cb13-4e53-bcb2-3fc6c95b849a?source=api-prod","cve":"CVE-2025-27358","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e739e7d3-756a-4c93-9ca7-f7b9f9657033/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 21:50:20","sources":[{"name":"Wordfence","remoteId":"e739e7d3-756a-4c93-9ca7-f7b9f9657033"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=api-prod","cve":"CVE-2026-1280","affectedVersions":"<=23.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2ed5e51-8783-4b7f-9177-c116bf0fad44/nmedia-user-file-uploader","title":"Frontend File Manager <= 3.7 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2ed5e51-8783-4b7f-9177-c116bf0fad44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ed5e51-8783-4b7f-9177-c116bf0fad44?source=api-prod","affectedVersions":"<=3.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/f8f372cb-739f-44e2-9074-e91b8c903837/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8f372cb-739f-44e2-9074-e91b8c903837"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f372cb-739f-44e2-9074-e91b8c903837?source=api-prod","cve":"CVE-2025-64265","affectedVersions":"<=23.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6f6666696369616c2d73746174636f756e7465722d706c7567696e2d666f722d776f72647072657373811c9dc5_gen.json b/internal/data/assets/plugin_6f6666696369616c2d73746174636f756e7465722d706c7567696e2d666f722d776f72647072657373811c9dc5_gen.json index ad0ede76..1b6edca9 100644 --- a/internal/data/assets/plugin_6f6666696369616c2d73746174636f756e7465722d706c7567696e2d666f722d776f72647072657373811c9dc5_gen.json +++ b/internal/data/assets/plugin_6f6666696369616c2d73746174636f756e7465722d706c7567696e2d666f722d776f72647072657373811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/30e0bf40-7f7b-43e6-8439-6dc00a889344/official-statcounter-plugin-for-wordpress","title":"StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 17:02:14","sources":[{"name":"Wordfence","remoteId":"30e0bf40-7f7b-43e6-8439-6dc00a889344"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30e0bf40-7f7b-43e6-8439-6dc00a889344?source=api-prod","cve":"CVE-2026-6275","affectedVersions":"<=2.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcde42fb-6f61-4174-a44a-bb28e4855062/official-statcounter-plugin-for-wordpress","title":"Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcde42fb-6f61-4174-a44a-bb28e4855062"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcde42fb-6f61-4174-a44a-bb28e4855062?source=api-prod","cve":"CVE-2025-13048","affectedVersions":"<=2.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/edcc51f8-bf79-453a-aa4d-5d1d491316eb/official-statcounter-plugin-for-wordpress","title":"StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"edcc51f8-bf79-453a-aa4d-5d1d491316eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edcc51f8-bf79-453a-aa4d-5d1d491316eb?source=api-prod","cve":"CVE-2021-24920","affectedVersions":"<2.0.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/30e0bf40-7f7b-43e6-8439-6dc00a889344/official-statcounter-plugin-for-wordpress","title":"StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 17:02:14","sources":[{"name":"Wordfence","remoteId":"30e0bf40-7f7b-43e6-8439-6dc00a889344"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30e0bf40-7f7b-43e6-8439-6dc00a889344?source=api-prod","cve":"CVE-2026-6275","affectedVersions":"<=2.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/49816cc8-fc97-4ba2-88b6-3fe6f7bf562e/official-statcounter-plugin-for-wordpress","title":"StatCounter – Free Real Time Visitor Stats <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"49816cc8-fc97-4ba2-88b6-3fe6f7bf562e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49816cc8-fc97-4ba2-88b6-3fe6f7bf562e?source=api-prod","cve":"CVE-2026-57629","affectedVersions":"<=2.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcde42fb-6f61-4174-a44a-bb28e4855062/official-statcounter-plugin-for-wordpress","title":"Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcde42fb-6f61-4174-a44a-bb28e4855062"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcde42fb-6f61-4174-a44a-bb28e4855062?source=api-prod","cve":"CVE-2025-13048","affectedVersions":"<=2.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/edcc51f8-bf79-453a-aa4d-5d1d491316eb/official-statcounter-plugin-for-wordpress","title":"StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"edcc51f8-bf79-453a-aa4d-5d1d491316eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edcc51f8-bf79-453a-aa4d-5d1d491316eb?source=api-prod","cve":"CVE-2021-24920","affectedVersions":"<2.0.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6f6d6e6973656e642d636f6e6e656374811c9dc5_gen.json b/internal/data/assets/plugin_6f6d6e6973656e642d636f6e6e656374811c9dc5_gen.json index ed167fa7..ffd53bf6 100644 --- a/internal/data/assets/plugin_6f6d6e6973656e642d636f6e6e656374811c9dc5_gen.json +++ b/internal/data/assets/plugin_6f6d6e6973656e642d636f6e6e656374811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/092061a5-5315-4401-8503-6153f660acdc/omnisend-connect","title":"Omnisend for WooCommerce <= 1.18.0 - Unauthenticated Omnisend Account Takeover via Predictable Connect Token\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"092061a5-5315-4401-8503-6153f660acdc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/092061a5-5315-4401-8503-6153f660acdc?source=api-prod","cve":"CVE-2026-42668","affectedVersions":"<=1.18.0","severity":"high"},{"advisoryId":"WPSECADV/WF/cc2cd74d-b828-4524-b33d-c806bfd970b9/omnisend-connect","title":"Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc2cd74d-b828-4524-b33d-c806bfd970b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2cd74d-b828-4524-b33d-c806bfd970b9?source=api-prod","cve":"CVE-2023-47244","affectedVersions":"<=1.13.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/f54f1e41-788b-45e5-b84f-06e664f5c597/omnisend-connect","title":"Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f54f1e41-788b-45e5-b84f-06e664f5c597"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f54f1e41-788b-45e5-b84f-06e664f5c597?source=api-prod","cve":"CVE-2024-32101","affectedVersions":"<=1.14.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/092061a5-5315-4401-8503-6153f660acdc/omnisend-connect","title":"Omnisend for WooCommerce <= 1.18.0 - Unauthenticated Omnisend Account Takeover via Predictable Connect Token\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"092061a5-5315-4401-8503-6153f660acdc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/092061a5-5315-4401-8503-6153f660acdc?source=api-prod","cve":"CVE-2026-42668","affectedVersions":"<=1.18.0","severity":"high"},{"advisoryId":"WPSECADV/WF/1b0e8594-785c-4e15-b037-3834a01da793/omnisend-connect","title":"Email Marketing for WooCommerce by Omnisend <= 1.19.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"1b0e8594-785c-4e15-b037-3834a01da793"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b0e8594-785c-4e15-b037-3834a01da793?source=api-prod","cve":"CVE-2026-57632","affectedVersions":"<=1.19.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/cc2cd74d-b828-4524-b33d-c806bfd970b9/omnisend-connect","title":"Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc2cd74d-b828-4524-b33d-c806bfd970b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2cd74d-b828-4524-b33d-c806bfd970b9?source=api-prod","cve":"CVE-2023-47244","affectedVersions":"<=1.13.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/f54f1e41-788b-45e5-b84f-06e664f5c597/omnisend-connect","title":"Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f54f1e41-788b-45e5-b84f-06e664f5c597"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f54f1e41-788b-45e5-b84f-06e664f5c597?source=api-prod","cve":"CVE-2024-32101","affectedVersions":"<=1.14.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_70616e6f72616d61811c9dc5_gen.json b/internal/data/assets/plugin_70616e6f72616d61811c9dc5_gen.json index 787041c0..7b68d124 100644 --- a/internal/data/assets/plugin_70616e6f72616d61811c9dc5_gen.json +++ b/internal/data/assets/plugin_70616e6f72616d61811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/panorama","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/panorama","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=1.0.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/panorama","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/panorama","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=1.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6d4394fd-7063-4792-83a7-5c419fac5652/panorama","title":"Panorama – 360 degree Virtual Tour, Panoramic Image viewer and More <= 1.6.1 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d4394fd-7063-4792-83a7-5c419fac5652"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d4394fd-7063-4792-83a7-5c419fac5652?source=api-prod","cve":"CVE-2026-57647","affectedVersions":"<=1.6.1","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_706572666d617474657273811c9dc5_gen.json b/internal/data/assets/plugin_706572666d617474657273811c9dc5_gen.json index 74a45df9..11dd2288 100644 --- a/internal/data/assets/plugin_706572666d617474657273811c9dc5_gen.json +++ b/internal/data/assets/plugin_706572666d617474657273811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/58b9dab8-8539-4b53-b08d-f6ee3e1e744c/perfmatters","title":"Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-02 19:02:03","sources":[{"name":"Wordfence","remoteId":"58b9dab8-8539-4b53-b08d-f6ee3e1e744c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58b9dab8-8539-4b53-b08d-f6ee3e1e744c?source=api-prod","cve":"CVE-2026-4350","affectedVersions":"<=2.5.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/612fb73f-e488-453f-a2a4-32969f91122b/perfmatters","title":"Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"612fb73f-e488-453f-a2a4-32969f91122b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b?source=api-prod","cve":"CVE-2023-47876","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/95f5b4df-5214-4f36-8dd5-a1a816fbc3db/perfmatters","title":"Perfmatters <= 2.1.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"95f5b4df-5214-4f36-8dd5-a1a816fbc3db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db?source=api-prod","cve":"CVE-2023-47875","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/b078e446-61e7-4ce1-b9a9-480ccc388c72/perfmatters","title":"Perfmatters <= 2.1.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"b078e446-61e7-4ce1-b9a9-480ccc388c72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72?source=api-prod","cve":"CVE-2023-47874","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/c172ab2b-ce1f-4a0d-b31f-b75ff2f03506/perfmatters","title":"Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 11:55:00","sources":[{"name":"Wordfence","remoteId":"c172ab2b-ce1f-4a0d-b31f-b75ff2f03506"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c172ab2b-ce1f-4a0d-b31f-b75ff2f03506?source=api-prod","cve":"CVE-2026-4351","affectedVersions":"<=2.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521/perfmatters","title":"Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521?source=api-prod","cve":"CVE-2023-47877","affectedVersions":"<2.2.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/28d8ebf9-2841-4a54-8537-959c43ca88e4/perfmatters","title":"Perfmatters <= 2.6.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"28d8ebf9-2841-4a54-8537-959c43ca88e4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28d8ebf9-2841-4a54-8537-959c43ca88e4?source=api-prod","cve":"CVE-2026-56047","affectedVersions":"<=2.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/58b9dab8-8539-4b53-b08d-f6ee3e1e744c/perfmatters","title":"Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-02 19:02:03","sources":[{"name":"Wordfence","remoteId":"58b9dab8-8539-4b53-b08d-f6ee3e1e744c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58b9dab8-8539-4b53-b08d-f6ee3e1e744c?source=api-prod","cve":"CVE-2026-4350","affectedVersions":"<=2.5.9.1","severity":"high"},{"advisoryId":"WPSECADV/WF/612fb73f-e488-453f-a2a4-32969f91122b/perfmatters","title":"Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"612fb73f-e488-453f-a2a4-32969f91122b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b?source=api-prod","cve":"CVE-2023-47876","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/95f5b4df-5214-4f36-8dd5-a1a816fbc3db/perfmatters","title":"Perfmatters <= 2.1.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"95f5b4df-5214-4f36-8dd5-a1a816fbc3db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db?source=api-prod","cve":"CVE-2023-47875","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/b078e446-61e7-4ce1-b9a9-480ccc388c72/perfmatters","title":"Perfmatters <= 2.1.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"b078e446-61e7-4ce1-b9a9-480ccc388c72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72?source=api-prod","cve":"CVE-2023-47874","affectedVersions":"<=2.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/c172ab2b-ce1f-4a0d-b31f-b75ff2f03506/perfmatters","title":"Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 11:55:00","sources":[{"name":"Wordfence","remoteId":"c172ab2b-ce1f-4a0d-b31f-b75ff2f03506"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c172ab2b-ce1f-4a0d-b31f-b75ff2f03506?source=api-prod","cve":"CVE-2026-4351","affectedVersions":"<=2.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521/perfmatters","title":"Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521?source=api-prod","cve":"CVE-2023-47877","affectedVersions":"<2.2.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7067616c6c2d666f722d776f6f636f6d6d65726365811c9dc5_gen.json b/internal/data/assets/plugin_7067616c6c2d666f722d776f6f636f6d6d65726365811c9dc5_gen.json index a3452eb9..a228127e 100644 --- a/internal/data/assets/plugin_7067616c6c2d666f722d776f6f636f6d6d65726365811c9dc5_gen.json +++ b/internal/data/assets/plugin_7067616c6c2d666f722d776f6f636f6d6d65726365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/2fe166a9-8e80-4bb9-8074-5404289f5685/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-22 23:37:26","sources":[{"name":"Wordfence","remoteId":"2fe166a9-8e80-4bb9-8074-5404289f5685"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe166a9-8e80-4bb9-8074-5404289f5685?source=api-prod","cve":"CVE-2024-11228","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/3d85d609-781b-4f82-af57-124767f9d333/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d85d609-781b-4f82-af57-124767f9d333"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=api-prod","cve":"CVE-2024-11943","affectedVersions":"<=5.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/524ac3c0-d343-494f-8820-7a6bf290adbf/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 <= 5.2.11 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"524ac3c0-d343-494f-8820-7a6bf290adbf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/524ac3c0-d343-494f-8820-7a6bf290adbf?source=api-prod","cve":"CVE-2025-47661","affectedVersions":"<=5.2.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/9864507c-c09c-413c-ba5a-18792ba7598f/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"9864507c-c09c-413c-ba5a-18792ba7598f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9864507c-c09c-413c-ba5a-18792ba7598f?source=api-prod","cve":"CVE-2024-56281","affectedVersions":"<=5.2.0","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/2fe166a9-8e80-4bb9-8074-5404289f5685/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-22 23:37:26","sources":[{"name":"Wordfence","remoteId":"2fe166a9-8e80-4bb9-8074-5404289f5685"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe166a9-8e80-4bb9-8074-5404289f5685?source=api-prod","cve":"CVE-2024-11228","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/3d85d609-781b-4f82-af57-124767f9d333/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d85d609-781b-4f82-af57-124767f9d333"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=api-prod","cve":"CVE-2024-11943","affectedVersions":"<=5.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/524ac3c0-d343-494f-8820-7a6bf290adbf/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 <= 5.2.11 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"524ac3c0-d343-494f-8820-7a6bf290adbf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/524ac3c0-d343-494f-8820-7a6bf290adbf?source=api-prod","cve":"CVE-2025-47661","affectedVersions":"<=5.2.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/9864507c-c09c-413c-ba5a-18792ba7598f/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"9864507c-c09c-413c-ba5a-18792ba7598f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9864507c-c09c-413c-ba5a-18792ba7598f?source=api-prod","cve":"CVE-2024-56281","affectedVersions":"<=5.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/c022c434-6a77-4ef8-8665-127f54f743cd/pgall-for-woocommerce","title":"워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.5.6 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"c022c434-6a77-4ef8-8665-127f54f743cd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c022c434-6a77-4ef8-8665-127f54f743cd?source=api-prod","cve":"CVE-2026-56036","affectedVersions":"<=5.5.6","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7069786d61676978811c9dc5_gen.json b/internal/data/assets/plugin_7069786d61676978811c9dc5_gen.json new file mode 100644 index 00000000..ef023eac --- /dev/null +++ b/internal/data/assets/plugin_7069786d61676978811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/c87adbd9-3b09-403e-921a-31b3f58962e9/pixmagix","title":"PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 16:17:28","sources":[{"name":"Wordfence","remoteId":"c87adbd9-3b09-403e-921a-31b3f58962e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c87adbd9-3b09-403e-921a-31b3f58962e9?source=api-prod","cve":"CVE-2026-11367","affectedVersions":"<=1.7.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_706f73742d6475706c696361746f72811c9dc5_gen.json b/internal/data/assets/plugin_706f73742d6475706c696361746f72811c9dc5_gen.json index c4eb3a0f..25646550 100644 --- a/internal/data/assets/plugin_706f73742d6475706c696361746f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_706f73742d6475706c696361746f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/3071b2dc-9673-4e30-bd04-7404eb6a1ed9/post-duplicator","title":"Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-10 14:15:46","sources":[{"name":"Wordfence","remoteId":"3071b2dc-9673-4e30-bd04-7404eb6a1ed9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=api-prod","cve":"CVE-2024-12472","affectedVersions":"<=2.36","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a9000e3-a313-48f7-88cd-3041c8da8288/post-duplicator","title":"Post Duplicator <= 2.16 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-04-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a9000e3-a313-48f7-88cd-3041c8da8288"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9000e3-a313-48f7-88cd-3041c8da8288?source=api-prod","cve":"CVE-2016-15027","affectedVersions":"<=2.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/985dfe25-4860-477a-bd85-5bf3375b86db/post-duplicator","title":"Post Duplicator <= 2.35 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"985dfe25-4860-477a-bd85-5bf3375b86db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/985dfe25-4860-477a-bd85-5bf3375b86db?source=api-prod","cve":"CVE-2025-24736","affectedVersions":"<=2.35","severity":"medium"},{"advisoryId":"WPSECADV/WF/a10dc207-eb41-407e-a85c-ae5ea4c5d972/post-duplicator","title":"Post Duplicator <= 3.0.10 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"a10dc207-eb41-407e-a85c-ae5ea4c5d972"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a10dc207-eb41-407e-a85c-ae5ea4c5d972?source=api-prod","cve":"CVE-2026-39474","affectedVersions":"<=3.0.10","severity":"high"},{"advisoryId":"WPSECADV/WF/c763a8d8-c31a-4c9f-8f0e-814cda91b860/post-duplicator","title":"Post Duplicator <= 2.23 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"c763a8d8-c31a-4c9f-8f0e-814cda91b860"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c763a8d8-c31a-4c9f-8f0e-814cda91b860?source=api-prod","cve":"CVE-2021-33852","affectedVersions":"<2.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5665931-8da9-44db-a5b1-46acebf14f3b/post-duplicator","title":"Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5665931-8da9-44db-a5b1-46acebf14f3b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5665931-8da9-44db-a5b1-46acebf14f3b?source=api-prod","cve":"CVE-2023-49835","affectedVersions":"<=2.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5c86f72-934c-4f3b-ab2a-65df1490ca8a/post-duplicator","title":"Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-24 21:12:32","sources":[{"name":"Wordfence","remoteId":"e5c86f72-934c-4f3b-ab2a-65df1490ca8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c86f72-934c-4f3b-ab2a-65df1490ca8a?source=api-prod","cve":"CVE-2026-2301","affectedVersions":"<=3.0.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/3071b2dc-9673-4e30-bd04-7404eb6a1ed9/post-duplicator","title":"Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-10 14:15:46","sources":[{"name":"Wordfence","remoteId":"3071b2dc-9673-4e30-bd04-7404eb6a1ed9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=api-prod","cve":"CVE-2024-12472","affectedVersions":"<=2.36","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a9000e3-a313-48f7-88cd-3041c8da8288/post-duplicator","title":"Post Duplicator <= 2.16 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-04-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a9000e3-a313-48f7-88cd-3041c8da8288"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9000e3-a313-48f7-88cd-3041c8da8288?source=api-prod","cve":"CVE-2016-15027","affectedVersions":"<=2.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/6afd5a43-a835-4251-b7b2-a787582c9e71/post-duplicator","title":"Post Duplicator < 3.0.15 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"6afd5a43-a835-4251-b7b2-a787582c9e71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6afd5a43-a835-4251-b7b2-a787582c9e71?source=api-prod","cve":"CVE-2026-10749","affectedVersions":"<3.0.15","severity":"high"},{"advisoryId":"WPSECADV/WF/985dfe25-4860-477a-bd85-5bf3375b86db/post-duplicator","title":"Post Duplicator <= 2.35 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"985dfe25-4860-477a-bd85-5bf3375b86db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/985dfe25-4860-477a-bd85-5bf3375b86db?source=api-prod","cve":"CVE-2025-24736","affectedVersions":"<=2.35","severity":"medium"},{"advisoryId":"WPSECADV/WF/a10dc207-eb41-407e-a85c-ae5ea4c5d972/post-duplicator","title":"Post Duplicator <= 3.0.10 - Authenticated (Contributor+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"a10dc207-eb41-407e-a85c-ae5ea4c5d972"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a10dc207-eb41-407e-a85c-ae5ea4c5d972?source=api-prod","cve":"CVE-2026-39474","affectedVersions":"<=3.0.10","severity":"high"},{"advisoryId":"WPSECADV/WF/c763a8d8-c31a-4c9f-8f0e-814cda91b860/post-duplicator","title":"Post Duplicator <= 2.23 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"c763a8d8-c31a-4c9f-8f0e-814cda91b860"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c763a8d8-c31a-4c9f-8f0e-814cda91b860?source=api-prod","cve":"CVE-2021-33852","affectedVersions":"<2.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5665931-8da9-44db-a5b1-46acebf14f3b/post-duplicator","title":"Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e5665931-8da9-44db-a5b1-46acebf14f3b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5665931-8da9-44db-a5b1-46acebf14f3b?source=api-prod","cve":"CVE-2023-49835","affectedVersions":"<=2.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5c86f72-934c-4f3b-ab2a-65df1490ca8a/post-duplicator","title":"Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-24 21:12:32","sources":[{"name":"Wordfence","remoteId":"e5c86f72-934c-4f3b-ab2a-65df1490ca8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c86f72-934c-4f3b-ab2a-65df1490ca8a?source=api-prod","cve":"CVE-2026-2301","affectedVersions":"<=3.0.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7072656d69756d2d6164646f6e732d666f722d6b696e67636f6d706f736572811c9dc5_gen.json b/internal/data/assets/plugin_7072656d69756d2d6164646f6e732d666f722d6b696e67636f6d706f736572811c9dc5_gen.json index 97a5567e..454743e9 100644 --- a/internal/data/assets/plugin_7072656d69756d2d6164646f6e732d666f722d6b696e67636f6d706f736572811c9dc5_gen.json +++ b/internal/data/assets/plugin_7072656d69756d2d6164646f6e732d666f722d6b696e67636f6d706f736572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/b40177a3-e4d1-4025-9071-856537dc78eb/premium-addons-for-kingcomposer","title":"Premium Addons for KingComposer <= 1.1.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"b40177a3-e4d1-4025-9071-856537dc78eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b40177a3-e4d1-4025-9071-856537dc78eb?source=api-prod","cve":"CVE-2025-49036","affectedVersions":"<=1.1.1","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/5145b6bf-a726-4ef8-964f-63504bf7107e/premium-addons-for-kingcomposer","title":"Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 16:17:38","sources":[{"name":"Wordfence","remoteId":"5145b6bf-a726-4ef8-964f-63504bf7107e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5145b6bf-a726-4ef8-964f-63504bf7107e?source=api-prod","cve":"CVE-2026-12349","affectedVersions":"<=1.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b40177a3-e4d1-4025-9071-856537dc78eb/premium-addons-for-kingcomposer","title":"Premium Addons for KingComposer <= 1.1.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"b40177a3-e4d1-4025-9071-856537dc78eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b40177a3-e4d1-4025-9071-856537dc78eb?source=api-prod","cve":"CVE-2025-49036","affectedVersions":"<=1.1.1","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_70726f66696c65677269642d757365722d70726f66696c65732d67726f7570732d616e642d636f6d6d756e6974696573811c9dc5_gen.json b/internal/data/assets/plugin_70726f66696c65677269642d757365722d70726f66696c65732d67726f7570732d616e642d636f6d6d756e6974696573811c9dc5_gen.json index 12d1c39d..8dc18315 100644 --- a/internal/data/assets/plugin_70726f66696c65677269642d757365722d70726f66696c65732d67726f7570732d616e642d636f6d6d756e6974696573811c9dc5_gen.json +++ b/internal/data/assets/plugin_70726f66696c65677269642d757365722d70726f66696c65732d67726f7570732d616e642d636f6d6d756e6974696573811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"01cfd7db-f62d-4110-b9a4-49ff1e4e5e68"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68?source=api-prod","cve":"CVE-2022-36352","affectedVersions":"<=5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/03e6fa1d-0d6a-43e9-97ff-da874a51474a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"03e6fa1d-0d6a-43e9-97ff-da874a51474a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03e6fa1d-0d6a-43e9-97ff-da874a51474a?source=api-prod","cve":"CVE-2022-0233","affectedVersions":"<=4.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/09b26b78-b587-42f6-a9e3-c2945e91d29e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"09b26b78-b587-42f6-a9e3-c2945e91d29e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/09b26b78-b587-42f6-a9e3-c2945e91d29e?source=api-prod","cve":"CVE-2024-32808","affectedVersions":"<=5.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e1fce43-03c0-4863-bf0c-60a3c510a01d/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.2 - Bypass Group Members Limit\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e1fce43-03c0-4863-bf0c-60a3c510a01d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1fce43-03c0-4863-bf0c-60a3c510a01d?source=api-prod","cve":"CVE-2024-32774","affectedVersions":"<=5.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/134a3615-a9fa-48b5-8cd1-4c3fb24a777a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"134a3615-a9fa-48b5-8cd1-4c3fb24a777a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/134a3615-a9fa-48b5-8cd1-4c3fb24a777a?source=api-prod","cve":"CVE-2024-31362","affectedVersions":"<=5.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/140fa6e8-4381-4df2-af62-44d40b116daf/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"140fa6e8-4381-4df2-af62-44d40b116daf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/140fa6e8-4381-4df2-af62-44d40b116daf?source=api-prod","cve":"CVE-2025-0723","affectedVersions":"<=5.9.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/17dc6988-bbbe-4997-b5f1-230f8003138e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.4.3 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"17dc6988-bbbe-4997-b5f1-230f8003138e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17dc6988-bbbe-4997-b5f1-230f8003138e?source=api-prod","cve":"CVE-2025-26999","affectedVersions":"<=5.9.4.3","severity":"high"},{"advisoryId":"WPSECADV/WF/21ca7d14-a6b1-4d02-81c7-bfc5623c4818/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"21ca7d14-a6b1-4d02-81c7-bfc5623c4818"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/21ca7d14-a6b1-4d02-81c7-bfc5623c4818?source=api-prod","cve":"CVE-2025-48079","affectedVersions":"<=5.9.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/23e1a1e0-fcc2-441f-b77e-1b3d991262ea/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"23e1a1e0-fcc2-441f-b77e-1b3d991262ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23e1a1e0-fcc2-441f-b77e-1b3d991262ea?source=api-prod","cve":"CVE-2025-49033","affectedVersions":"<=5.9.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c?source=api-prod","cve":"CVE-2024-30490","affectedVersions":"<=5.7.8","severity":"critical"},{"advisoryId":"WPSECADV/WF/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 19:18:11","sources":[{"name":"Wordfence","remoteId":"2d3188c2-e5b0-4d83-8c92-ae6b409c92f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=api-prod","cve":"CVE-2024-8861","affectedVersions":"<=5.9.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ef3c7fb-27f5-4829-8cb6-d3a52778a689/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-09 15:34:42","sources":[{"name":"Wordfence","remoteId":"2ef3c7fb-27f5-4829-8cb6-d3a52778a689"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef3c7fb-27f5-4829-8cb6-d3a52778a689?source=api-prod","cve":"CVE-2024-6411","affectedVersions":"<=5.8.9","severity":"high"},{"advisoryId":"WPSECADV/WF/31c2cd54-f258-43ea-8db2-8d98ad7014d1/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-04 20:24:28","sources":[{"name":"Wordfence","remoteId":"31c2cd54-f258-43ea-8db2-8d98ad7014d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31c2cd54-f258-43ea-8db2-8d98ad7014d1?source=api-prod","cve":"CVE-2025-13416","affectedVersions":"<=5.9.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/34c64a8b-32ad-4349-b593-933fc057d1a6/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"34c64a8b-32ad-4349-b593-933fc057d1a6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34c64a8b-32ad-4349-b593-933fc057d1a6?source=api-prod","cve":"CVE-2026-4610","affectedVersions":"<=5.9.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/3f58ed72-5a0b-4b43-ad76-7730c79741da/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f58ed72-5a0b-4b43-ad76-7730c79741da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f58ed72-5a0b-4b43-ad76-7730c79741da?source=api-prod","cve":"CVE-2026-4608","affectedVersions":"<=5.9.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/404fc2d1-0c5d-4734-980e-ae3ac293d1f3/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"404fc2d1-0c5d-4734-980e-ae3ac293d1f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/404fc2d1-0c5d-4734-980e-ae3ac293d1f3?source=api-prod","cve":"CVE-2025-49877","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/473ba791-af99-4aae-99cb-ccf220e443e7/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"473ba791-af99-4aae-99cb-ccf220e443e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/473ba791-af99-4aae-99cb-ccf220e443e7?source=api-prod","cve":"CVE-2023-3713","affectedVersions":"<=5.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/4c611fa0-28ef-4425-8614-fb61e250e625/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-06 11:44:27","sources":[{"name":"Wordfence","remoteId":"4c611fa0-28ef-4425-8614-fb61e250e625"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c611fa0-28ef-4425-8614-fb61e250e625?source=api-prod","cve":"CVE-2026-2488","affectedVersions":"<=5.9.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb?source=api-prod","cve":"CVE-2023-0940","affectedVersions":"<=5.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/5f38f9f0-7c15-4c07-b501-b523ea58432a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f38f9f0-7c15-4c07-b501-b523ea58432a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f38f9f0-7c15-4c07-b501-b523ea58432a?source=api-prod","cve":"CVE-2026-4607","affectedVersions":"<=5.9.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/641f7727-83ba-45c2-b3e1-1ce19f86eac7/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:15:56","sources":[{"name":"Wordfence","remoteId":"641f7727-83ba-45c2-b3e1-1ce19f86eac7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=api-prod","cve":"CVE-2025-1408","affectedVersions":"<=5.9.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/655e3795-44c8-498c-a8cd-9985abc9664c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.0 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"655e3795-44c8-498c-a8cd-9985abc9664c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/655e3795-44c8-498c-a8cd-9985abc9664c?source=api-prod","cve":"CVE-2025-47478","affectedVersions":"<=5.9.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-06 11:37:07","sources":[{"name":"Wordfence","remoteId":"6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb?source=api-prod","cve":"CVE-2026-2494","affectedVersions":"<=5.9.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:16:59","sources":[{"name":"Wordfence","remoteId":"6bb1de69-7bc2-4785-9789-0a2d1cf35b9b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b?source=api-prod","cve":"CVE-2025-0724","affectedVersions":"<=5.9.4.5","severity":"high"},{"advisoryId":"WPSECADV/WF/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.0 - Hardcoded Encryption Key\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d490bfb-6560-428e-ad91-0f8d8bc9b1f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=api-prod","cve":"CVE-2023-3404","affectedVersions":"<=5.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6d923bbe-5976-43c5-a34d-d2758c83f607/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d923bbe-5976-43c5-a34d-d2758c83f607"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d923bbe-5976-43c5-a34d-d2758c83f607?source=api-prod","cve":"CVE-2024-37453","affectedVersions":"<=5.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/712535ce-8c38-4944-aa0a-36d9bacaeb67/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-04 20:36:46","sources":[{"name":"Wordfence","remoteId":"712535ce-8c38-4944-aa0a-36d9bacaeb67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/712535ce-8c38-4944-aa0a-36d9bacaeb67?source=api-prod","cve":"CVE-2026-1271","affectedVersions":"<=5.9.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/71fb1cef-6e01-4bd7-b0bc-5d21295f119a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.6.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"71fb1cef-6e01-4bd7-b0bc-5d21295f119a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb1cef-6e01-4bd7-b0bc-5d21295f119a?source=api-prod","cve":"CVE-2023-52117","affectedVersions":"<=5.6.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a44d182-2a43-47c0-ab2e-36c0514c1d47/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-04 19:31:30","sources":[{"name":"Wordfence","remoteId":"7a44d182-2a43-47c0-ab2e-36c0514c1d47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a44d182-2a43-47c0-ab2e-36c0514c1d47?source=api-prod","cve":"CVE-2024-5453","affectedVersions":"<=5.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-09 15:38:54","sources":[{"name":"Wordfence","remoteId":"8679f4cd-2cb8-48ad-a531-a00c1b85ed2e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=api-prod","cve":"CVE-2024-6410","affectedVersions":"<=5.8.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/9118acb5-65d7-4058-82f0-0989d33ea44c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9118acb5-65d7-4058-82f0-0989d33ea44c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9118acb5-65d7-4058-82f0-0989d33ea44c?source=api-prod","cve":"CVE-2025-39586","affectedVersions":"<=5.9.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/9476b41d-a9a2-46a7-8cf1-62de5d1703b1/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"9476b41d-a9a2-46a7-8cf1-62de5d1703b1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9476b41d-a9a2-46a7-8cf1-62de5d1703b1?source=api-prod","cve":"CVE-2024-30491","affectedVersions":"<=5.7.8","severity":"critical"},{"advisoryId":"WPSECADV/WF/95d2a05d-67ae-45b1-8add-0dcf73d43181/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 13:43:48","sources":[{"name":"Wordfence","remoteId":"95d2a05d-67ae-45b1-8add-0dcf73d43181"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=api-prod","cve":"CVE-2024-13741","affectedVersions":"<=5.9.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=api-prod","cve":"CVE-2024-10900","affectedVersions":"<=5.9.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4766651-92a6-42c9-81bc-7ea25350f561/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4766651-92a6-42c9-81bc-7ea25350f561"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4766651-92a6-42c9-81bc-7ea25350f561?source=api-prod","cve":"CVE-2023-3714","affectedVersions":"<=5.5.2","severity":"high"},{"advisoryId":"WPSECADV/WF/a5be103f-e174-47f9-8a1b-bb0d073c54e4/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5be103f-e174-47f9-8a1b-bb0d073c54e4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5be103f-e174-47f9-8a1b-bb0d073c54e4?source=api-prod","cve":"CVE-2024-32772","affectedVersions":"<=5.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/addf264e-e23c-4bb6-a898-0fbb4ec28189/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-15 16:14:28","sources":[{"name":"Wordfence","remoteId":"addf264e-e23c-4bb6-a898-0fbb4ec28189"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/addf264e-e23c-4bb6-a898-0fbb4ec28189?source=api-prod","cve":"CVE-2025-6977","affectedVersions":"<=5.9.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/b2436028-9ac2-4232-bccf-26019a26e186/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"b2436028-9ac2-4232-bccf-26019a26e186"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2436028-9ac2-4232-bccf-26019a26e186?source=api-prod","cve":"CVE-2024-30513","affectedVersions":"<=5.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b335fc19-2998-4711-8813-6cb68d7447bd/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.1 - Missing Authorization to User Import\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"b335fc19-2998-4711-8813-6cb68d7447bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd?source=api-prod","cve":"CVE-2023-3403","affectedVersions":"<=5.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6a8dcdc-88ab-4e8e-b631-8849e10be9ba/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Full Path Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6a8dcdc-88ab-4e8e-b631-8849e10be9ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a8dcdc-88ab-4e8e-b631-8849e10be9ba?source=api-prod","cve":"CVE-2025-52719","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c039d2fe-7518-4724-a025-6380a53fb58c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c039d2fe-7518-4724-a025-6380a53fb58c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c039d2fe-7518-4724-a025-6380a53fb58c?source=api-prod","cve":"CVE-2024-3606","affectedVersions":"<=5.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2a1b1a4-df72-4666-b116-882af4cd5796/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 13:45:14","sources":[{"name":"Wordfence","remoteId":"c2a1b1a4-df72-4666-b116-882af4cd5796"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a1b1a4-df72-4666-b116-882af4cd5796?source=api-prod","cve":"CVE-2024-13740","affectedVersions":"<=5.9.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3678b4d-0cd0-4873-8cf3-90c557931f4c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3678b4d-0cd0-4873-8cf3-90c557931f4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3678b4d-0cd0-4873-8cf3-90c557931f4c?source=api-prod","cve":"CVE-2026-4609","affectedVersions":"<=5.9.8.4","severity":"high"},{"advisoryId":"WPSECADV/WF/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef?source=api-prod","cve":"CVE-2024-49273","affectedVersions":"<=5.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/de495201-669c-4483-b30d-bb2abf6fe6c6/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"de495201-669c-4483-b30d-bb2abf6fe6c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de495201-669c-4483-b30d-bb2abf6fe6c6?source=api-prod","cve":"CVE-2024-31291","affectedVersions":"<=5.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0?source=api-prod","cve":"CVE-2025-49876","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6eea2cb-a2a9-4f65-9aea-b88565e47503/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6eea2cb-a2a9-4f65-9aea-b88565e47503"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6eea2cb-a2a9-4f65-9aea-b88565e47503?source=api-prod","cve":"CVE-2024-30241","affectedVersions":"<=5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e9489254-dbdc-4754-86d0-d28756b269a9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"e9489254-dbdc-4754-86d0-d28756b269a9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9489254-dbdc-4754-86d0-d28756b269a9?source=api-prod","cve":"CVE-2022-3578","affectedVersions":"<=5.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ea0540d1-3c02-43e7-852c-bf9a6c025fc4/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"ea0540d1-3c02-43e7-852c-bf9a6c025fc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea0540d1-3c02-43e7-852c-bf9a6c025fc4?source=api-prod","cve":"CVE-2025-4957","affectedVersions":"<=5.9.5.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"f58efd6c-58f2-464b-8aaf-f4f5c4c52f09"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09?source=api-prod","cve":"CVE-2023-47644","affectedVersions":"<=5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f6d3c88d-d0a1-4f27-8a9c-df35235b34dc/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.8.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f6d3c88d-d0a1-4f27-8a9c-df35235b34dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6d3c88d-d0a1-4f27-8a9c-df35235b34dc?source=api-prod","cve":"CVE-2026-25417","affectedVersions":"<=5.9.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f745652d-12d6-46cd-8599-0a42696cb45a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f745652d-12d6-46cd-8599-0a42696cb45a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f745652d-12d6-46cd-8599-0a42696cb45a?source=api-prod","cve":"CVE-2019-15873","affectedVersions":"<2.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/f9337519-0b33-43fa-9be4-2390b8b3afb9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9337519-0b33-43fa-9be4-2390b8b3afb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9337519-0b33-43fa-9be4-2390b8b3afb9?source=api-prod","cve":"CVE-2022-41791","affectedVersions":"<=5.1.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"01cfd7db-f62d-4110-b9a4-49ff1e4e5e68"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68?source=api-prod","cve":"CVE-2022-36352","affectedVersions":"<=5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/03e6fa1d-0d6a-43e9-97ff-da874a51474a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"03e6fa1d-0d6a-43e9-97ff-da874a51474a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03e6fa1d-0d6a-43e9-97ff-da874a51474a?source=api-prod","cve":"CVE-2022-0233","affectedVersions":"<=4.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/09b26b78-b587-42f6-a9e3-c2945e91d29e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"09b26b78-b587-42f6-a9e3-c2945e91d29e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/09b26b78-b587-42f6-a9e3-c2945e91d29e?source=api-prod","cve":"CVE-2024-32808","affectedVersions":"<=5.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e1fce43-03c0-4863-bf0c-60a3c510a01d/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.2 - Bypass Group Members Limit\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e1fce43-03c0-4863-bf0c-60a3c510a01d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1fce43-03c0-4863-bf0c-60a3c510a01d?source=api-prod","cve":"CVE-2024-32774","affectedVersions":"<=5.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/134a3615-a9fa-48b5-8cd1-4c3fb24a777a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"134a3615-a9fa-48b5-8cd1-4c3fb24a777a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/134a3615-a9fa-48b5-8cd1-4c3fb24a777a?source=api-prod","cve":"CVE-2024-31362","affectedVersions":"<=5.7.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/140fa6e8-4381-4df2-af62-44d40b116daf/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"140fa6e8-4381-4df2-af62-44d40b116daf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/140fa6e8-4381-4df2-af62-44d40b116daf?source=api-prod","cve":"CVE-2025-0723","affectedVersions":"<=5.9.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/17dc6988-bbbe-4997-b5f1-230f8003138e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.4.3 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"17dc6988-bbbe-4997-b5f1-230f8003138e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17dc6988-bbbe-4997-b5f1-230f8003138e?source=api-prod","cve":"CVE-2025-26999","affectedVersions":"<=5.9.4.3","severity":"high"},{"advisoryId":"WPSECADV/WF/21ca7d14-a6b1-4d02-81c7-bfc5623c4818/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"21ca7d14-a6b1-4d02-81c7-bfc5623c4818"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/21ca7d14-a6b1-4d02-81c7-bfc5623c4818?source=api-prod","cve":"CVE-2025-48079","affectedVersions":"<=5.9.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/23e1a1e0-fcc2-441f-b77e-1b3d991262ea/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"23e1a1e0-fcc2-441f-b77e-1b3d991262ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23e1a1e0-fcc2-441f-b77e-1b3d991262ea?source=api-prod","cve":"CVE-2025-49033","affectedVersions":"<=5.9.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c?source=api-prod","cve":"CVE-2024-30490","affectedVersions":"<=5.7.8","severity":"critical"},{"advisoryId":"WPSECADV/WF/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 19:18:11","sources":[{"name":"Wordfence","remoteId":"2d3188c2-e5b0-4d83-8c92-ae6b409c92f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=api-prod","cve":"CVE-2024-8861","affectedVersions":"<=5.9.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d35279d-299e-4ca2-8f84-165284e058c8/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 16:51:48","sources":[{"name":"Wordfence","remoteId":"2d35279d-299e-4ca2-8f84-165284e058c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d35279d-299e-4ca2-8f84-165284e058c8?source=api-prod","cve":"CVE-2026-12073","affectedVersions":"<=5.9.9.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/2ef3c7fb-27f5-4829-8cb6-d3a52778a689/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-09 15:34:42","sources":[{"name":"Wordfence","remoteId":"2ef3c7fb-27f5-4829-8cb6-d3a52778a689"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef3c7fb-27f5-4829-8cb6-d3a52778a689?source=api-prod","cve":"CVE-2024-6411","affectedVersions":"<=5.8.9","severity":"high"},{"advisoryId":"WPSECADV/WF/31c2cd54-f258-43ea-8db2-8d98ad7014d1/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-04 20:24:28","sources":[{"name":"Wordfence","remoteId":"31c2cd54-f258-43ea-8db2-8d98ad7014d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31c2cd54-f258-43ea-8db2-8d98ad7014d1?source=api-prod","cve":"CVE-2025-13416","affectedVersions":"<=5.9.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/34c64a8b-32ad-4349-b593-933fc057d1a6/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"34c64a8b-32ad-4349-b593-933fc057d1a6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34c64a8b-32ad-4349-b593-933fc057d1a6?source=api-prod","cve":"CVE-2026-4610","affectedVersions":"<=5.9.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/3f58ed72-5a0b-4b43-ad76-7730c79741da/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f58ed72-5a0b-4b43-ad76-7730c79741da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f58ed72-5a0b-4b43-ad76-7730c79741da?source=api-prod","cve":"CVE-2026-4608","affectedVersions":"<=5.9.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/404fc2d1-0c5d-4734-980e-ae3ac293d1f3/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"404fc2d1-0c5d-4734-980e-ae3ac293d1f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/404fc2d1-0c5d-4734-980e-ae3ac293d1f3?source=api-prod","cve":"CVE-2025-49877","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/473ba791-af99-4aae-99cb-ccf220e443e7/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"473ba791-af99-4aae-99cb-ccf220e443e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/473ba791-af99-4aae-99cb-ccf220e443e7?source=api-prod","cve":"CVE-2023-3713","affectedVersions":"<=5.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/4c611fa0-28ef-4425-8614-fb61e250e625/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-06 11:44:27","sources":[{"name":"Wordfence","remoteId":"4c611fa0-28ef-4425-8614-fb61e250e625"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c611fa0-28ef-4425-8614-fb61e250e625?source=api-prod","cve":"CVE-2026-2488","affectedVersions":"<=5.9.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb?source=api-prod","cve":"CVE-2023-0940","affectedVersions":"<=5.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/5f38f9f0-7c15-4c07-b501-b523ea58432a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f38f9f0-7c15-4c07-b501-b523ea58432a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f38f9f0-7c15-4c07-b501-b523ea58432a?source=api-prod","cve":"CVE-2026-4607","affectedVersions":"<=5.9.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/641f7727-83ba-45c2-b3e1-1ce19f86eac7/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:15:56","sources":[{"name":"Wordfence","remoteId":"641f7727-83ba-45c2-b3e1-1ce19f86eac7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=api-prod","cve":"CVE-2025-1408","affectedVersions":"<=5.9.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/655e3795-44c8-498c-a8cd-9985abc9664c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.0 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"655e3795-44c8-498c-a8cd-9985abc9664c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/655e3795-44c8-498c-a8cd-9985abc9664c?source=api-prod","cve":"CVE-2025-47478","affectedVersions":"<=5.9.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-06 11:37:07","sources":[{"name":"Wordfence","remoteId":"6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8ffdb9-b8c6-428c-a047-8e5286b2c2fb?source=api-prod","cve":"CVE-2026-2494","affectedVersions":"<=5.9.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 16:16:59","sources":[{"name":"Wordfence","remoteId":"6bb1de69-7bc2-4785-9789-0a2d1cf35b9b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b?source=api-prod","cve":"CVE-2025-0724","affectedVersions":"<=5.9.4.5","severity":"high"},{"advisoryId":"WPSECADV/WF/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.0 - Hardcoded Encryption Key\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d490bfb-6560-428e-ad91-0f8d8bc9b1f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=api-prod","cve":"CVE-2023-3404","affectedVersions":"<=5.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/6d923bbe-5976-43c5-a34d-d2758c83f607/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d923bbe-5976-43c5-a34d-d2758c83f607"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d923bbe-5976-43c5-a34d-d2758c83f607?source=api-prod","cve":"CVE-2024-37453","affectedVersions":"<=5.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/712535ce-8c38-4944-aa0a-36d9bacaeb67/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-04 20:36:46","sources":[{"name":"Wordfence","remoteId":"712535ce-8c38-4944-aa0a-36d9bacaeb67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/712535ce-8c38-4944-aa0a-36d9bacaeb67?source=api-prod","cve":"CVE-2026-1271","affectedVersions":"<=5.9.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/71fb1cef-6e01-4bd7-b0bc-5d21295f119a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.6.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"71fb1cef-6e01-4bd7-b0bc-5d21295f119a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb1cef-6e01-4bd7-b0bc-5d21295f119a?source=api-prod","cve":"CVE-2023-52117","affectedVersions":"<=5.6.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a44d182-2a43-47c0-ab2e-36c0514c1d47/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-04 19:31:30","sources":[{"name":"Wordfence","remoteId":"7a44d182-2a43-47c0-ab2e-36c0514c1d47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a44d182-2a43-47c0-ab2e-36c0514c1d47?source=api-prod","cve":"CVE-2024-5453","affectedVersions":"<=5.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-09 15:38:54","sources":[{"name":"Wordfence","remoteId":"8679f4cd-2cb8-48ad-a531-a00c1b85ed2e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=api-prod","cve":"CVE-2024-6410","affectedVersions":"<=5.8.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/9118acb5-65d7-4058-82f0-0989d33ea44c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9118acb5-65d7-4058-82f0-0989d33ea44c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9118acb5-65d7-4058-82f0-0989d33ea44c?source=api-prod","cve":"CVE-2025-39586","affectedVersions":"<=5.9.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/9476b41d-a9a2-46a7-8cf1-62de5d1703b1/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"9476b41d-a9a2-46a7-8cf1-62de5d1703b1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9476b41d-a9a2-46a7-8cf1-62de5d1703b1?source=api-prod","cve":"CVE-2024-30491","affectedVersions":"<=5.7.8","severity":"critical"},{"advisoryId":"WPSECADV/WF/95d2a05d-67ae-45b1-8add-0dcf73d43181/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 13:43:48","sources":[{"name":"Wordfence","remoteId":"95d2a05d-67ae-45b1-8add-0dcf73d43181"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=api-prod","cve":"CVE-2024-13741","affectedVersions":"<=5.9.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=api-prod","cve":"CVE-2024-10900","affectedVersions":"<=5.9.3.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4766651-92a6-42c9-81bc-7ea25350f561/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4766651-92a6-42c9-81bc-7ea25350f561"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4766651-92a6-42c9-81bc-7ea25350f561?source=api-prod","cve":"CVE-2023-3714","affectedVersions":"<=5.5.2","severity":"high"},{"advisoryId":"WPSECADV/WF/a5be103f-e174-47f9-8a1b-bb0d073c54e4/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5be103f-e174-47f9-8a1b-bb0d073c54e4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5be103f-e174-47f9-8a1b-bb0d073c54e4?source=api-prod","cve":"CVE-2024-32772","affectedVersions":"<=5.7.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/addf264e-e23c-4bb6-a898-0fbb4ec28189/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-15 16:14:28","sources":[{"name":"Wordfence","remoteId":"addf264e-e23c-4bb6-a898-0fbb4ec28189"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/addf264e-e23c-4bb6-a898-0fbb4ec28189?source=api-prod","cve":"CVE-2025-6977","affectedVersions":"<=5.9.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/b2436028-9ac2-4232-bccf-26019a26e186/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"b2436028-9ac2-4232-bccf-26019a26e186"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2436028-9ac2-4232-bccf-26019a26e186?source=api-prod","cve":"CVE-2024-30513","affectedVersions":"<=5.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b335fc19-2998-4711-8813-6cb68d7447bd/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.5.1 - Missing Authorization to User Import\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"b335fc19-2998-4711-8813-6cb68d7447bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd?source=api-prod","cve":"CVE-2023-3403","affectedVersions":"<=5.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6a8dcdc-88ab-4e8e-b631-8849e10be9ba/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Full Path Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6a8dcdc-88ab-4e8e-b631-8849e10be9ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a8dcdc-88ab-4e8e-b631-8849e10be9ba?source=api-prod","cve":"CVE-2025-52719","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c039d2fe-7518-4724-a025-6380a53fb58c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"c039d2fe-7518-4724-a025-6380a53fb58c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c039d2fe-7518-4724-a025-6380a53fb58c?source=api-prod","cve":"CVE-2024-3606","affectedVersions":"<=5.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2a1b1a4-df72-4666-b116-882af4cd5796/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-17 13:45:14","sources":[{"name":"Wordfence","remoteId":"c2a1b1a4-df72-4666-b116-882af4cd5796"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a1b1a4-df72-4666-b116-882af4cd5796?source=api-prod","cve":"CVE-2024-13740","affectedVersions":"<=5.9.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c3678b4d-0cd0-4873-8cf3-90c557931f4c/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c3678b4d-0cd0-4873-8cf3-90c557931f4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3678b4d-0cd0-4873-8cf3-90c557931f4c?source=api-prod","cve":"CVE-2026-4609","affectedVersions":"<=5.9.8.4","severity":"high"},{"advisoryId":"WPSECADV/WF/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef?source=api-prod","cve":"CVE-2024-49273","affectedVersions":"<=5.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/de495201-669c-4483-b30d-bb2abf6fe6c6/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"de495201-669c-4483-b30d-bb2abf6fe6c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de495201-669c-4483-b30d-bb2abf6fe6c6?source=api-prod","cve":"CVE-2024-31291","affectedVersions":"<=5.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e46bd083-ed21-4e2a-b79d-62d9b3c7f1d0?source=api-prod","cve":"CVE-2025-49876","affectedVersions":"<=5.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e6eea2cb-a2a9-4f65-9aea-b88565e47503/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"e6eea2cb-a2a9-4f65-9aea-b88565e47503"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e6eea2cb-a2a9-4f65-9aea-b88565e47503?source=api-prod","cve":"CVE-2024-30241","affectedVersions":"<=5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e9489254-dbdc-4754-86d0-d28756b269a9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"e9489254-dbdc-4754-86d0-d28756b269a9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9489254-dbdc-4754-86d0-d28756b269a9?source=api-prod","cve":"CVE-2022-3578","affectedVersions":"<=5.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ea0540d1-3c02-43e7-852c-bf9a6c025fc4/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"ea0540d1-3c02-43e7-852c-bf9a6c025fc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea0540d1-3c02-43e7-852c-bf9a6c025fc4?source=api-prod","cve":"CVE-2025-4957","affectedVersions":"<=5.9.5.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.7.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"f58efd6c-58f2-464b-8aaf-f4f5c4c52f09"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09?source=api-prod","cve":"CVE-2023-47644","affectedVersions":"<=5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f6d3c88d-d0a1-4f27-8a9c-df35235b34dc/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Groups and Communities <= 5.9.8.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f6d3c88d-d0a1-4f27-8a9c-df35235b34dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6d3c88d-d0a1-4f27-8a9c-df35235b34dc?source=api-prod","cve":"CVE-2026-25417","affectedVersions":"<=5.9.8.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f745652d-12d6-46cd-8599-0a42696cb45a/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f745652d-12d6-46cd-8599-0a42696cb45a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f745652d-12d6-46cd-8599-0a42696cb45a?source=api-prod","cve":"CVE-2019-15873","affectedVersions":"<2.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/f9337519-0b33-43fa-9be4-2390b8b3afb9/profilegrid-user-profiles-groups-and-communities","title":"ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9337519-0b33-43fa-9be4-2390b8b3afb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9337519-0b33-43fa-9be4-2390b8b3afb9?source=api-prod","cve":"CVE-2022-41791","affectedVersions":"<=5.1.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_717569636b2d696e7465726573742d736c69646572811c9dc5_gen.json b/internal/data/assets/plugin_717569636b2d696e7465726573742d736c69646572811c9dc5_gen.json index b52c0f74..986be989 100644 --- a/internal/data/assets/plugin_717569636b2d696e7465726573742d736c69646572811c9dc5_gen.json +++ b/internal/data/assets/plugin_717569636b2d696e7465726573742d736c69646572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/08b8f1ad-f616-4ceb-9c53-9d53aac370c9/quick-interest-slider","title":"Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"08b8f1ad-f616-4ceb-9c53-9d53aac370c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/08b8f1ad-f616-4ceb-9c53-9d53aac370c9?source=api-prod","cve":"CVE-2024-31263","affectedVersions":"<=2.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a4bd32b-ab84-4668-a53c-960b42142968/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a4bd32b-ab84-4668-a53c-960b42142968"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a4bd32b-ab84-4668-a53c-960b42142968?source=api-prod","cve":"CVE-2025-62153","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/4377b12c-b118-4284-8532-474473658ea5/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"4377b12c-b118-4284-8532-474473658ea5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4377b12c-b118-4284-8532-474473658ea5?source=api-prod","cve":"CVE-2025-26738","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bc142c3-6c80-49e2-9274-a211c8cc736f/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"7bc142c3-6c80-49e2-9274-a211c8cc736f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc142c3-6c80-49e2-9274-a211c8cc736f?source=api-prod","cve":"CVE-2025-64237","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e3ce37e7-1dca-4f74-86ce-65bf29ef091e/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-14 19:44:37","sources":[{"name":"Wordfence","remoteId":"e3ce37e7-1dca-4f74-86ce-65bf29ef091e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ce37e7-1dca-4f74-86ce-65bf29ef091e?source=api-prod","cve":"CVE-2026-5694","affectedVersions":"<=3.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f/quick-interest-slider","title":"Loan Repayment Calculator and Application Form <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f?source=api-prod","cve":"CVE-2023-50829","affectedVersions":"<=2.9.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/08b8f1ad-f616-4ceb-9c53-9d53aac370c9/quick-interest-slider","title":"Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"08b8f1ad-f616-4ceb-9c53-9d53aac370c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/08b8f1ad-f616-4ceb-9c53-9d53aac370c9?source=api-prod","cve":"CVE-2024-31263","affectedVersions":"<=2.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/15fbfb20-50c7-4390-afa3-e6b9c95a2551/quick-interest-slider","title":"Quick Interest Slider <= 3.1.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"15fbfb20-50c7-4390-afa3-e6b9c95a2551"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/15fbfb20-50c7-4390-afa3-e6b9c95a2551?source=api-prod","cve":"CVE-2026-56039","affectedVersions":"<=3.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a4bd32b-ab84-4668-a53c-960b42142968/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a4bd32b-ab84-4668-a53c-960b42142968"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a4bd32b-ab84-4668-a53c-960b42142968?source=api-prod","cve":"CVE-2025-62153","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/4377b12c-b118-4284-8532-474473658ea5/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"4377b12c-b118-4284-8532-474473658ea5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4377b12c-b118-4284-8532-474473658ea5?source=api-prod","cve":"CVE-2025-26738","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bc142c3-6c80-49e2-9274-a211c8cc736f/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"7bc142c3-6c80-49e2-9274-a211c8cc736f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc142c3-6c80-49e2-9274-a211c8cc736f?source=api-prod","cve":"CVE-2025-64237","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e3ce37e7-1dca-4f74-86ce-65bf29ef091e/quick-interest-slider","title":"Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-14 19:44:37","sources":[{"name":"Wordfence","remoteId":"e3ce37e7-1dca-4f74-86ce-65bf29ef091e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ce37e7-1dca-4f74-86ce-65bf29ef091e?source=api-prod","cve":"CVE-2026-5694","affectedVersions":"<=3.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f/quick-interest-slider","title":"Loan Repayment Calculator and Application Form <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f?source=api-prod","cve":"CVE-2023-50829","affectedVersions":"<=2.9.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_71756f7465732d6c6c616d61811c9dc5_gen.json b/internal/data/assets/plugin_71756f7465732d6c6c616d61811c9dc5_gen.json index 68a6b72b..9d06d8a3 100644 --- a/internal/data/assets/plugin_71756f7465732d6c6c616d61811c9dc5_gen.json +++ b/internal/data/assets/plugin_71756f7465732d6c6c616d61811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1e07562d-ab3a-47bc-9bb1-b952f769f5e5/quotes-llama","title":"Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"1e07562d-ab3a-47bc-9bb1-b952f769f5e5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1e07562d-ab3a-47bc-9bb1-b952f769f5e5?source=api-prod","cve":"CVE-2022-1566","affectedVersions":"<=0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5e2f3abd-0a15-4bc1-966a-22d606f3e333/quotes-llama","title":"Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-22 15:10:01","sources":[{"name":"Wordfence","remoteId":"5e2f3abd-0a15-4bc1-966a-22d606f3e333"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=api-prod","cve":"CVE-2024-10874","affectedVersions":"<=3.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d2b0de76-14be-414e-bbdb-1188f3516633/quotes-llama","title":"Quotes llama <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"d2b0de76-14be-414e-bbdb-1188f3516633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b0de76-14be-414e-bbdb-1188f3516633?source=api-prod","cve":"CVE-2025-30786","affectedVersions":"<=3.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7fb1b31-3393-4fd4-9cef-35fda1258b5e/quotes-llama","title":"Quotes llama <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7fb1b31-3393-4fd4-9cef-35fda1258b5e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7fb1b31-3393-4fd4-9cef-35fda1258b5e?source=api-prod","cve":"CVE-2025-27307","affectedVersions":"<=3.0.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1e07562d-ab3a-47bc-9bb1-b952f769f5e5/quotes-llama","title":"Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"1e07562d-ab3a-47bc-9bb1-b952f769f5e5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1e07562d-ab3a-47bc-9bb1-b952f769f5e5?source=api-prod","cve":"CVE-2022-1566","affectedVersions":"<=0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5e2f3abd-0a15-4bc1-966a-22d606f3e333/quotes-llama","title":"Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-22 15:10:01","sources":[{"name":"Wordfence","remoteId":"5e2f3abd-0a15-4bc1-966a-22d606f3e333"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=api-prod","cve":"CVE-2024-10874","affectedVersions":"<=3.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d2b0de76-14be-414e-bbdb-1188f3516633/quotes-llama","title":"Quotes llama <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"d2b0de76-14be-414e-bbdb-1188f3516633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b0de76-14be-414e-bbdb-1188f3516633?source=api-prod","cve":"CVE-2025-30786","affectedVersions":"<=3.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7fb1b31-3393-4fd4-9cef-35fda1258b5e/quotes-llama","title":"Quotes llama <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7fb1b31-3393-4fd4-9cef-35fda1258b5e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7fb1b31-3393-4fd4-9cef-35fda1258b5e?source=api-prod","cve":"CVE-2025-27307","affectedVersions":"<=3.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e64bb998-277c-4e83-892f-dc9cd74a11e6/quotes-llama","title":"Quotes llama <= 3.1.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"e64bb998-277c-4e83-892f-dc9cd74a11e6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e64bb998-277c-4e83-892f-dc9cd74a11e6?source=api-prod","cve":"CVE-2026-56062","affectedVersions":"<=3.1.5","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_726573706f6e736976652d6c69676874626f78811c9dc5_gen.json b/internal/data/assets/plugin_726573706f6e736976652d6c69676874626f78811c9dc5_gen.json index b0988e75..a766ec21 100644 --- a/internal/data/assets/plugin_726573706f6e736976652d6c69676874626f78811c9dc5_gen.json +++ b/internal/data/assets/plugin_726573706f6e736976652d6c69676874626f78811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/06063978-6c61-42e0-bf03-092aaa20d850/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"06063978-6c61-42e0-bf03-092aaa20d850"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/06063978-6c61-42e0-bf03-092aaa20d850?source=api-prod","cve":"CVE-2025-9710","affectedVersions":"<=2.5.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef/responsive-lightbox","title":"PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"2cc5962f-4d3c-43ea-996b-a5bb3d0dccef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod","cve":"CVE-2013-6837","affectedVersions":"<1.4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/44276b28-9509-4f59-936c-fff2ae404076/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-24 20:06:06","sources":[{"name":"Wordfence","remoteId":"44276b28-9509-4f59-936c-fff2ae404076"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44276b28-9509-4f59-936c-fff2ae404076?source=api-prod","cve":"CVE-2026-2479","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/44b173da-a6b9-424c-95a1-a87a9b8ee4af/responsive-lightbox","title":"Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"44b173da-a6b9-424c-95a1-a87a9b8ee4af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af?source=api-prod","cve":"CVE-2024-5667","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08/responsive-lightbox","title":"Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b60c1e2-5a4b-4a7a-8224-f1afd3888e08"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08?source=api-prod","cve":"CVE-2023-49174","affectedVersions":"<=2.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/545f10df-e473-48df-87ab-87f5e1088e93/responsive-lightbox","title":"Responsive Lightbox <= 2.4.8 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"545f10df-e473-48df-87ab-87f5e1088e93"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/545f10df-e473-48df-87ab-87f5e1088e93?source=api-prod","cve":"CVE-2024-49282","affectedVersions":"<=2.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ead05d3-a5b1-474f-bc72-67570ff060da/responsive-lightbox","title":"Responsive Lightbox <= 2.4.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ead05d3-a5b1-474f-bc72-67570ff060da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ead05d3-a5b1-474f-bc72-67570ff060da?source=api-prod","cve":"CVE-2024-43924","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7f4c0bd6-f289-4a52-ac11-345076c32d84/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 17:10:58","sources":[{"name":"Wordfence","remoteId":"7f4c0bd6-f289-4a52-ac11-345076c32d84"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4c0bd6-f289-4a52-ac11-345076c32d84?source=api-prod","cve":"CVE-2025-12359","affectedVersions":"<=2.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/86a41cdf-8d7a-4d62-9370-8bdf4a259819/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"86a41cdf-8d7a-4d62-9370-8bdf4a259819"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86a41cdf-8d7a-4d62-9370-8bdf4a259819?source=api-prod","cve":"CVE-2025-3742","affectedVersions":"<=2.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ad48145b-24c5-49ac-a192-08c496e08e00/responsive-lightbox","title":"Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad48145b-24c5-49ac-a192-08c496e08e00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad48145b-24c5-49ac-a192-08c496e08e00?source=api-prod","cve":"CVE-2025-15386","affectedVersions":"<2.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/ade377c4-c7aa-428d-b763-6e6fb6caee0c/responsive-lightbox","title":"Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"ade377c4-c7aa-428d-b763-6e6fb6caee0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ade377c4-c7aa-428d-b763-6e6fb6caee0c?source=api-prod","cve":"CVE-2024-31252","affectedVersions":"<=2.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db/responsive-lightbox","title":"Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"d99d4b9a-aa09-434d-91a8-7afaa0e8b5db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db?source=api-prod","cve":"CVE-2024-5020","affectedVersions":"<=2.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/d99d7a26-3645-4ff5-8c48-17b6fa77a228/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d99d7a26-3645-4ff5-8c48-17b6fa77a228"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d7a26-3645-4ff5-8c48-17b6fa77a228?source=api-prod","affectedVersions":"<=2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e290e142-bd18-4441-b3d0-1a84e1faeaf7/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"e290e142-bd18-4441-b3d0-1a84e1faeaf7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e290e142-bd18-4441-b3d0-1a84e1faeaf7?source=api-prod","cve":"CVE-2025-5093","affectedVersions":"<=2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4d55309-d178-4b3d-9de6-2cf2769b76fe/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-21 21:21:39","sources":[{"name":"Wordfence","remoteId":"e4d55309-d178-4b3d-9de6-2cf2769b76fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d55309-d178-4b3d-9de6-2cf2769b76fe?source=api-prod","cve":"CVE-2024-6870","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/fcce2857-5bc8-4bee-b218-45f56cb0184b/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fcce2857-5bc8-4bee-b218-45f56cb0184b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fcce2857-5bc8-4bee-b218-45f56cb0184b?source=api-prod","cve":"CVE-2017-2243","affectedVersions":"<=1.7.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/06063978-6c61-42e0-bf03-092aaa20d850/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"06063978-6c61-42e0-bf03-092aaa20d850"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/06063978-6c61-42e0-bf03-092aaa20d850?source=api-prod","cve":"CVE-2025-9710","affectedVersions":"<=2.5.2","severity":"high"},{"advisoryId":"WPSECADV/WF/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef/responsive-lightbox","title":"PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"2cc5962f-4d3c-43ea-996b-a5bb3d0dccef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod","cve":"CVE-2013-6837","affectedVersions":"<1.4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/44276b28-9509-4f59-936c-fff2ae404076/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-24 20:06:06","sources":[{"name":"Wordfence","remoteId":"44276b28-9509-4f59-936c-fff2ae404076"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44276b28-9509-4f59-936c-fff2ae404076?source=api-prod","cve":"CVE-2026-2479","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/44b173da-a6b9-424c-95a1-a87a9b8ee4af/responsive-lightbox","title":"Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"44b173da-a6b9-424c-95a1-a87a9b8ee4af"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af?source=api-prod","cve":"CVE-2024-5667","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08/responsive-lightbox","title":"Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b60c1e2-5a4b-4a7a-8224-f1afd3888e08"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08?source=api-prod","cve":"CVE-2023-49174","affectedVersions":"<=2.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/545f10df-e473-48df-87ab-87f5e1088e93/responsive-lightbox","title":"Responsive Lightbox <= 2.4.8 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"545f10df-e473-48df-87ab-87f5e1088e93"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/545f10df-e473-48df-87ab-87f5e1088e93?source=api-prod","cve":"CVE-2024-49282","affectedVersions":"<=2.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ead05d3-a5b1-474f-bc72-67570ff060da/responsive-lightbox","title":"Responsive Lightbox <= 2.4.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ead05d3-a5b1-474f-bc72-67570ff060da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ead05d3-a5b1-474f-bc72-67570ff060da?source=api-prod","cve":"CVE-2024-43924","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/7f4c0bd6-f289-4a52-ac11-345076c32d84/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 17:10:58","sources":[{"name":"Wordfence","remoteId":"7f4c0bd6-f289-4a52-ac11-345076c32d84"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4c0bd6-f289-4a52-ac11-345076c32d84?source=api-prod","cve":"CVE-2025-12359","affectedVersions":"<=2.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/86a41cdf-8d7a-4d62-9370-8bdf4a259819/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"86a41cdf-8d7a-4d62-9370-8bdf4a259819"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86a41cdf-8d7a-4d62-9370-8bdf4a259819?source=api-prod","cve":"CVE-2025-3742","affectedVersions":"<=2.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b9fe020-1bec-4891-b2c5-a0a8f6349f0f/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.7.6 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b9fe020-1bec-4891-b2c5-a0a8f6349f0f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9fe020-1bec-4891-b2c5-a0a8f6349f0f?source=api-prod","cve":"CVE-2026-56041","affectedVersions":"<=2.7.6","severity":"high"},{"advisoryId":"WPSECADV/WF/ad48145b-24c5-49ac-a192-08c496e08e00/responsive-lightbox","title":"Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad48145b-24c5-49ac-a192-08c496e08e00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad48145b-24c5-49ac-a192-08c496e08e00?source=api-prod","cve":"CVE-2025-15386","affectedVersions":"<2.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/ade377c4-c7aa-428d-b763-6e6fb6caee0c/responsive-lightbox","title":"Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"ade377c4-c7aa-428d-b763-6e6fb6caee0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ade377c4-c7aa-428d-b763-6e6fb6caee0c?source=api-prod","cve":"CVE-2024-31252","affectedVersions":"<=2.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db/responsive-lightbox","title":"Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"d99d4b9a-aa09-434d-91a8-7afaa0e8b5db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db?source=api-prod","cve":"CVE-2024-5020","affectedVersions":"<=2.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/d99d7a26-3645-4ff5-8c48-17b6fa77a228/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d99d7a26-3645-4ff5-8c48-17b6fa77a228"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d7a26-3645-4ff5-8c48-17b6fa77a228?source=api-prod","affectedVersions":"<=2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e290e142-bd18-4441-b3d0-1a84e1faeaf7/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"e290e142-bd18-4441-b3d0-1a84e1faeaf7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e290e142-bd18-4441-b3d0-1a84e1faeaf7?source=api-prod","cve":"CVE-2025-5093","affectedVersions":"<=2.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4d55309-d178-4b3d-9de6-2cf2769b76fe/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-21 21:21:39","sources":[{"name":"Wordfence","remoteId":"e4d55309-d178-4b3d-9de6-2cf2769b76fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d55309-d178-4b3d-9de6-2cf2769b76fe?source=api-prod","cve":"CVE-2024-6870","affectedVersions":"<=2.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/fcce2857-5bc8-4bee-b218-45f56cb0184b/responsive-lightbox","title":"Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fcce2857-5bc8-4bee-b218-45f56cb0184b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fcce2857-5bc8-4bee-b218-45f56cb0184b?source=api-prod","cve":"CVE-2017-2243","affectedVersions":"<=1.7.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7365656470726f642d636f6d696e672d736f6f6e2d70726f2d35811c9dc5_gen.json b/internal/data/assets/plugin_7365656470726f642d636f6d696e672d736f6f6e2d70726f2d35811c9dc5_gen.json index 110cd5fd..895d3325 100644 --- a/internal/data/assets/plugin_7365656470726f642d636f6d696e672d736f6f6e2d70726f2d35811c9dc5_gen.json +++ b/internal/data/assets/plugin_7365656470726f642d636f6d696e672d736f6f6e2d70726f2d35811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/19b69d1e-84fd-446e-8de3-dad73bede5bb/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.13 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"19b69d1e-84fd-446e-8de3-dad73bede5bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19b69d1e-84fd-446e-8de3-dad73bede5bb?source=api-prod","cve":"CVE-2024-54285","affectedVersions":"<=6.18.13","severity":"high"},{"advisoryId":"WPSECADV/WF/27a37c36-a2cf-4872-b1c4-f8bf61e3de30/seedprod-coming-soon-pro-5","title":"SeedProd Pro < 6.19.5 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"27a37c36-a2cf-4872-b1c4-f8bf61e3de30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27a37c36-a2cf-4872-b1c4-f8bf61e3de30?source=api-prod","cve":"CVE-2026-48972","affectedVersions":"<6.19.5","severity":"high"},{"advisoryId":"WPSECADV/WF/b07c507e-9fab-426d-998e-ab557d1f1b1a/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.12 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"b07c507e-9fab-426d-998e-ab557d1f1b1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b07c507e-9fab-426d-998e-ab557d1f1b1a?source=api-prod","cve":"CVE-2024-54284","affectedVersions":"<=6.18.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/d39a85fe-8cae-4ba1-b100-fbfa5a08df67/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.12 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"d39a85fe-8cae-4ba1-b100-fbfa5a08df67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d39a85fe-8cae-4ba1-b100-fbfa5a08df67?source=api-prod","cve":"CVE-2024-54283","affectedVersions":"<=6.18.12","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/19b69d1e-84fd-446e-8de3-dad73bede5bb/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.13 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"19b69d1e-84fd-446e-8de3-dad73bede5bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19b69d1e-84fd-446e-8de3-dad73bede5bb?source=api-prod","cve":"CVE-2024-54285","affectedVersions":"<=6.18.13","severity":"high"},{"advisoryId":"WPSECADV/WF/27a37c36-a2cf-4872-b1c4-f8bf61e3de30/seedprod-coming-soon-pro-5","title":"SeedProd Pro < 6.19.5 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"27a37c36-a2cf-4872-b1c4-f8bf61e3de30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27a37c36-a2cf-4872-b1c4-f8bf61e3de30?source=api-prod","cve":"CVE-2026-48972","affectedVersions":"<6.19.5","severity":"high"},{"advisoryId":"WPSECADV/WF/ab478a98-3f76-4712-9a0f-99bfe27043e1/seedprod-coming-soon-pro-5","title":"SeedProd Pro < 6.19.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"ab478a98-3f76-4712-9a0f-99bfe27043e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ab478a98-3f76-4712-9a0f-99bfe27043e1?source=api-prod","cve":"CVE-2026-57617","affectedVersions":"<6.19.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b07c507e-9fab-426d-998e-ab557d1f1b1a/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.12 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"b07c507e-9fab-426d-998e-ab557d1f1b1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b07c507e-9fab-426d-998e-ab557d1f1b1a?source=api-prod","cve":"CVE-2024-54284","affectedVersions":"<=6.18.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/d39a85fe-8cae-4ba1-b100-fbfa5a08df67/seedprod-coming-soon-pro-5","title":"SeedProd Pro <= 6.18.12 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"d39a85fe-8cae-4ba1-b100-fbfa5a08df67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d39a85fe-8cae-4ba1-b100-fbfa5a08df67?source=api-prod","cve":"CVE-2024-54283","affectedVersions":"<=6.18.12","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_73696d706c652d62617369632d636f6e746163742d666f726d811c9dc5_gen.json b/internal/data/assets/plugin_73696d706c652d62617369632d636f6e746163742d666f726d811c9dc5_gen.json index 025d183a..742bcbb5 100644 --- a/internal/data/assets/plugin_73696d706c652d62617369632d636f6e746163742d666f726d811c9dc5_gen.json +++ b/internal/data/assets/plugin_73696d706c652d62617369632d636f6e746163742d666f726d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=api-prod","cve":"CVE-2024-4150","affectedVersions":"<=20221201","severity":"medium"},{"advisoryId":"WPSECADV/WF/38e831b4-8284-4fad-ac24-a2f08053c53e/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"38e831b4-8284-4fad-ac24-a2f08053c53e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38e831b4-8284-4fad-ac24-a2f08053c53e?source=api-prod","cve":"CVE-2022-4226","affectedVersions":"<=20220207","severity":"medium"},{"advisoryId":"WPSECADV/WF/ac23c688-b3d7-4844-ac94-0cbd798bce4c/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20240511 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ac23c688-b3d7-4844-ac94-0cbd798bce4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ac23c688-b3d7-4844-ac94-0cbd798bce4c?source=api-prod","cve":"CVE-2024-12716","affectedVersions":"<=20240511","severity":"medium"},{"advisoryId":"WPSECADV/WF/ded1944f-662d-4d25-8277-4b1dc63b2144/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"ded1944f-662d-4d25-8277-4b1dc63b2144"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=api-prod","cve":"CVE-2024-4144","affectedVersions":"<=20240502","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=api-prod","cve":"CVE-2024-4150","affectedVersions":"<=20221201","severity":"medium"},{"advisoryId":"WPSECADV/WF/38e831b4-8284-4fad-ac24-a2f08053c53e/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"38e831b4-8284-4fad-ac24-a2f08053c53e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38e831b4-8284-4fad-ac24-a2f08053c53e?source=api-prod","cve":"CVE-2022-4226","affectedVersions":"<=20220207","severity":"medium"},{"advisoryId":"WPSECADV/WF/63af403f-facd-40e3-94bf-12f211d0c7ed/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20250114 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"63af403f-facd-40e3-94bf-12f211d0c7ed"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/63af403f-facd-40e3-94bf-12f211d0c7ed?source=api-prod","cve":"CVE-2026-8172","affectedVersions":"<=20250114","severity":"high"},{"advisoryId":"WPSECADV/WF/ac23c688-b3d7-4844-ac94-0cbd798bce4c/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20240511 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"ac23c688-b3d7-4844-ac94-0cbd798bce4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ac23c688-b3d7-4844-ac94-0cbd798bce4c?source=api-prod","cve":"CVE-2024-12716","affectedVersions":"<=20240511","severity":"medium"},{"advisoryId":"WPSECADV/WF/ded1944f-662d-4d25-8277-4b1dc63b2144/simple-basic-contact-form","title":"Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"ded1944f-662d-4d25-8277-4b1dc63b2144"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=api-prod","cve":"CVE-2024-4144","affectedVersions":"<=20240502","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_73696d706c792d7363686564756c652d6170706f696e746d656e7473811c9dc5_gen.json b/internal/data/assets/plugin_73696d706c792d7363686564756c652d6170706f696e746d656e7473811c9dc5_gen.json index 0d28d108..78a16947 100644 --- a/internal/data/assets/plugin_73696d706c792d7363686564756c652d6170706f696e746d656e7473811c9dc5_gen.json +++ b/internal/data/assets/plugin_73696d706c792d7363686564756c652d6170706f696e746d656e7473811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c0dd466-a78a-4b79-b9bd-5363f69d9a4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=api-prod","cve":"CVE-2024-2342","affectedVersions":"<=1.6.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/0e170f98-692b-48f1-92b0-530cbe21440b/simply-schedule-appointments","title":"Appointment Booking Calendar <= - Authenticated (Admin+) Stored Cross-Site Scripting via Notification Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e170f98-692b-48f1-92b0-530cbe21440b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e170f98-692b-48f1-92b0-530cbe21440b?source=api-prod","cve":"CVE-2024-7877","affectedVersions":"<=1.6.7.53","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eb94259-5f24-49dd-bf4b-0c1dd996d9d4/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.15 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eb94259-5f24-49dd-bf4b-0c1dd996d9d4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb94259-5f24-49dd-bf4b-0c1dd996d9d4?source=api-prod","cve":"CVE-2025-69315","affectedVersions":"<=1.6.9.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eec9744-6dbd-42bd-b9c5-c9d792cecf4b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=api-prod","cve":"CVE-2024-1760","affectedVersions":"<=1.6.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/10d7a50c-41e9-41b7-a171-d72dbe08e7b7/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-18 18:13:50","sources":[{"name":"Wordfence","remoteId":"10d7a50c-41e9-41b7-a171-d72dbe08e7b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10d7a50c-41e9-41b7-a171-d72dbe08e7b7?source=api-prod","cve":"CVE-2025-13754","affectedVersions":"<=1.6.9.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/13d544ae-fbca-42d9-9d74-5e018092e097/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.7.53 - Authenticated (Admin+) Stored Cross-Site Scripting via Appointment Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"13d544ae-fbca-42d9-9d74-5e018092e097"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/13d544ae-fbca-42d9-9d74-5e018092e097?source=api-prod","cve":"CVE-2024-7876","affectedVersions":"<=1.6.7.53","severity":"medium"},{"advisoryId":"WPSECADV/WF/1be557db-daa8-4d86-819a-462f29da884b/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be557db-daa8-4d86-819a-462f29da884b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be557db-daa8-4d86-819a-462f29da884b?source=api-prod","cve":"CVE-2025-1119","affectedVersions":"<=1.6.8.5","severity":"high"},{"advisoryId":"WPSECADV/WF/414173b9-d23e-4e44-bf8c-77a074bb09e9/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-13 20:36:07","sources":[{"name":"Wordfence","remoteId":"414173b9-d23e-4e44-bf8c-77a074bb09e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=api-prod","cve":"CVE-2025-4667","affectedVersions":"<=1.6.8.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.6.20 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce?source=api-prod","cve":"CVE-2024-22311","affectedVersions":"<=1.6.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/436ab843-7729-4d57-9c9e-2ede2f101ddb/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 13:33:55","sources":[{"name":"Wordfence","remoteId":"436ab843-7729-4d57-9c9e-2ede2f101ddb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/436ab843-7729-4d57-9c9e-2ede2f101ddb?source=api-prod","cve":"CVE-2026-4807","affectedVersions":"<=1.6.10.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/5214a399-21a4-4573-9840-1d5043781bc0/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-14 10:13:21","sources":[{"name":"Wordfence","remoteId":"5214a399-21a4-4573-9840-1d5043781bc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5214a399-21a4-4573-9840-1d5043781bc0?source=api-prod","cve":"CVE-2025-12166","affectedVersions":"<=1.6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/5970b8d6-0041-4c30-a6ce-fe67ebf415f5/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 19:14:03","sources":[{"name":"Wordfence","remoteId":"5970b8d6-0041-4c30-a6ce-fe67ebf415f5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5970b8d6-0041-4c30-a6ce-fe67ebf415f5?source=api-prod","cve":"CVE-2026-3045","affectedVersions":"<=1.6.9.29","severity":"high"},{"advisoryId":"WPSECADV/WF/67c7b9b2-e73f-47fe-aecc-14e998a607c8/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-18 22:37:27","sources":[{"name":"Wordfence","remoteId":"67c7b9b2-e73f-47fe-aecc-14e998a607c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67c7b9b2-e73f-47fe-aecc-14e998a607c8?source=api-prod","cve":"CVE-2026-3658","affectedVersions":"<=1.6.10.0","severity":"high"},{"advisoryId":"WPSECADV/WF/71642341-9fe0-44a9-88f3-70167dc6ca62/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 19:14:37","sources":[{"name":"Wordfence","remoteId":"71642341-9fe0-44a9-88f3-70167dc6ca62"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71642341-9fe0-44a9-88f3-70167dc6ca62?source=api-prod","cve":"CVE-2026-1708","affectedVersions":"<=1.6.9.27","severity":"high"},{"advisoryId":"WPSECADV/WF/71f059ba-1874-4e8a-80e9-3f7826f9341d/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"71f059ba-1874-4e8a-80e9-3f7826f9341d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71f059ba-1874-4e8a-80e9-3f7826f9341d?source=api-prod","cve":"CVE-2022-2374","affectedVersions":"<=1.5.7.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/775d4ba7-7198-493c-bae0-7f3f78741b90/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.5.27 - Authenticated(Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"775d4ba7-7198-493c-bae0-7f3f78741b90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/775d4ba7-7198-493c-bae0-7f3f78741b90?source=api-prod","cve":"CVE-2023-50851","affectedVersions":"<1.6.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7c69d0ec-d533-416b-9bc1-a3d5a871469a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.27 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c69d0ec-d533-416b-9bc1-a3d5a871469a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c69d0ec-d533-416b-9bc1-a3d5a871469a?source=api-prod","cve":"CVE-2026-39493","affectedVersions":"<=1.6.9.27","severity":"high"},{"advisoryId":"WPSECADV/WF/7e3ad5fd-e190-48c8-864f-11cc7342080a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.10.6 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e3ad5fd-e190-48c8-864f-11cc7342080a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3ad5fd-e190-48c8-864f-11cc7342080a?source=api-prod","cve":"CVE-2026-39447","affectedVersions":"<=1.6.10.6","severity":"high"},{"advisoryId":"WPSECADV/WF/84262b4a-a662-4aaf-9eae-f5cca8f6cd06/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"84262b4a-a662-4aaf-9eae-f5cca8f6cd06"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84262b4a-a662-4aaf-9eae-f5cca8f6cd06?source=api-prod","cve":"CVE-2024-4288","affectedVersions":"<=1.6.7.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/9614aaa9-d343-4fd4-8a40-7366cd961bd3/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.5.7.5 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9614aaa9-d343-4fd4-8a40-7366cd961bd3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9614aaa9-d343-4fd4-8a40-7366cd961bd3?source=api-prod","cve":"CVE-2022-2373","affectedVersions":"<=1.5.7.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5f3fbd2-6152-4a89-8fe9-982120d1a640/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 15:10:45","sources":[{"name":"Wordfence","remoteId":"a5f3fbd2-6152-4a89-8fe9-982120d1a640"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=api-prod","cve":"CVE-2025-11723","affectedVersions":"<=1.6.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ae66228e-d086-44fd-8acb-5a99482cedfb/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-26 13:07:06","sources":[{"name":"Wordfence","remoteId":"ae66228e-d086-44fd-8acb-5a99482cedfb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae66228e-d086-44fd-8acb-5a99482cedfb?source=api-prod","cve":"CVE-2026-7493","affectedVersions":"<=1.6.11.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b7f6436f-60b7-4b9b-a071-93a5b95a9075/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.27 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b7f6436f-60b7-4b9b-a071-93a5b95a9075"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b7f6436f-60b7-4b9b-a071-93a5b95a9075?source=api-prod","cve":"CVE-2026-39495","affectedVersions":"<=1.6.9.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb6f3607-d44f-452a-b3ad-55f036033480/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb6f3607-d44f-452a-b3ad-55f036033480"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6f3607-d44f-452a-b3ad-55f036033480?source=api-prod","cve":"CVE-2024-7129","affectedVersions":"<=1.6.7.42","severity":"high"},{"advisoryId":"WPSECADV/WF/c82f3864-13af-4ff6-824a-4c799a98f3f6/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 19:08:49","sources":[{"name":"Wordfence","remoteId":"c82f3864-13af-4ff6-824a-4c799a98f3f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c82f3864-13af-4ff6-824a-4c799a98f3f6?source=api-prod","cve":"CVE-2026-1704","affectedVersions":"<=1.6.9.29","severity":"medium"},{"advisoryId":"WPSECADV/WF/d48899b9-b3b3-45d7-b7e1-6a8560becb0b/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.11.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d48899b9-b3b3-45d7-b7e1-6a8560becb0b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d48899b9-b3b3-45d7-b7e1-6a8560becb0b?source=api-prod","cve":"CVE-2026-39694","affectedVersions":"<=1.6.11.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/db3bddbd-44b0-4105-9039-0d669d643481/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 18:30:22","sources":[{"name":"Wordfence","remoteId":"db3bddbd-44b0-4105-9039-0d669d643481"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db3bddbd-44b0-4105-9039-0d669d643481?source=api-prod","cve":"CVE-2026-7797","affectedVersions":"<=1.6.11.8","severity":"high"},{"advisoryId":"WPSECADV/WF/e4930b03-9142-464e-98ae-a910dfa46f2a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4930b03-9142-464e-98ae-a910dfa46f2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=api-prod","cve":"CVE-2024-2341","affectedVersions":"<=1.6.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/ef0f5f9d-788a-4cf8-9747-ada076a69a1f/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 19:43:02","sources":[{"name":"Wordfence","remoteId":"ef0f5f9d-788a-4cf8-9747-ada076a69a1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef0f5f9d-788a-4cf8-9747-ada076a69a1f?source=api-prod","cve":"CVE-2026-6937","affectedVersions":"<=1.6.11.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ef2e44ea-0049-4370-abd0-0b631e3d2d37/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ef2e44ea-0049-4370-abd0-0b631e3d2d37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef2e44ea-0049-4370-abd0-0b631e3d2d37?source=api-prod","cve":"CVE-2026-42384","affectedVersions":"<1.6.11.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 20:14:46","sources":[{"name":"Wordfence","remoteId":"f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=api-prod","cve":"CVE-2024-13431","affectedVersions":"<=1.6.8.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c0dd466-a78a-4b79-b9bd-5363f69d9a4c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=api-prod","cve":"CVE-2024-2342","affectedVersions":"<=1.6.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/0e170f98-692b-48f1-92b0-530cbe21440b/simply-schedule-appointments","title":"Appointment Booking Calendar <= - Authenticated (Admin+) Stored Cross-Site Scripting via Notification Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e170f98-692b-48f1-92b0-530cbe21440b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e170f98-692b-48f1-92b0-530cbe21440b?source=api-prod","cve":"CVE-2024-7877","affectedVersions":"<=1.6.7.53","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eb94259-5f24-49dd-bf4b-0c1dd996d9d4/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.15 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eb94259-5f24-49dd-bf4b-0c1dd996d9d4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb94259-5f24-49dd-bf4b-0c1dd996d9d4?source=api-prod","cve":"CVE-2025-69315","affectedVersions":"<=1.6.9.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"0eec9744-6dbd-42bd-b9c5-c9d792cecf4b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=api-prod","cve":"CVE-2024-1760","affectedVersions":"<=1.6.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/10d7a50c-41e9-41b7-a171-d72dbe08e7b7/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-18 18:13:50","sources":[{"name":"Wordfence","remoteId":"10d7a50c-41e9-41b7-a171-d72dbe08e7b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10d7a50c-41e9-41b7-a171-d72dbe08e7b7?source=api-prod","cve":"CVE-2025-13754","affectedVersions":"<=1.6.9.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/12817b77-17d0-418c-a9a1-87d0057da90e/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.12.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"12817b77-17d0-418c-a9a1-87d0057da90e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12817b77-17d0-418c-a9a1-87d0057da90e?source=api-prod","cve":"CVE-2026-57317","affectedVersions":"<=1.6.12.2","severity":"high"},{"advisoryId":"WPSECADV/WF/13d544ae-fbca-42d9-9d74-5e018092e097/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.7.53 - Authenticated (Admin+) Stored Cross-Site Scripting via Appointment Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"13d544ae-fbca-42d9-9d74-5e018092e097"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/13d544ae-fbca-42d9-9d74-5e018092e097?source=api-prod","cve":"CVE-2024-7876","affectedVersions":"<=1.6.7.53","severity":"medium"},{"advisoryId":"WPSECADV/WF/1be557db-daa8-4d86-819a-462f29da884b/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be557db-daa8-4d86-819a-462f29da884b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be557db-daa8-4d86-819a-462f29da884b?source=api-prod","cve":"CVE-2025-1119","affectedVersions":"<=1.6.8.5","severity":"high"},{"advisoryId":"WPSECADV/WF/414173b9-d23e-4e44-bf8c-77a074bb09e9/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-13 20:36:07","sources":[{"name":"Wordfence","remoteId":"414173b9-d23e-4e44-bf8c-77a074bb09e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=api-prod","cve":"CVE-2025-4667","affectedVersions":"<=1.6.8.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.6.20 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce?source=api-prod","cve":"CVE-2024-22311","affectedVersions":"<=1.6.6.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/436ab843-7729-4d57-9c9e-2ede2f101ddb/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-06 13:33:55","sources":[{"name":"Wordfence","remoteId":"436ab843-7729-4d57-9c9e-2ede2f101ddb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/436ab843-7729-4d57-9c9e-2ede2f101ddb?source=api-prod","cve":"CVE-2026-4807","affectedVersions":"<=1.6.10.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/5214a399-21a4-4573-9840-1d5043781bc0/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-14 10:13:21","sources":[{"name":"Wordfence","remoteId":"5214a399-21a4-4573-9840-1d5043781bc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5214a399-21a4-4573-9840-1d5043781bc0?source=api-prod","cve":"CVE-2025-12166","affectedVersions":"<=1.6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/5970b8d6-0041-4c30-a6ce-fe67ebf415f5/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 19:14:03","sources":[{"name":"Wordfence","remoteId":"5970b8d6-0041-4c30-a6ce-fe67ebf415f5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5970b8d6-0041-4c30-a6ce-fe67ebf415f5?source=api-prod","cve":"CVE-2026-3045","affectedVersions":"<=1.6.9.29","severity":"high"},{"advisoryId":"WPSECADV/WF/67c7b9b2-e73f-47fe-aecc-14e998a607c8/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-18 22:37:27","sources":[{"name":"Wordfence","remoteId":"67c7b9b2-e73f-47fe-aecc-14e998a607c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67c7b9b2-e73f-47fe-aecc-14e998a607c8?source=api-prod","cve":"CVE-2026-3658","affectedVersions":"<=1.6.10.0","severity":"high"},{"advisoryId":"WPSECADV/WF/71642341-9fe0-44a9-88f3-70167dc6ca62/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-10 19:14:37","sources":[{"name":"Wordfence","remoteId":"71642341-9fe0-44a9-88f3-70167dc6ca62"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71642341-9fe0-44a9-88f3-70167dc6ca62?source=api-prod","cve":"CVE-2026-1708","affectedVersions":"<=1.6.9.27","severity":"high"},{"advisoryId":"WPSECADV/WF/71f059ba-1874-4e8a-80e9-3f7826f9341d/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"71f059ba-1874-4e8a-80e9-3f7826f9341d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71f059ba-1874-4e8a-80e9-3f7826f9341d?source=api-prod","cve":"CVE-2022-2374","affectedVersions":"<=1.5.7.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/775d4ba7-7198-493c-bae0-7f3f78741b90/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.5.27 - Authenticated(Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"775d4ba7-7198-493c-bae0-7f3f78741b90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/775d4ba7-7198-493c-bae0-7f3f78741b90?source=api-prod","cve":"CVE-2023-50851","affectedVersions":"<1.6.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/7c69d0ec-d533-416b-9bc1-a3d5a871469a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.27 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"7c69d0ec-d533-416b-9bc1-a3d5a871469a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c69d0ec-d533-416b-9bc1-a3d5a871469a?source=api-prod","cve":"CVE-2026-39493","affectedVersions":"<=1.6.9.27","severity":"high"},{"advisoryId":"WPSECADV/WF/7e3ad5fd-e190-48c8-864f-11cc7342080a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.10.6 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e3ad5fd-e190-48c8-864f-11cc7342080a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3ad5fd-e190-48c8-864f-11cc7342080a?source=api-prod","cve":"CVE-2026-39447","affectedVersions":"<=1.6.10.6","severity":"high"},{"advisoryId":"WPSECADV/WF/84262b4a-a662-4aaf-9eae-f5cca8f6cd06/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"84262b4a-a662-4aaf-9eae-f5cca8f6cd06"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84262b4a-a662-4aaf-9eae-f5cca8f6cd06?source=api-prod","cve":"CVE-2024-4288","affectedVersions":"<=1.6.7.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/9614aaa9-d343-4fd4-8a40-7366cd961bd3/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.5.7.5 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9614aaa9-d343-4fd4-8a40-7366cd961bd3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9614aaa9-d343-4fd4-8a40-7366cd961bd3?source=api-prod","cve":"CVE-2022-2373","affectedVersions":"<=1.5.7.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5f3fbd2-6152-4a89-8fe9-982120d1a640/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 15:10:45","sources":[{"name":"Wordfence","remoteId":"a5f3fbd2-6152-4a89-8fe9-982120d1a640"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=api-prod","cve":"CVE-2025-11723","affectedVersions":"<=1.6.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ae66228e-d086-44fd-8acb-5a99482cedfb/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-26 13:07:06","sources":[{"name":"Wordfence","remoteId":"ae66228e-d086-44fd-8acb-5a99482cedfb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae66228e-d086-44fd-8acb-5a99482cedfb?source=api-prod","cve":"CVE-2026-7493","affectedVersions":"<=1.6.11.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b7f6436f-60b7-4b9b-a071-93a5b95a9075/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.9.27 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b7f6436f-60b7-4b9b-a071-93a5b95a9075"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b7f6436f-60b7-4b9b-a071-93a5b95a9075?source=api-prod","cve":"CVE-2026-39495","affectedVersions":"<=1.6.9.27","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb6f3607-d44f-452a-b3ad-55f036033480/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb6f3607-d44f-452a-b3ad-55f036033480"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6f3607-d44f-452a-b3ad-55f036033480?source=api-prod","cve":"CVE-2024-7129","affectedVersions":"<=1.6.7.42","severity":"high"},{"advisoryId":"WPSECADV/WF/c82f3864-13af-4ff6-824a-4c799a98f3f6/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 19:08:49","sources":[{"name":"Wordfence","remoteId":"c82f3864-13af-4ff6-824a-4c799a98f3f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c82f3864-13af-4ff6-824a-4c799a98f3f6?source=api-prod","cve":"CVE-2026-1704","affectedVersions":"<=1.6.9.29","severity":"medium"},{"advisoryId":"WPSECADV/WF/d48899b9-b3b3-45d7-b7e1-6a8560becb0b/simply-schedule-appointments","title":"Simply Schedule Appointments <= 1.6.11.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d48899b9-b3b3-45d7-b7e1-6a8560becb0b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d48899b9-b3b3-45d7-b7e1-6a8560becb0b?source=api-prod","cve":"CVE-2026-39694","affectedVersions":"<=1.6.11.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/db3bddbd-44b0-4105-9039-0d669d643481/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 18:30:22","sources":[{"name":"Wordfence","remoteId":"db3bddbd-44b0-4105-9039-0d669d643481"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db3bddbd-44b0-4105-9039-0d669d643481?source=api-prod","cve":"CVE-2026-7797","affectedVersions":"<=1.6.11.8","severity":"high"},{"advisoryId":"WPSECADV/WF/e4930b03-9142-464e-98ae-a910dfa46f2a/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4930b03-9142-464e-98ae-a910dfa46f2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=api-prod","cve":"CVE-2024-2341","affectedVersions":"<=1.6.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/ef0f5f9d-788a-4cf8-9747-ada076a69a1f/simply-schedule-appointments","title":"Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 19:43:02","sources":[{"name":"Wordfence","remoteId":"ef0f5f9d-788a-4cf8-9747-ada076a69a1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef0f5f9d-788a-4cf8-9747-ada076a69a1f?source=api-prod","cve":"CVE-2026-6937","affectedVersions":"<=1.6.11.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ef2e44ea-0049-4370-abd0-0b631e3d2d37/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ef2e44ea-0049-4370-abd0-0b631e3d2d37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef2e44ea-0049-4370-abd0-0b631e3d2d37?source=api-prod","cve":"CVE-2026-42384","affectedVersions":"<1.6.11.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4/simply-schedule-appointments","title":"Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-06 20:14:46","sources":[{"name":"Wordfence","remoteId":"f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=api-prod","cve":"CVE-2024-13431","affectedVersions":"<=1.6.8.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7369746567726f756e642d656d61696c2d6d61726b6574696e67811c9dc5_gen.json b/internal/data/assets/plugin_7369746567726f756e642d656d61696c2d6d61726b6574696e67811c9dc5_gen.json index ad8ff1b1..6dd372ef 100644 --- a/internal/data/assets/plugin_7369746567726f756e642d656d61696c2d6d61726b6574696e67811c9dc5_gen.json +++ b/internal/data/assets/plugin_7369746567726f756e642d656d61696c2d6d61726b6574696e67811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/64fe64aa-4f55-470d-960b-3b39a4912090/siteground-email-marketing","title":"SiteGround Email Marketing <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"64fe64aa-4f55-470d-960b-3b39a4912090"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64fe64aa-4f55-470d-960b-3b39a4912090?source=api-prod","cve":"CVE-2025-62912","affectedVersions":"<=1.7.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/64fe64aa-4f55-470d-960b-3b39a4912090/siteground-email-marketing","title":"SiteGround Email Marketing <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"64fe64aa-4f55-470d-960b-3b39a4912090"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64fe64aa-4f55-470d-960b-3b39a4912090?source=api-prod","cve":"CVE-2025-62912","affectedVersions":"<=1.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b29dbd24-6c63-46d8-b245-7194cab17624/siteground-email-marketing","title":"SiteGround Email Marketing <= 1.7.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"b29dbd24-6c63-46d8-b245-7194cab17624"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b29dbd24-6c63-46d8-b245-7194cab17624?source=api-prod","cve":"CVE-2026-24547","affectedVersions":"<=1.7.5","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_736c696d2d73656f811c9dc5_gen.json b/internal/data/assets/plugin_736c696d2d73656f811c9dc5_gen.json index e6bf3f88..82ebfd13 100644 --- a/internal/data/assets/plugin_736c696d2d73656f811c9dc5_gen.json +++ b/internal/data/assets/plugin_736c696d2d73656f811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0d1c85c3-2aa7-4b65-a771-a4571746bfc9/slim-seo","title":"Slim SEO <= 4.5.4 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d1c85c3-2aa7-4b65-a771-a4571746bfc9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d1c85c3-2aa7-4b65-a771-a4571746bfc9?source=api-prod","cve":"CVE-2025-49854","affectedVersions":"<=4.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6318a1cf-716f-450c-a1c2-497de8095daa/slim-seo","title":"Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-20 20:50:49","sources":[{"name":"Wordfence","remoteId":"6318a1cf-716f-450c-a1c2-497de8095daa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=api-prod","cve":"CVE-2025-4611","affectedVersions":"<=4.5.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0d1c85c3-2aa7-4b65-a771-a4571746bfc9/slim-seo","title":"Slim SEO <= 4.5.4 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d1c85c3-2aa7-4b65-a771-a4571746bfc9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d1c85c3-2aa7-4b65-a771-a4571746bfc9?source=api-prod","cve":"CVE-2025-49854","affectedVersions":"<=4.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/3a0b8c4d-44b4-4e94-a983-4feb73883386/slim-seo","title":"Slim SEO – A Fast & Automated SEO Plugin For WordPress <= 4.6.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"3a0b8c4d-44b4-4e94-a983-4feb73883386"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3a0b8c4d-44b4-4e94-a983-4feb73883386?source=api-prod","cve":"CVE-2026-57429","affectedVersions":"<=4.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6318a1cf-716f-450c-a1c2-497de8095daa/slim-seo","title":"Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-20 20:50:49","sources":[{"name":"Wordfence","remoteId":"6318a1cf-716f-450c-a1c2-497de8095daa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=api-prod","cve":"CVE-2025-4611","affectedVersions":"<=4.5.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_737562736372697074696f6e732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json b/internal/data/assets/plugin_737562736372697074696f6e732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json index 00e54210..b146e529 100644 --- a/internal/data/assets/plugin_737562736372697074696f6e732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json +++ b/internal/data/assets/plugin_737562736372697074696f6e732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/261d6d44-8e3b-4715-96c0-1c42d08662fa/subscriptions-for-woocommerce","title":"Subscriptions for WooCommerce <= 1.8.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"261d6d44-8e3b-4715-96c0-1c42d08662fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/261d6d44-8e3b-4715-96c0-1c42d08662fa?source=api-prod","cve":"CVE-2026-24372","affectedVersions":"<=1.8.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/eabfdf29-eca9-4e4b-b809-23a83f5a91ac/subscriptions-for-woocommerce","title":"Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-17 14:44:52","sources":[{"name":"Wordfence","remoteId":"eabfdf29-eca9-4e4b-b809-23a83f5a91ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eabfdf29-eca9-4e4b-b809-23a83f5a91ac?source=api-prod","cve":"CVE-2026-1926","affectedVersions":"<=1.9.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/261d6d44-8e3b-4715-96c0-1c42d08662fa/subscriptions-for-woocommerce","title":"Subscriptions for WooCommerce <= 1.8.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"261d6d44-8e3b-4715-96c0-1c42d08662fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/261d6d44-8e3b-4715-96c0-1c42d08662fa?source=api-prod","cve":"CVE-2026-24372","affectedVersions":"<=1.8.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/395692e0-b165-46a2-a15c-059e9f7d2ac2/subscriptions-for-woocommerce","title":"Subscriptions for WooCommerce <= 1.9.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"395692e0-b165-46a2-a15c-059e9f7d2ac2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/395692e0-b165-46a2-a15c-059e9f7d2ac2?source=api-prod","cve":"CVE-2026-56061","affectedVersions":"<=1.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/eabfdf29-eca9-4e4b-b809-23a83f5a91ac/subscriptions-for-woocommerce","title":"Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-17 14:44:52","sources":[{"name":"Wordfence","remoteId":"eabfdf29-eca9-4e4b-b809-23a83f5a91ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eabfdf29-eca9-4e4b-b809-23a83f5a91ac?source=api-prod","cve":"CVE-2026-1926","affectedVersions":"<=1.9.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7375726563617274811c9dc5_gen.json b/internal/data/assets/plugin_7375726563617274811c9dc5_gen.json index 8f698293..a3eea32b 100644 --- a/internal/data/assets/plugin_7375726563617274811c9dc5_gen.json +++ b/internal/data/assets/plugin_7375726563617274811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1c3a29ec-16f0-4fad-b188-7a683d123bb8/surecart","title":"SureCart <= 4.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c3a29ec-16f0-4fad-b188-7a683d123bb8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c3a29ec-16f0-4fad-b188-7a683d123bb8?source=api-prod","cve":"CVE-2026-39488","affectedVersions":"<=4.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/416c13ff-15ae-4ba4-8a95-7c07bec75c22/surecart","title":"SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"416c13ff-15ae-4ba4-8a95-7c07bec75c22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22?source=api-prod","cve":"CVE-2023-41241","affectedVersions":"<=2.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f2fdc9d-891e-49c6-9427-620772336854/surecart","title":"SureCart <= 2.29.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f2fdc9d-891e-49c6-9427-620772336854"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2fdc9d-891e-49c6-9427-620772336854?source=api-prod","cve":"CVE-2024-43970","affectedVersions":"<=2.29.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1c3a29ec-16f0-4fad-b188-7a683d123bb8/surecart","title":"SureCart <= 4.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"1c3a29ec-16f0-4fad-b188-7a683d123bb8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c3a29ec-16f0-4fad-b188-7a683d123bb8?source=api-prod","cve":"CVE-2026-39488","affectedVersions":"<=4.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a2b2a74-30d9-4e62-ab08-bbb2166e9a6b/surecart","title":"SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments <= 4.3.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a2b2a74-30d9-4e62-ab08-bbb2166e9a6b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a2b2a74-30d9-4e62-ab08-bbb2166e9a6b?source=api-prod","cve":"CVE-2026-57314","affectedVersions":"<=4.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/416c13ff-15ae-4ba4-8a95-7c07bec75c22/surecart","title":"SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"416c13ff-15ae-4ba4-8a95-7c07bec75c22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22?source=api-prod","cve":"CVE-2023-41241","affectedVersions":"<=2.5.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f2fdc9d-891e-49c6-9427-620772336854/surecart","title":"SureCart <= 2.29.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f2fdc9d-891e-49c6-9427-620772336854"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2fdc9d-891e-49c6-9427-620772336854?source=api-prod","cve":"CVE-2024-43970","affectedVersions":"<=2.29.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8e47a612-4921-4227-be86-54711bf61c43/surecart","title":"SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments <= 4.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8e47a612-4921-4227-be86-54711bf61c43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e47a612-4921-4227-be86-54711bf61c43?source=api-prod","cve":"CVE-2026-57313","affectedVersions":"<=4.2.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7461626c657072657373811c9dc5_gen.json b/internal/data/assets/plugin_7461626c657072657373811c9dc5_gen.json index 0252b33c..a8854b45 100644 --- a/internal/data/assets/plugin_7461626c657072657373811c9dc5_gen.json +++ b/internal/data/assets/plugin_7461626c657072657373811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/24d14261-e295-4397-bad0-7a4b69b06908/tablepress","title":"TablePress <= 1.14 - Authenticated (Author+) CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"24d14261-e295-4397-bad0-7a4b69b06908"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24d14261-e295-4397-bad0-7a4b69b06908?source=api-prod","cve":"CVE-2019-20180","affectedVersions":"<=1.14","severity":"high"},{"advisoryId":"WPSECADV/WF/2b24ae23-d055-4740-bd86-126d503fce1b/tablepress","title":"TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-29 16:24:26","sources":[{"name":"Wordfence","remoteId":"2b24ae23-d055-4740-bd86-126d503fce1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b24ae23-d055-4740-bd86-126d503fce1b?source=api-prod","cve":"CVE-2025-9500","affectedVersions":"<=3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c/tablepress","title":"PHPSpreadsheet Library < 2.3.0 - XXE Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod","cve":"CVE-2024-45293","affectedVersions":"<=2.4.2","severity":"high"},{"advisoryId":"WPSECADV/WF/4dbd8cac-9e4b-4353-9c62-9cabb60b927c/tablepress","title":"TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-03 14:02:33","sources":[{"name":"Wordfence","remoteId":"4dbd8cac-9e4b-4353-9c62-9cabb60b927c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbd8cac-9e4b-4353-9c62-9cabb60b927c?source=api-prod","cve":"CVE-2025-12324","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/tablepress","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":">=2.0,<=2.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/879384eb-bfea-4667-a7de-9f723dbea74b/tablepress","title":"TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"879384eb-bfea-4667-a7de-9f723dbea74b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/879384eb-bfea-4667-a7de-9f723dbea74b?source=api-prod","cve":"CVE-2024-4354","affectedVersions":"<=2.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8de52b68-c273-4561-98b0-e51afd6cd47b/tablepress","title":"TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"8de52b68-c273-4561-98b0-e51afd6cd47b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8de52b68-c273-4561-98b0-e51afd6cd47b?source=api-prod","cve":"CVE-2024-23825","affectedVersions":"<=2.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a/tablepress","title":"TablePress <= 1.8 - XML External Entity Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5fcbb61-5f22-4333-bdd9-7d843dd7e45a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a?source=api-prod","cve":"CVE-2017-10889","affectedVersions":"<=1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd2dfa02-0404-4300-a5ed-6326f9df6d30/tablepress","title":"TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-22 19:56:52","sources":[{"name":"Wordfence","remoteId":"cd2dfa02-0404-4300-a5ed-6326f9df6d30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd2dfa02-0404-4300-a5ed-6326f9df6d30?source=api-prod","cve":"CVE-2025-5096","affectedVersions":"<=3.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/tablepress","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=3.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e285849f-886e-49ba-bb43-8c67655fe239/tablepress","title":"TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"e285849f-886e-49ba-bb43-8c67655fe239"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e285849f-886e-49ba-bb43-8c67655fe239?source=api-prod","cve":"CVE-2025-2685","affectedVersions":"<=3.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffa3b85c-7d08-4f6a-889e-b75620f72a1a/tablepress","title":"TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-11 20:34:39","sources":[{"name":"Wordfence","remoteId":"ffa3b85c-7d08-4f6a-889e-b75620f72a1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=api-prod","cve":"CVE-2024-9595","affectedVersions":"<=2.4.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/24d14261-e295-4397-bad0-7a4b69b06908/tablepress","title":"TablePress <= 1.14 - Authenticated (Author+) CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"24d14261-e295-4397-bad0-7a4b69b06908"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24d14261-e295-4397-bad0-7a4b69b06908?source=api-prod","cve":"CVE-2019-20180","affectedVersions":"<=1.14","severity":"high"},{"advisoryId":"WPSECADV/WF/2b24ae23-d055-4740-bd86-126d503fce1b/tablepress","title":"TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-29 16:24:26","sources":[{"name":"Wordfence","remoteId":"2b24ae23-d055-4740-bd86-126d503fce1b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b24ae23-d055-4740-bd86-126d503fce1b?source=api-prod","cve":"CVE-2025-9500","affectedVersions":"<=3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c/tablepress","title":"PHPSpreadsheet Library < 2.3.0 - XXE Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod","cve":"CVE-2024-45293","affectedVersions":"<=2.4.2","severity":"high"},{"advisoryId":"WPSECADV/WF/4dbd8cac-9e4b-4353-9c62-9cabb60b927c/tablepress","title":"TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-03 14:02:33","sources":[{"name":"Wordfence","remoteId":"4dbd8cac-9e4b-4353-9c62-9cabb60b927c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbd8cac-9e4b-4353-9c62-9cabb60b927c?source=api-prod","cve":"CVE-2025-12324","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/tablepress","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":">=2.0,<=2.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/879384eb-bfea-4667-a7de-9f723dbea74b/tablepress","title":"TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"879384eb-bfea-4667-a7de-9f723dbea74b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/879384eb-bfea-4667-a7de-9f723dbea74b?source=api-prod","cve":"CVE-2024-4354","affectedVersions":"<=2.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8de52b68-c273-4561-98b0-e51afd6cd47b/tablepress","title":"TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"8de52b68-c273-4561-98b0-e51afd6cd47b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8de52b68-c273-4561-98b0-e51afd6cd47b?source=api-prod","cve":"CVE-2024-23825","affectedVersions":"<=2.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/c30aeafe-725b-47be-b49d-00f58b474c3a/tablepress","title":"TablePress – Tables in WordPress made easy <= 3.3.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"c30aeafe-725b-47be-b49d-00f58b474c3a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c30aeafe-725b-47be-b49d-00f58b474c3a?source=api-prod","cve":"CVE-2026-56051","affectedVersions":"<=3.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a/tablepress","title":"TablePress <= 1.8 - XML External Entity Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"c5fcbb61-5f22-4333-bdd9-7d843dd7e45a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a?source=api-prod","cve":"CVE-2017-10889","affectedVersions":"<=1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd2dfa02-0404-4300-a5ed-6326f9df6d30/tablepress","title":"TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-22 19:56:52","sources":[{"name":"Wordfence","remoteId":"cd2dfa02-0404-4300-a5ed-6326f9df6d30"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd2dfa02-0404-4300-a5ed-6326f9df6d30?source=api-prod","cve":"CVE-2025-5096","affectedVersions":"<=3.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/tablepress","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=3.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e285849f-886e-49ba-bb43-8c67655fe239/tablepress","title":"TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"e285849f-886e-49ba-bb43-8c67655fe239"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e285849f-886e-49ba-bb43-8c67655fe239?source=api-prod","cve":"CVE-2025-2685","affectedVersions":"<=3.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffa3b85c-7d08-4f6a-889e-b75620f72a1a/tablepress","title":"TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-11 20:34:39","sources":[{"name":"Wordfence","remoteId":"ffa3b85c-7d08-4f6a-889e-b75620f72a1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=api-prod","cve":"CVE-2024-9595","affectedVersions":"<=2.4.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7465616d2d73686f77636173652d73757072656d65811c9dc5_gen.json b/internal/data/assets/plugin_7465616d2d73686f77636173652d73757072656d65811c9dc5_gen.json index a546ca17..f3baf4b8 100644 --- a/internal/data/assets/plugin_7465616d2d73686f77636173652d73757072656d65811c9dc5_gen.json +++ b/internal/data/assets/plugin_7465616d2d73686f77636173652d73757072656d65811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/353d22c5-dee1-485f-ae66-e9c7afe3ad8e/team-showcase-supreme","title":"Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"353d22c5-dee1-485f-ae66-e9c7afe3ad8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/353d22c5-dee1-485f-ae66-e9c7afe3ad8e?source=api-prod","cve":"CVE-2023-23647","affectedVersions":"<=4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7633b5fb-e382-4d72-b23b-ce21f2d207cb/team-showcase-supreme","title":"Team Members – Multi Language Supported Team Plugin <= 8.5 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"7633b5fb-e382-4d72-b23b-ce21f2d207cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7633b5fb-e382-4d72-b23b-ce21f2d207cb?source=api-prod","cve":"CVE-2025-68060","affectedVersions":"<=8.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc5cd81b-3182-45fb-a93a-471ecf770e42/team-showcase-supreme","title":"Team Member <= 7.4 - Authenticated (Editor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc5cd81b-3182-45fb-a93a-471ecf770e42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5cd81b-3182-45fb-a93a-471ecf770e42?source=api-prod","cve":"CVE-2024-52385","affectedVersions":"<=7.4","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/353d22c5-dee1-485f-ae66-e9c7afe3ad8e/team-showcase-supreme","title":"Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"353d22c5-dee1-485f-ae66-e9c7afe3ad8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/353d22c5-dee1-485f-ae66-e9c7afe3ad8e?source=api-prod","cve":"CVE-2023-23647","affectedVersions":"<=4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7633b5fb-e382-4d72-b23b-ce21f2d207cb/team-showcase-supreme","title":"Team Members – Multi Language Supported Team Plugin <= 8.5 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"7633b5fb-e382-4d72-b23b-ce21f2d207cb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7633b5fb-e382-4d72-b23b-ce21f2d207cb?source=api-prod","cve":"CVE-2025-68060","affectedVersions":"<=8.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc5cd81b-3182-45fb-a93a-471ecf770e42/team-showcase-supreme","title":"Team Member <= 7.4 - Authenticated (Editor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc5cd81b-3182-45fb-a93a-471ecf770e42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5cd81b-3182-45fb-a93a-471ecf770e42?source=api-prod","cve":"CVE-2024-52385","affectedVersions":"<=7.4","severity":"high"},{"advisoryId":"WPSECADV/WF/ccf00ec5-b91a-47db-81e6-68f984b8f06b/team-showcase-supreme","title":"Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 14:28:14","sources":[{"name":"Wordfence","remoteId":"ccf00ec5-b91a-47db-81e6-68f984b8f06b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf00ec5-b91a-47db-81e6-68f984b8f06b?source=api-prod","cve":"CVE-2026-12114","affectedVersions":"<=8.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_74682d616476616e63652d70726f647563742d736561726368811c9dc5_gen.json b/internal/data/assets/plugin_74682d616476616e63652d70726f647563742d736561726368811c9dc5_gen.json index 42fd1f68..99eb7401 100644 --- a/internal/data/assets/plugin_74682d616476616e63652d70726f647563742d736561726368811c9dc5_gen.json +++ b/internal/data/assets/plugin_74682d616476616e63652d70726f647563742d736561726368811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/826a3fa2-ee41-4960-becb-0df8813a964a/th-advance-product-search","title":"Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"826a3fa2-ee41-4960-becb-0df8813a964a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-prod","cve":"CVE-2023-25969","affectedVersions":"<=1.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceb7d0a7-ea34-4c6f-a144-660debc74a9e/th-advance-product-search","title":"TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceb7d0a7-ea34-4c6f-a144-660debc74a9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb7d0a7-ea34-4c6f-a144-660debc74a9e?source=api-prod","cve":"CVE-2022-38057","affectedVersions":"<=1.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd/th-advance-product-search","title":"TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9989f22-d5a0-453a-86e8-dc45c7cdd5dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd?source=api-prod","cve":"CVE-2022-40218","affectedVersions":"<=1.1.4","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/7206b32a-3aaa-47c5-9489-11252a8434a3/th-advance-product-search","title":"Advance Product Search- Voice & Ajax Search for WooCommerce <= 1.4.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7206b32a-3aaa-47c5-9489-11252a8434a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7206b32a-3aaa-47c5-9489-11252a8434a3?source=api-prod","cve":"CVE-2026-56070","affectedVersions":"<=1.4.4","severity":"high"},{"advisoryId":"WPSECADV/WF/826a3fa2-ee41-4960-becb-0df8813a964a/th-advance-product-search","title":"Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"826a3fa2-ee41-4960-becb-0df8813a964a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-prod","cve":"CVE-2023-25969","affectedVersions":"<=1.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceb7d0a7-ea34-4c6f-a144-660debc74a9e/th-advance-product-search","title":"TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceb7d0a7-ea34-4c6f-a144-660debc74a9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb7d0a7-ea34-4c6f-a144-660debc74a9e?source=api-prod","cve":"CVE-2022-38057","affectedVersions":"<=1.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd/th-advance-product-search","title":"TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9989f22-d5a0-453a-86e8-dc45c7cdd5dd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd?source=api-prod","cve":"CVE-2022-40218","affectedVersions":"<=1.1.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_746f7572666963811c9dc5_gen.json b/internal/data/assets/plugin_746f7572666963811c9dc5_gen.json index fa7f6eb8..e2283476 100644 --- a/internal/data/assets/plugin_746f7572666963811c9dc5_gen.json +++ b/internal/data/assets/plugin_746f7572666963811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/07fa7b1a-9137-4049-a20a-8eb6df7ca578/tourfic","title":"Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"07fa7b1a-9137-4049-a20a-8eb6df7ca578"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07fa7b1a-9137-4049-a20a-8eb6df7ca578?source=api-prod","cve":"CVE-2024-8319","affectedVersions":"<=2.11.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/12c29a44-f9e4-439a-bc3f-18a3640f7924/tourfic","title":"Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 18:36:44","sources":[{"name":"Wordfence","remoteId":"12c29a44-f9e4-439a-bc3f-18a3640f7924"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12c29a44-f9e4-439a-bc3f-18a3640f7924?source=api-prod","cve":"CVE-2026-12937","affectedVersions":"<=2.22.7","severity":"high"},{"advisoryId":"WPSECADV/WF/32d4c259-b56d-4f8f-84b8-7ef451fd02ad/tourfic","title":"Tourfic <= 2.11.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"32d4c259-b56d-4f8f-84b8-7ef451fd02ad"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32d4c259-b56d-4f8f-84b8-7ef451fd02ad?source=api-prod","cve":"CVE-2024-29137","affectedVersions":"<=2.11.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b/tourfic","title":"Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b?source=api-prod","cve":"CVE-2024-12032","affectedVersions":"<=2.15.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf/tourfic","title":"Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"6973c8e0-d14b-4945-be1c-b7c8b44a4bcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf?source=api-prod","cve":"CVE-2024-29136","affectedVersions":"<=2.11.17","severity":"high"},{"advisoryId":"WPSECADV/WF/6ffccb84-faee-4a47-ab49-dbbb4858a6a5/tourfic","title":"Tourfic <= 2.21.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ffccb84-faee-4a47-ab49-dbbb4858a6a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffccb84-faee-4a47-ab49-dbbb4858a6a5?source=api-prod","cve":"CVE-2026-39543","affectedVersions":"<=2.21.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ae39fac4-6b65-42a6-bd34-c364922ef675/tourfic","title":"Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"ae39fac4-6b65-42a6-bd34-c364922ef675"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae39fac4-6b65-42a6-bd34-c364922ef675?source=api-prod","cve":"CVE-2024-29135","affectedVersions":"<=2.11.15","severity":"high"},{"advisoryId":"WPSECADV/WF/b258fa40-4e76-4c84-b32f-e6c46fee770a/tourfic","title":"Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"b258fa40-4e76-4c84-b32f-e6c46fee770a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b258fa40-4e76-4c84-b32f-e6c46fee770a?source=api-prod","cve":"CVE-2024-29134","affectedVersions":"<=2.11.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/c12c7f08-5132-4209-ae4e-fb67bf885e57/tourfic","title":"Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"c12c7f08-5132-4209-ae4e-fb67bf885e57"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c12c7f08-5132-4209-ae4e-fb67bf885e57?source=api-prod","cve":"CVE-2024-8860","affectedVersions":"<=2.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec2c0542-b5ae-4595-b712-ddcd27d21183/tourfic","title":"Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec2c0542-b5ae-4595-b712-ddcd27d21183"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2c0542-b5ae-4595-b712-ddcd27d21183?source=api-prod","cve":"CVE-2025-24650","affectedVersions":"<=2.15.3","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/07fa7b1a-9137-4049-a20a-8eb6df7ca578/tourfic","title":"Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"07fa7b1a-9137-4049-a20a-8eb6df7ca578"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07fa7b1a-9137-4049-a20a-8eb6df7ca578?source=api-prod","cve":"CVE-2024-8319","affectedVersions":"<=2.11.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/12c29a44-f9e4-439a-bc3f-18a3640f7924/tourfic","title":"Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 18:36:44","sources":[{"name":"Wordfence","remoteId":"12c29a44-f9e4-439a-bc3f-18a3640f7924"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12c29a44-f9e4-439a-bc3f-18a3640f7924?source=api-prod","cve":"CVE-2026-12937","affectedVersions":"<=2.22.7","severity":"high"},{"advisoryId":"WPSECADV/WF/32d4c259-b56d-4f8f-84b8-7ef451fd02ad/tourfic","title":"Tourfic <= 2.11.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"32d4c259-b56d-4f8f-84b8-7ef451fd02ad"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32d4c259-b56d-4f8f-84b8-7ef451fd02ad?source=api-prod","cve":"CVE-2024-29137","affectedVersions":"<=2.11.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b/tourfic","title":"Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b?source=api-prod","cve":"CVE-2024-12032","affectedVersions":"<=2.15.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf/tourfic","title":"Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"6973c8e0-d14b-4945-be1c-b7c8b44a4bcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf?source=api-prod","cve":"CVE-2024-29136","affectedVersions":"<=2.11.17","severity":"high"},{"advisoryId":"WPSECADV/WF/6ffccb84-faee-4a47-ab49-dbbb4858a6a5/tourfic","title":"Tourfic <= 2.21.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ffccb84-faee-4a47-ab49-dbbb4858a6a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffccb84-faee-4a47-ab49-dbbb4858a6a5?source=api-prod","cve":"CVE-2026-39543","affectedVersions":"<=2.21.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ae39fac4-6b65-42a6-bd34-c364922ef675/tourfic","title":"Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"ae39fac4-6b65-42a6-bd34-c364922ef675"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae39fac4-6b65-42a6-bd34-c364922ef675?source=api-prod","cve":"CVE-2024-29135","affectedVersions":"<=2.11.15","severity":"high"},{"advisoryId":"WPSECADV/WF/b258fa40-4e76-4c84-b32f-e6c46fee770a/tourfic","title":"Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"b258fa40-4e76-4c84-b32f-e6c46fee770a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b258fa40-4e76-4c84-b32f-e6c46fee770a?source=api-prod","cve":"CVE-2024-29134","affectedVersions":"<=2.11.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/c12c7f08-5132-4209-ae4e-fb67bf885e57/tourfic","title":"Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"c12c7f08-5132-4209-ae4e-fb67bf885e57"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c12c7f08-5132-4209-ae4e-fb67bf885e57?source=api-prod","cve":"CVE-2024-8860","affectedVersions":"<=2.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7f17136-d285-4ecf-990f-66af04b5bcf9/tourfic","title":"Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin <= 2.22.5 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7f17136-d285-4ecf-990f-66af04b5bcf9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7f17136-d285-4ecf-990f-66af04b5bcf9?source=api-prod","cve":"CVE-2026-56064","affectedVersions":"<=2.22.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec2c0542-b5ae-4595-b712-ddcd27d21183/tourfic","title":"Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec2c0542-b5ae-4595-b712-ddcd27d21183"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2c0542-b5ae-4595-b712-ddcd27d21183?source=api-prod","cve":"CVE-2025-24650","affectedVersions":"<=2.15.3","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_756e63616e6e792d6175746f6d61746f72811c9dc5_gen.json b/internal/data/assets/plugin_756e63616e6e792d6175746f6d61746f72811c9dc5_gen.json index 19b3fa17..22e3dde1 100644 --- a/internal/data/assets/plugin_756e63616e6e792d6175746f6d61746f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_756e63616e6e792d6175746f6d61746f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/00bcfd8f-9785-449a-a0ea-16e2583d684a/uncanny-automator","title":"Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-13 14:20:55","sources":[{"name":"Wordfence","remoteId":"00bcfd8f-9785-449a-a0ea-16e2583d684a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00bcfd8f-9785-449a-a0ea-16e2583d684a?source=api-prod","cve":"CVE-2025-3623","affectedVersions":"<=6.4.0.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/068c7475-87b7-4c60-ad6b-c4d311075ff7/uncanny-automator","title":"Uncanny Automator < 6.10.0 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"068c7475-87b7-4c60-ad6b-c4d311075ff7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/068c7475-87b7-4c60-ad6b-c4d311075ff7?source=api-prod","cve":"CVE-2025-66056","affectedVersions":"<6.10.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/29eeac86-6b33-49e6-a7e1-c80dee383d6f/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"29eeac86-6b33-49e6-a7e1-c80dee383d6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=api-prod","cve":"CVE-2024-13838","affectedVersions":"<=6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/41c54e1b-69b9-4594-8f1e-7ef17f120791/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-22 16:30:45","sources":[{"name":"Wordfence","remoteId":"41c54e1b-69b9-4594-8f1e-7ef17f120791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41c54e1b-69b9-4594-8f1e-7ef17f120791?source=api-prod","cve":"CVE-2025-15522","affectedVersions":"<=6.10.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5098e74a-9a99-48b3-9f44-b780bfdeb24e/uncanny-automator","title":"Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5098e74a-9a99-48b3-9f44-b780bfdeb24e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5098e74a-9a99-48b3-9f44-b780bfdeb24e?source=api-prod","cve":"CVE-2023-52151","affectedVersions":"<=5.1.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/565d3b4c-d810-41d5-b1ac-ec3363bcd6f3/uncanny-automator","title":"Uncanny Automator <= 6.7.0.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"565d3b4c-d810-41d5-b1ac-ec3363bcd6f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/565d3b4c-d810-41d5-b1ac-ec3363bcd6f3?source=api-prod","cve":"CVE-2025-58193","affectedVersions":"<=6.7.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/80848de3-a772-4078-aa04-29e1d6e3ff73/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 12:35:59","sources":[{"name":"Wordfence","remoteId":"80848de3-a772-4078-aa04-29e1d6e3ff73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80848de3-a772-4078-aa04-29e1d6e3ff73?source=api-prod","cve":"CVE-2026-2269","affectedVersions":"<=7.0.0.3","severity":"high"},{"advisoryId":"WPSECADV/WF/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6/uncanny-automator","title":"Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-03 16:02:29","sources":[{"name":"Wordfence","remoteId":"86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=api-prod","cve":"CVE-2025-2075","affectedVersions":"<=6.3.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/bd0d8661-4725-41dd-88ce-8e94e285d5b8/uncanny-automator","title":"Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bd0d8661-4725-41dd-88ce-8e94e285d5b8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bd0d8661-4725-41dd-88ce-8e94e285d5b8?source=api-prod","affectedVersions":"<4.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/db5b5fa1-67b5-4103-93b0-682200199a71/uncanny-automator","title":"Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"db5b5fa1-67b5-4103-93b0-682200199a71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db5b5fa1-67b5-4103-93b0-682200199a71?source=api-prod","cve":"CVE-2025-4520","affectedVersions":"<=6.4.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9661fa8-1c69-433b-8e18-039000e7d6e7/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.4.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9661fa8-1c69-433b-8e18-039000e7d6e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9661fa8-1c69-433b-8e18-039000e7d6e7?source=api-prod","cve":"CVE-2025-48133","affectedVersions":"<=6.4.0.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/00bcfd8f-9785-449a-a0ea-16e2583d684a/uncanny-automator","title":"Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-13 14:20:55","sources":[{"name":"Wordfence","remoteId":"00bcfd8f-9785-449a-a0ea-16e2583d684a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00bcfd8f-9785-449a-a0ea-16e2583d684a?source=api-prod","cve":"CVE-2025-3623","affectedVersions":"<=6.4.0.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/068c7475-87b7-4c60-ad6b-c4d311075ff7/uncanny-automator","title":"Uncanny Automator < 6.10.0 - Authenticated (Subscriber+) Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"068c7475-87b7-4c60-ad6b-c4d311075ff7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/068c7475-87b7-4c60-ad6b-c4d311075ff7?source=api-prod","cve":"CVE-2025-66056","affectedVersions":"<6.10.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/29eeac86-6b33-49e6-a7e1-c80dee383d6f/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"29eeac86-6b33-49e6-a7e1-c80dee383d6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=api-prod","cve":"CVE-2024-13838","affectedVersions":"<=6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/41c54e1b-69b9-4594-8f1e-7ef17f120791/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-22 16:30:45","sources":[{"name":"Wordfence","remoteId":"41c54e1b-69b9-4594-8f1e-7ef17f120791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41c54e1b-69b9-4594-8f1e-7ef17f120791?source=api-prod","cve":"CVE-2025-15522","affectedVersions":"<=6.10.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5098e74a-9a99-48b3-9f44-b780bfdeb24e/uncanny-automator","title":"Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5098e74a-9a99-48b3-9f44-b780bfdeb24e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5098e74a-9a99-48b3-9f44-b780bfdeb24e?source=api-prod","cve":"CVE-2023-52151","affectedVersions":"<=5.1.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/565d3b4c-d810-41d5-b1ac-ec3363bcd6f3/uncanny-automator","title":"Uncanny Automator <= 6.7.0.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"565d3b4c-d810-41d5-b1ac-ec3363bcd6f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/565d3b4c-d810-41d5-b1ac-ec3363bcd6f3?source=api-prod","cve":"CVE-2025-58193","affectedVersions":"<=6.7.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/80848de3-a772-4078-aa04-29e1d6e3ff73/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 12:35:59","sources":[{"name":"Wordfence","remoteId":"80848de3-a772-4078-aa04-29e1d6e3ff73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80848de3-a772-4078-aa04-29e1d6e3ff73?source=api-prod","cve":"CVE-2026-2269","affectedVersions":"<=7.0.0.3","severity":"high"},{"advisoryId":"WPSECADV/WF/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6/uncanny-automator","title":"Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-03 16:02:29","sources":[{"name":"Wordfence","remoteId":"86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=api-prod","cve":"CVE-2025-2075","affectedVersions":"<=6.3.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/bd0d8661-4725-41dd-88ce-8e94e285d5b8/uncanny-automator","title":"Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bd0d8661-4725-41dd-88ce-8e94e285d5b8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bd0d8661-4725-41dd-88ce-8e94e285d5b8?source=api-prod","affectedVersions":"<4.15","severity":"medium"},{"advisoryId":"WPSECADV/WF/db5b5fa1-67b5-4103-93b0-682200199a71/uncanny-automator","title":"Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"db5b5fa1-67b5-4103-93b0-682200199a71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db5b5fa1-67b5-4103-93b0-682200199a71?source=api-prod","cve":"CVE-2025-4520","affectedVersions":"<=6.4.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/ddcd86ba-97c2-4ce1-8721-210039338028/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.3.1.2 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"ddcd86ba-97c2-4ce1-8721-210039338028"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddcd86ba-97c2-4ce1-8721-210039338028?source=api-prod","cve":"CVE-2026-56031","affectedVersions":"<=7.3.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/f9661fa8-1c69-433b-8e18-039000e7d6e7/uncanny-automator","title":"Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.4.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9661fa8-1c69-433b-8e18-039000e7d6e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9661fa8-1c69-433b-8e18-039000e7d6e7?source=api-prod","cve":"CVE-2025-48133","affectedVersions":"<=6.4.0.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_757365722d726567697374726174696f6e811c9dc5_gen.json b/internal/data/assets/plugin_757365722d726567697374726174696f6e811c9dc5_gen.json index 88faf716..60e8966b 100644 --- a/internal/data/assets/plugin_757365722d726567697374726174696f6e811c9dc5_gen.json +++ b/internal/data/assets/plugin_757365722d726567697374726174696f6e811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/020bed37-9544-49b7-941d-3b7f509fdfdf/user-registration","title":"User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 09:51:38","sources":[{"name":"Wordfence","remoteId":"020bed37-9544-49b7-941d-3b7f509fdfdf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=api-prod","cve":"CVE-2026-6203","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/07c79459-66b8-4c93-a1cd-6e3ede95643f/user-registration","title":"User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 23:11:46","sources":[{"name":"Wordfence","remoteId":"07c79459-66b8-4c93-a1cd-6e3ede95643f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07c79459-66b8-4c93-a1cd-6e3ede95643f?source=api-prod","cve":"CVE-2026-1865","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/0def7637-edf4-4ae2-a2e7-31ccb3b52d71/user-registration","title":"User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0def7637-edf4-4ae2-a2e7-31ccb3b52d71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0def7637-edf4-4ae2-a2e7-31ccb3b52d71?source=api-prod","cve":"CVE-2026-7651","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e0bee7c-8dce-421c-af16-7e5152797e6c/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 16:48:16","sources":[{"name":"Wordfence","remoteId":"0e0bee7c-8dce-421c-af16-7e5152797e6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0bee7c-8dce-421c-af16-7e5152797e6c?source=api-prod","cve":"CVE-2025-1511","affectedVersions":"<=4.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4/user-registration","title":"User Registration – Custom Registration Form, Login Form And User Profile For WordPress <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4?source=api-prod","cve":"CVE-2023-5228","affectedVersions":"<=3.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2244945a-5b3a-463d-9910-46a6f7afaf6c/user-registration","title":"User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-15 02:13:58","sources":[{"name":"Wordfence","remoteId":"2244945a-5b3a-463d-9910-46a6f7afaf6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2244945a-5b3a-463d-9910-46a6f7afaf6c?source=api-prod","cve":"CVE-2025-13367","affectedVersions":"<=4.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/26529849-c52c-40e5-8085-6764c22a03e7/user-registration","title":"User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"26529849-c52c-40e5-8085-6764c22a03e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26529849-c52c-40e5-8085-6764c22a03e7?source=api-prod","cve":"CVE-2023-23987","affectedVersions":"<=2.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=api-prod","cve":"CVE-2025-3281","affectedVersions":"<=4.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3590277a-3319-4707-b728-d75ea59e8ad9/user-registration","title":"User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"3590277a-3319-4707-b728-d75ea59e8ad9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3590277a-3319-4707-b728-d75ea59e8ad9?source=api-prod","cve":"CVE-2023-3343","affectedVersions":"<=3.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/37e1a755-7c17-4cb4-acca-9f26238230f3/user-registration","title":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 4.4.9 - Unauthenticated Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"37e1a755-7c17-4cb4-acca-9f26238230f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37e1a755-7c17-4cb4-acca-9f26238230f3?source=api-prod","cve":"CVE-2026-32488","affectedVersions":"<=4.4.9","severity":"critical"},{"advisoryId":"WPSECADV/WF/4609e1a8-c766-4054-a5d0-eabff1089300/user-registration","title":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 5.1.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"4609e1a8-c766-4054-a5d0-eabff1089300"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4609e1a8-c766-4054-a5d0-eabff1089300?source=api-prod","cve":"CVE-2026-25425","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/50f3e469-f788-45da-95e7-aa6da1e87fd1/user-registration","title":"User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-21 12:46:27","sources":[{"name":"Wordfence","remoteId":"50f3e469-f788-45da-95e7-aa6da1e87fd1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/50f3e469-f788-45da-95e7-aa6da1e87fd1?source=api-prod","cve":"CVE-2025-6831","affectedVersions":"<=4.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5835fed0-5b9d-47b5-82ae-f0f19830ae2a/user-registration","title":"User Registration <= 2.3.2.1 - PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5835fed0-5b9d-47b5-82ae-f0f19830ae2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5835fed0-5b9d-47b5-82ae-f0f19830ae2a?source=api-prod","cve":"CVE-2023-27459","affectedVersions":"<=2.3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 17:44:06","sources":[{"name":"Wordfence","remoteId":"59a63cd8-9d33-4a2c-a499-5b1ee38c07d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=api-prod","cve":"CVE-2025-3292","affectedVersions":"<=4.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6193139b-52bf-425c-b1d3-c6fbd9185f06/user-registration","title":"User Registration <= 4.4.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6193139b-52bf-425c-b1d3-c6fbd9185f06"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6193139b-52bf-425c-b1d3-c6fbd9185f06?source=api-prod","cve":"CVE-2025-67956","affectedVersions":"<=4.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/62b809dc-4089-4822-8aeb-7049fcfe376e/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"62b809dc-4089-4822-8aeb-7049fcfe376e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=api-prod","cve":"CVE-2024-1720","affectedVersions":"<=3.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/710574a8-a6e2-4ee6-9ea7-03a34994fec7/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-31 18:57:59","sources":[{"name":"Wordfence","remoteId":"710574a8-a6e2-4ee6-9ea7-03a34994fec7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=api-prod","cve":"CVE-2024-4958","affectedVersions":"<=3.2.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/761a4801-fc4a-40a0-b5aa-303d88a87062/user-registration","title":"User Registration <= 1.5.5 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"761a4801-fc4a-40a0-b5aa-303d88a87062"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/761a4801-fc4a-40a0-b5aa-303d88a87062?source=api-prod","affectedVersions":"<=1.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bb5a5a2-9644-4850-a5f9-7c925af000c8/user-registration","title":"User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 11:24:15","sources":[{"name":"Wordfence","remoteId":"7bb5a5a2-9644-4850-a5f9-7c925af000c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb5a5a2-9644-4850-a5f9-7c925af000c8?source=api-prod","cve":"CVE-2026-4056","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e9fec92-f471-4ce9-9138-1c58ad658da2/user-registration","title":"User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 16:05:18","sources":[{"name":"Wordfence","remoteId":"7e9fec92-f471-4ce9-9138-1c58ad658da2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9fec92-f471-4ce9-9138-1c58ad658da2?source=api-prod","cve":"CVE-2026-1492","affectedVersions":"<=5.1.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/864a3444-0479-4b9f-beca-584a4a9b8682/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"864a3444-0479-4b9f-beca-584a4a9b8682"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/864a3444-0479-4b9f-beca-584a4a9b8682?source=api-prod","cve":"CVE-2024-3295","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/98345631-45df-419b-aada-b7053a31b68c/user-registration","title":"User Registration <= 4.1.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"98345631-45df-419b-aada-b7053a31b68c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98345631-45df-419b-aada-b7053a31b68c?source=api-prod","cve":"CVE-2025-39400","affectedVersions":"<=4.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bf5b60b-5a4f-4227-97ac-a952019f46d9/user-registration","title":"User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 19:44:32","sources":[{"name":"Wordfence","remoteId":"9bf5b60b-5a4f-4227-97ac-a952019f46d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf5b60b-5a4f-4227-97ac-a952019f46d9?source=api-prod","cve":"CVE-2026-1869","affectedVersions":"<=5.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4149783-ffa3-4efd-af55-5aa1c0e44443/user-registration","title":"User Registration & Membership <= 4.1.2 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4149783-ffa3-4efd-af55-5aa1c0e44443"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4149783-ffa3-4efd-af55-5aa1c0e44443?source=api-prod","cve":"CVE-2025-2594","affectedVersions":"<=4.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/a5a1ccb2-4f78-4855-a01d-b15f73407822/user-registration","title":"User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 13:29:35","sources":[{"name":"Wordfence","remoteId":"a5a1ccb2-4f78-4855-a01d-b15f73407822"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a1ccb2-4f78-4855-a01d-b15f73407822?source=api-prod","cve":"CVE-2026-2356","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a671128a-74e6-4f92-94af-9e5e37ed7b7a/user-registration","title":"User Registration <= 2.3.2.1 - Missing Authorization via send_test_email\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"a671128a-74e6-4f92-94af-9e5e37ed7b7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a671128a-74e6-4f92-94af-9e5e37ed7b7a?source=api-prod","cve":"CVE-2023-29429","affectedVersions":"<=2.3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a979e885-f7dd-4616-a881-64f3d97c309d/user-registration","title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"a979e885-f7dd-4616-a881-64f3d97c309d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=api-prod","cve":"CVE-2023-3342","affectedVersions":"<=3.0.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/b6b349f2-24c9-4921-bb5f-a7726ebc5c2a/user-registration","title":"User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-13 19:52:48","sources":[{"name":"Wordfence","remoteId":"b6b349f2-24c9-4921-bb5f-a7726ebc5c2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6b349f2-24c9-4921-bb5f-a7726ebc5c2a?source=api-prod","cve":"CVE-2026-6145","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ba326241-46a3-4891-a180-d7977f4e83ed/user-registration","title":"User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"ba326241-46a3-4891-a180-d7977f4e83ed"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ba326241-46a3-4891-a180-d7977f4e83ed?source=api-prod","cve":"CVE-2025-9085","affectedVersions":"<=4.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c07ea205-5a05-43f5-993e-c6e30f660ac8/user-registration","title":"User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"c07ea205-5a05-43f5-993e-c6e30f660ac8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c07ea205-5a05-43f5-993e-c6e30f660ac8?source=api-prod","cve":"CVE-2022-3912","affectedVersions":"<=2.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/c525b41c-dca5-442a-927e-4583cb303ed1/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"c525b41c-dca5-442a-927e-4583cb303ed1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c525b41c-dca5-442a-927e-4583cb303ed1?source=api-prod","cve":"CVE-2025-3282","affectedVersions":"<=4.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c8798fb2-4cab-4960-9e32-fd74bb4a5091/user-registration","title":"User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 19:57:08","sources":[{"name":"Wordfence","remoteId":"c8798fb2-4cab-4960-9e32-fd74bb4a5091"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c8798fb2-4cab-4960-9e32-fd74bb4a5091?source=api-prod","cve":"CVE-2026-3601","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd4c2c11-2d73-48b4-8e7e-e281451973a2/user-registration","title":"User Registration <= 4.4.9 - Authenticated (Subscriber+) Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd4c2c11-2d73-48b4-8e7e-e281451973a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4c2c11-2d73-48b4-8e7e-e281451973a2?source=api-prod","cve":"CVE-2026-24353","affectedVersions":"<=4.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/d03459d8-b1f2-4270-a294-403754db1f2f/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"d03459d8-b1f2-4270-a294-403754db1f2f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d03459d8-b1f2-4270-a294-403754db1f2f?source=api-prod","cve":"CVE-2024-2417","affectedVersions":"<=3.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/d99bc021-ba9e-4294-8dd2-c25bc8007d05/user-registration","title":"User Registration & Membership <= 5.1.2 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 13:29:34","sources":[{"name":"Wordfence","remoteId":"d99bc021-ba9e-4294-8dd2-c25bc8007d05"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=api-prod","cve":"CVE-2026-1779","affectedVersions":"<=5.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e15441f3-3ffe-4466-9119-e5354fd1c1c4/user-registration","title":"User Registration <= 5.1.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"e15441f3-3ffe-4466-9119-e5354fd1c1c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e15441f3-3ffe-4466-9119-e5354fd1c1c4?source=api-prod","cve":"CVE-2026-42652","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5495b4c-a1ac-4860-83a7-686d9436d983/user-registration","title":"User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 20:16:56","sources":[{"name":"Wordfence","remoteId":"e5495b4c-a1ac-4860-83a7-686d9436d983"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=api-prod","cve":"CVE-2025-14976","affectedVersions":"<=4.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ea59d04e-b332-49f8-bf3f-6e0cda3be712/user-registration","title":"User Registration <= 4.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ea59d04e-b332-49f8-bf3f-6e0cda3be712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea59d04e-b332-49f8-bf3f-6e0cda3be712?source=api-prod","cve":"CVE-2025-30899","affectedVersions":"<=4.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a/user-registration","title":"User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a?source=api-prod","cve":"CVE-2025-2563","affectedVersions":"<=4.1.1","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/020bed37-9544-49b7-941d-3b7f509fdfdf/user-registration","title":"User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 09:51:38","sources":[{"name":"Wordfence","remoteId":"020bed37-9544-49b7-941d-3b7f509fdfdf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=api-prod","cve":"CVE-2026-6203","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/07c79459-66b8-4c93-a1cd-6e3ede95643f/user-registration","title":"User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 23:11:46","sources":[{"name":"Wordfence","remoteId":"07c79459-66b8-4c93-a1cd-6e3ede95643f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07c79459-66b8-4c93-a1cd-6e3ede95643f?source=api-prod","cve":"CVE-2026-1865","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/0def7637-edf4-4ae2-a2e7-31ccb3b52d71/user-registration","title":"User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0def7637-edf4-4ae2-a2e7-31ccb3b52d71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0def7637-edf4-4ae2-a2e7-31ccb3b52d71?source=api-prod","cve":"CVE-2026-7651","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e0bee7c-8dce-421c-af16-7e5152797e6c/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 16:48:16","sources":[{"name":"Wordfence","remoteId":"0e0bee7c-8dce-421c-af16-7e5152797e6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0bee7c-8dce-421c-af16-7e5152797e6c?source=api-prod","cve":"CVE-2025-1511","affectedVersions":"<=4.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4/user-registration","title":"User Registration – Custom Registration Form, Login Form And User Profile For WordPress <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4?source=api-prod","cve":"CVE-2023-5228","affectedVersions":"<=3.0.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2244945a-5b3a-463d-9910-46a6f7afaf6c/user-registration","title":"User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-15 02:13:58","sources":[{"name":"Wordfence","remoteId":"2244945a-5b3a-463d-9910-46a6f7afaf6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2244945a-5b3a-463d-9910-46a6f7afaf6c?source=api-prod","cve":"CVE-2025-13367","affectedVersions":"<=4.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/248e8bb0-a9d4-4bc8-90bf-d568f15b7d34/user-registration","title":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 5.2.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"248e8bb0-a9d4-4bc8-90bf-d568f15b7d34"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/248e8bb0-a9d4-4bc8-90bf-d568f15b7d34?source=api-prod","cve":"CVE-2026-52701","affectedVersions":"<=5.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/26529849-c52c-40e5-8085-6764c22a03e7/user-registration","title":"User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"26529849-c52c-40e5-8085-6764c22a03e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26529849-c52c-40e5-8085-6764c22a03e7?source=api-prod","cve":"CVE-2023-23987","affectedVersions":"<=2.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=api-prod","cve":"CVE-2025-3281","affectedVersions":"<=4.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/3590277a-3319-4707-b728-d75ea59e8ad9/user-registration","title":"User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"3590277a-3319-4707-b728-d75ea59e8ad9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3590277a-3319-4707-b728-d75ea59e8ad9?source=api-prod","cve":"CVE-2023-3343","affectedVersions":"<=3.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/37e1a755-7c17-4cb4-acca-9f26238230f3/user-registration","title":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 4.4.9 - Unauthenticated Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"37e1a755-7c17-4cb4-acca-9f26238230f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37e1a755-7c17-4cb4-acca-9f26238230f3?source=api-prod","cve":"CVE-2026-32488","affectedVersions":"<=4.4.9","severity":"critical"},{"advisoryId":"WPSECADV/WF/4609e1a8-c766-4054-a5d0-eabff1089300/user-registration","title":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 5.1.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"4609e1a8-c766-4054-a5d0-eabff1089300"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4609e1a8-c766-4054-a5d0-eabff1089300?source=api-prod","cve":"CVE-2026-25425","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/50f3e469-f788-45da-95e7-aa6da1e87fd1/user-registration","title":"User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-21 12:46:27","sources":[{"name":"Wordfence","remoteId":"50f3e469-f788-45da-95e7-aa6da1e87fd1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/50f3e469-f788-45da-95e7-aa6da1e87fd1?source=api-prod","cve":"CVE-2025-6831","affectedVersions":"<=4.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5835fed0-5b9d-47b5-82ae-f0f19830ae2a/user-registration","title":"User Registration <= 2.3.2.1 - PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5835fed0-5b9d-47b5-82ae-f0f19830ae2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5835fed0-5b9d-47b5-82ae-f0f19830ae2a?source=api-prod","cve":"CVE-2023-27459","affectedVersions":"<=2.3.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 17:44:06","sources":[{"name":"Wordfence","remoteId":"59a63cd8-9d33-4a2c-a499-5b1ee38c07d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=api-prod","cve":"CVE-2025-3292","affectedVersions":"<=4.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6193139b-52bf-425c-b1d3-c6fbd9185f06/user-registration","title":"User Registration <= 4.4.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6193139b-52bf-425c-b1d3-c6fbd9185f06"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6193139b-52bf-425c-b1d3-c6fbd9185f06?source=api-prod","cve":"CVE-2025-67956","affectedVersions":"<=4.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/62b809dc-4089-4822-8aeb-7049fcfe376e/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"62b809dc-4089-4822-8aeb-7049fcfe376e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=api-prod","cve":"CVE-2024-1720","affectedVersions":"<=3.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/710574a8-a6e2-4ee6-9ea7-03a34994fec7/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-31 18:57:59","sources":[{"name":"Wordfence","remoteId":"710574a8-a6e2-4ee6-9ea7-03a34994fec7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=api-prod","cve":"CVE-2024-4958","affectedVersions":"<=3.2.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/761a4801-fc4a-40a0-b5aa-303d88a87062/user-registration","title":"User Registration <= 1.5.5 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"761a4801-fc4a-40a0-b5aa-303d88a87062"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/761a4801-fc4a-40a0-b5aa-303d88a87062?source=api-prod","affectedVersions":"<=1.5.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7bb5a5a2-9644-4850-a5f9-7c925af000c8/user-registration","title":"User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 11:24:15","sources":[{"name":"Wordfence","remoteId":"7bb5a5a2-9644-4850-a5f9-7c925af000c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb5a5a2-9644-4850-a5f9-7c925af000c8?source=api-prod","cve":"CVE-2026-4056","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7e9fec92-f471-4ce9-9138-1c58ad658da2/user-registration","title":"User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-02 16:05:18","sources":[{"name":"Wordfence","remoteId":"7e9fec92-f471-4ce9-9138-1c58ad658da2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9fec92-f471-4ce9-9138-1c58ad658da2?source=api-prod","cve":"CVE-2026-1492","affectedVersions":"<=5.1.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/864a3444-0479-4b9f-beca-584a4a9b8682/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"864a3444-0479-4b9f-beca-584a4a9b8682"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/864a3444-0479-4b9f-beca-584a4a9b8682?source=api-prod","cve":"CVE-2024-3295","affectedVersions":"<=3.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/98345631-45df-419b-aada-b7053a31b68c/user-registration","title":"User Registration <= 4.1.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"98345631-45df-419b-aada-b7053a31b68c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98345631-45df-419b-aada-b7053a31b68c?source=api-prod","cve":"CVE-2025-39400","affectedVersions":"<=4.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bf5b60b-5a4f-4227-97ac-a952019f46d9/user-registration","title":"User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 19:44:32","sources":[{"name":"Wordfence","remoteId":"9bf5b60b-5a4f-4227-97ac-a952019f46d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf5b60b-5a4f-4227-97ac-a952019f46d9?source=api-prod","cve":"CVE-2026-1869","affectedVersions":"<=5.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4149783-ffa3-4efd-af55-5aa1c0e44443/user-registration","title":"User Registration & Membership <= 4.1.2 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4149783-ffa3-4efd-af55-5aa1c0e44443"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4149783-ffa3-4efd-af55-5aa1c0e44443?source=api-prod","cve":"CVE-2025-2594","affectedVersions":"<=4.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/a5a1ccb2-4f78-4855-a01d-b15f73407822/user-registration","title":"User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 13:29:35","sources":[{"name":"Wordfence","remoteId":"a5a1ccb2-4f78-4855-a01d-b15f73407822"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a1ccb2-4f78-4855-a01d-b15f73407822?source=api-prod","cve":"CVE-2026-2356","affectedVersions":"<=5.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a671128a-74e6-4f92-94af-9e5e37ed7b7a/user-registration","title":"User Registration <= 2.3.2.1 - Missing Authorization via send_test_email\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"a671128a-74e6-4f92-94af-9e5e37ed7b7a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a671128a-74e6-4f92-94af-9e5e37ed7b7a?source=api-prod","cve":"CVE-2023-29429","affectedVersions":"<=2.3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a979e885-f7dd-4616-a881-64f3d97c309d/user-registration","title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"a979e885-f7dd-4616-a881-64f3d97c309d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=api-prod","cve":"CVE-2023-3342","affectedVersions":"<=3.0.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/b6b349f2-24c9-4921-bb5f-a7726ebc5c2a/user-registration","title":"User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-13 19:52:48","sources":[{"name":"Wordfence","remoteId":"b6b349f2-24c9-4921-bb5f-a7726ebc5c2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6b349f2-24c9-4921-bb5f-a7726ebc5c2a?source=api-prod","cve":"CVE-2026-6145","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ba326241-46a3-4891-a180-d7977f4e83ed/user-registration","title":"User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"ba326241-46a3-4891-a180-d7977f4e83ed"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ba326241-46a3-4891-a180-d7977f4e83ed?source=api-prod","cve":"CVE-2025-9085","affectedVersions":"<=4.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c07ea205-5a05-43f5-993e-c6e30f660ac8/user-registration","title":"User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"c07ea205-5a05-43f5-993e-c6e30f660ac8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c07ea205-5a05-43f5-993e-c6e30f660ac8?source=api-prod","cve":"CVE-2022-3912","affectedVersions":"<=2.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/c525b41c-dca5-442a-927e-4583cb303ed1/user-registration","title":"User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"c525b41c-dca5-442a-927e-4583cb303ed1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c525b41c-dca5-442a-927e-4583cb303ed1?source=api-prod","cve":"CVE-2025-3282","affectedVersions":"<=4.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c8798fb2-4cab-4960-9e32-fd74bb4a5091/user-registration","title":"User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-04 19:57:08","sources":[{"name":"Wordfence","remoteId":"c8798fb2-4cab-4960-9e32-fd74bb4a5091"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c8798fb2-4cab-4960-9e32-fd74bb4a5091?source=api-prod","cve":"CVE-2026-3601","affectedVersions":"<=5.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd4c2c11-2d73-48b4-8e7e-e281451973a2/user-registration","title":"User Registration <= 4.4.9 - Authenticated (Subscriber+) Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd4c2c11-2d73-48b4-8e7e-e281451973a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4c2c11-2d73-48b4-8e7e-e281451973a2?source=api-prod","cve":"CVE-2026-24353","affectedVersions":"<=4.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/d03459d8-b1f2-4270-a294-403754db1f2f/user-registration","title":"User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"d03459d8-b1f2-4270-a294-403754db1f2f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d03459d8-b1f2-4270-a294-403754db1f2f?source=api-prod","cve":"CVE-2024-2417","affectedVersions":"<=3.1.5","severity":"high"},{"advisoryId":"WPSECADV/WF/d99bc021-ba9e-4294-8dd2-c25bc8007d05/user-registration","title":"User Registration & Membership <= 5.1.2 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 13:29:34","sources":[{"name":"Wordfence","remoteId":"d99bc021-ba9e-4294-8dd2-c25bc8007d05"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=api-prod","cve":"CVE-2026-1779","affectedVersions":"<=5.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e15441f3-3ffe-4466-9119-e5354fd1c1c4/user-registration","title":"User Registration <= 5.1.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"e15441f3-3ffe-4466-9119-e5354fd1c1c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e15441f3-3ffe-4466-9119-e5354fd1c1c4?source=api-prod","cve":"CVE-2026-42652","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e5495b4c-a1ac-4860-83a7-686d9436d983/user-registration","title":"User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 20:16:56","sources":[{"name":"Wordfence","remoteId":"e5495b4c-a1ac-4860-83a7-686d9436d983"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=api-prod","cve":"CVE-2025-14976","affectedVersions":"<=4.4.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ea59d04e-b332-49f8-bf3f-6e0cda3be712/user-registration","title":"User Registration <= 4.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ea59d04e-b332-49f8-bf3f-6e0cda3be712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea59d04e-b332-49f8-bf3f-6e0cda3be712?source=api-prod","cve":"CVE-2025-30899","affectedVersions":"<=4.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a/user-registration","title":"User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd9cbd1-f8a9-401e-8cdd-1ff16f438b4a?source=api-prod","cve":"CVE-2025-2563","affectedVersions":"<=4.1.1","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77656d61696c811c9dc5_gen.json b/internal/data/assets/plugin_77656d61696c811c9dc5_gen.json index 330bcf7f..f15bf878 100644 --- a/internal/data/assets/plugin_77656d61696c811c9dc5_gen.json +++ b/internal/data/assets/plugin_77656d61696c811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0d997e98-dfb6-4f41-8711-7645d2a9435e/wemail","title":"weMail <= 1.14.13 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d997e98-dfb6-4f41-8711-7645d2a9435e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d997e98-dfb6-4f41-8711-7645d2a9435e?source=api-prod","cve":"CVE-2025-47540","affectedVersions":"<=1.14.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/16dd90c3-3962-4c8e-993f-b6824c48ab76/wemail","title":"weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-20 20:58:51","sources":[{"name":"Wordfence","remoteId":"16dd90c3-3962-4c8e-993f-b6824c48ab76"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16dd90c3-3962-4c8e-993f-b6824c48ab76?source=api-prod","cve":"CVE-2025-14339","affectedVersions":"<=2.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/59c0caa2-d0c2-472e-83c3-d11ad313720d/wemail","title":"weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 15:57:34","sources":[{"name":"Wordfence","remoteId":"59c0caa2-d0c2-472e-83c3-d11ad313720d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59c0caa2-d0c2-472e-83c3-d11ad313720d?source=api-prod","cve":"CVE-2025-14348","affectedVersions":"<=2.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/82e9bd78-726f-421f-8bf0-560fa9eeab2c/wemail","title":"weMail <= 1.14.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"82e9bd78-726f-421f-8bf0-560fa9eeab2c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/82e9bd78-726f-421f-8bf0-560fa9eeab2c?source=api-prod","cve":"CVE-2024-43238","affectedVersions":"<=1.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/84003388-c47c-41db-8d2d-4643aa375a89/wemail","title":"Appsero <= 1.2.1 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84003388-c47c-41db-8d2d-4643aa375a89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod","affectedVersions":"<=1.14.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e869800a-6fbc-4a1a-97fd-92ecbf3305ff/wemail","title":"Appsero <= 1.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e869800a-6fbc-4a1a-97fd-92ecbf3305ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod","cve":"CVE-2022-47150","affectedVersions":"<=1.14.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f7df2f38-4831-4cd4-b8ff-27c471775cae/wemail","title":"weMail <= 1.14.2 - Missing Authorization to Notice Dismissal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"f7df2f38-4831-4cd4-b8ff-27c471775cae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f7df2f38-4831-4cd4-b8ff-27c471775cae?source=api-prod","cve":"CVE-2024-34822","affectedVersions":"<=1.14.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0d997e98-dfb6-4f41-8711-7645d2a9435e/wemail","title":"weMail <= 1.14.13 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"0d997e98-dfb6-4f41-8711-7645d2a9435e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d997e98-dfb6-4f41-8711-7645d2a9435e?source=api-prod","cve":"CVE-2025-47540","affectedVersions":"<=1.14.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/16dd90c3-3962-4c8e-993f-b6824c48ab76/wemail","title":"weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-20 20:58:51","sources":[{"name":"Wordfence","remoteId":"16dd90c3-3962-4c8e-993f-b6824c48ab76"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16dd90c3-3962-4c8e-993f-b6824c48ab76?source=api-prod","cve":"CVE-2025-14339","affectedVersions":"<=2.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/59c0caa2-d0c2-472e-83c3-d11ad313720d/wemail","title":"weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 15:57:34","sources":[{"name":"Wordfence","remoteId":"59c0caa2-d0c2-472e-83c3-d11ad313720d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59c0caa2-d0c2-472e-83c3-d11ad313720d?source=api-prod","cve":"CVE-2025-14348","affectedVersions":"<=2.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/82e9bd78-726f-421f-8bf0-560fa9eeab2c/wemail","title":"weMail <= 1.14.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"82e9bd78-726f-421f-8bf0-560fa9eeab2c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/82e9bd78-726f-421f-8bf0-560fa9eeab2c?source=api-prod","cve":"CVE-2024-43238","affectedVersions":"<=1.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/84003388-c47c-41db-8d2d-4643aa375a89/wemail","title":"Appsero <= 1.2.1 - Missing Authorization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"84003388-c47c-41db-8d2d-4643aa375a89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod","affectedVersions":"<=1.14.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/946d4ec2-b75f-41e2-8132-47ccfc41d91a/wemail","title":"weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce <= 2.1.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"946d4ec2-b75f-41e2-8132-47ccfc41d91a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/946d4ec2-b75f-41e2-8132-47ccfc41d91a?source=api-prod","cve":"CVE-2026-57322","affectedVersions":"<=2.1.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e869800a-6fbc-4a1a-97fd-92ecbf3305ff/wemail","title":"Appsero <= 1.2.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"e869800a-6fbc-4a1a-97fd-92ecbf3305ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod","cve":"CVE-2022-47150","affectedVersions":"<=1.14.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/f7df2f38-4831-4cd4-b8ff-27c471775cae/wemail","title":"weMail <= 1.14.2 - Missing Authorization to Notice Dismissal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"f7df2f38-4831-4cd4-b8ff-27c471775cae"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f7df2f38-4831-4cd4-b8ff-27c471775cae?source=api-prod","cve":"CVE-2024-34822","affectedVersions":"<=1.14.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_776f6f2d6f726465722d6578706f72742d6c697465811c9dc5_gen.json b/internal/data/assets/plugin_776f6f2d6f726465722d6578706f72742d6c697465811c9dc5_gen.json index c851febc..5cec4875 100644 --- a/internal/data/assets/plugin_776f6f2d6f726465722d6578706f72742d6c697465811c9dc5_gen.json +++ b/internal/data/assets/plugin_776f6f2d6f726465722d6578706f72742d6c697465811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 16:45:50","sources":[{"name":"Wordfence","remoteId":"0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9?source=api-prod","cve":"CVE-2026-11360","affectedVersions":"<=4.0.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/2628f9dd-a020-49e6-bcea-f839e1d1a8a0/woo-order-export-lite","title":"Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"2628f9dd-a020-49e6-bcea-f839e1d1a8a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2628f9dd-a020-49e6-bcea-f839e1d1a8a0?source=api-prod","cve":"CVE-2021-27349","affectedVersions":"<=3.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e9291e8-b4f5-4fd1-aded-4690f82f6905/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e9291e8-b4f5-4fd1-aded-4690f82f6905"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e9291e8-b4f5-4fd1-aded-4690f82f6905?source=api-prod","cve":"CVE-2022-35275","affectedVersions":"<=3.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c/woo-order-export-lite","title":"PHPSpreadsheet Library < 2.3.0 - XXE Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod","cve":"CVE-2024-45293","affectedVersions":"<=3.6.0","severity":"high"},{"advisoryId":"WPSECADV/WF/3d6488ce-e34a-4b23-806d-fa2fb948ea8f/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d6488ce-e34a-4b23-806d-fa2fb948ea8f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d6488ce-e34a-4b23-806d-fa2fb948ea8f?source=api-prod","cve":"CVE-2021-24169","affectedVersions":"<=3.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a425e1c-9b18-468f-975a-57239ce24601/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a425e1c-9b18-468f-975a-57239ce24601"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a425e1c-9b18-468f-975a-57239ce24601?source=api-prod","cve":"CVE-2022-40128","affectedVersions":"<=3.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/86d5af9f-ffe9-4d22-885d-e117da7687de/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"86d5af9f-ffe9-4d22-885d-e117da7687de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86d5af9f-ffe9-4d22-885d-e117da7687de?source=api-prod","cve":"CVE-2024-31266","affectedVersions":"<=3.4.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/92bd8f53-7845-4741-84e7-4930dfa973ea/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"92bd8f53-7845-4741-84e7-4930dfa973ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/92bd8f53-7845-4741-84e7-4930dfa973ea?source=api-prod","cve":"CVE-2018-11525","affectedVersions":"<=1.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a1c6eed6-7b3f-4b37-85f8-6613527daa54/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-12 14:44:29","sources":[{"name":"Wordfence","remoteId":"a1c6eed6-7b3f-4b37-85f8-6613527daa54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=api-prod","cve":"CVE-2024-10828","affectedVersions":"<=3.5.5","severity":"high"},{"advisoryId":"WPSECADV/WF/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0/woo-order-export-lite","title":"Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0?source=api-prod","cve":"CVE-2020-11727","affectedVersions":"<3.1.4","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 16:45:50","sources":[{"name":"Wordfence","remoteId":"0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b395777-2e2a-4dc3-9b0c-ce4c9d22d7e9?source=api-prod","cve":"CVE-2026-11360","affectedVersions":"<=4.0.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/2628f9dd-a020-49e6-bcea-f839e1d1a8a0/woo-order-export-lite","title":"Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"2628f9dd-a020-49e6-bcea-f839e1d1a8a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2628f9dd-a020-49e6-bcea-f839e1d1a8a0?source=api-prod","cve":"CVE-2021-27349","affectedVersions":"<=3.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e9291e8-b4f5-4fd1-aded-4690f82f6905/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e9291e8-b4f5-4fd1-aded-4690f82f6905"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e9291e8-b4f5-4fd1-aded-4690f82f6905?source=api-prod","cve":"CVE-2022-35275","affectedVersions":"<=3.3.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c/woo-order-export-lite","title":"PHPSpreadsheet Library < 2.3.0 - XXE Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod","cve":"CVE-2024-45293","affectedVersions":"<=3.6.0","severity":"high"},{"advisoryId":"WPSECADV/WF/3d6488ce-e34a-4b23-806d-fa2fb948ea8f/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d6488ce-e34a-4b23-806d-fa2fb948ea8f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d6488ce-e34a-4b23-806d-fa2fb948ea8f?source=api-prod","cve":"CVE-2021-24169","affectedVersions":"<=3.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a425e1c-9b18-468f-975a-57239ce24601/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a425e1c-9b18-468f-975a-57239ce24601"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a425e1c-9b18-468f-975a-57239ce24601?source=api-prod","cve":"CVE-2022-40128","affectedVersions":"<=3.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/86d5af9f-ffe9-4d22-885d-e117da7687de/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"86d5af9f-ffe9-4d22-885d-e117da7687de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86d5af9f-ffe9-4d22-885d-e117da7687de?source=api-prod","cve":"CVE-2024-31266","affectedVersions":"<=3.4.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/8fef8676-8bf7-495f-a134-497756f329f2/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 4.0.9 - Authenticated (Customer+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"8fef8676-8bf7-495f-a134-497756f329f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8fef8676-8bf7-495f-a134-497756f329f2?source=api-prod","cve":"CVE-2026-56042","affectedVersions":"<=4.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/92bd8f53-7845-4741-84e7-4930dfa973ea/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"92bd8f53-7845-4741-84e7-4930dfa973ea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/92bd8f53-7845-4741-84e7-4930dfa973ea?source=api-prod","cve":"CVE-2018-11525","affectedVersions":"<=1.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a1c6eed6-7b3f-4b37-85f8-6613527daa54/woo-order-export-lite","title":"Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-12 14:44:29","sources":[{"name":"Wordfence","remoteId":"a1c6eed6-7b3f-4b37-85f8-6613527daa54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=api-prod","cve":"CVE-2024-10828","affectedVersions":"<=3.5.5","severity":"high"},{"advisoryId":"WPSECADV/WF/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0/woo-order-export-lite","title":"Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-04-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0?source=api-prod","cve":"CVE-2020-11727","affectedVersions":"<3.1.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_776f6f636f6d6d657263652d6162616e646f6e65642d63617274811c9dc5_gen.json b/internal/data/assets/plugin_776f6f636f6d6d657263652d6162616e646f6e65642d63617274811c9dc5_gen.json index 72b323e4..5cac47bb 100644 --- a/internal/data/assets/plugin_776f6f636f6d6d657263652d6162616e646f6e65642d63617274811c9dc5_gen.json +++ b/internal/data/assets/plugin_776f6f636f6d6d657263652d6162616e646f6e65642d63617274811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/00243844-a2ec-42fd-84d9-03e89619e361/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce < 1.9 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-07-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"00243844-a2ec-42fd-84d9-03e89619e361"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00243844-a2ec-42fd-84d9-03e89619e361?source=api-prod","affectedVersions":"<1.9","severity":"high"},{"advisoryId":"WPSECADV/WF/1ce1316b-674a-4436-968f-9ffca4e8f726/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.1 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ce1316b-674a-4436-968f-9ffca4e8f726"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce1316b-674a-4436-968f-9ffca4e8f726?source=api-prod","affectedVersions":"<=5.16.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/4edbfeee-b668-4a85-a030-c15d6583dc82/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_preview_emails\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"4edbfeee-b668-4a85-a030-c15d6583dc82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4edbfeee-b668-4a85-a030-c15d6583dc82?source=api-prod","affectedVersions":"<5.16.1","severity":"low"},{"advisoryId":"WPSECADV/WF/51cfe955-f854-4f88-a009-93f92ae13d86/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"51cfe955-f854-4f88-a009-93f92ae13d86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51cfe955-f854-4f88-a009-93f92ae13d86?source=api-prod","cve":"CVE-2023-41671","affectedVersions":"<=5.16.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/524e9ec1-9c7c-4b06-915c-8122ea6c3601/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"524e9ec1-9c7c-4b06-915c-8122ea6c3601"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601?source=api-prod","cve":"CVE-2023-44986","affectedVersions":"<=5.15.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/52d1f9a3-243e-4e2c-a752-f40b6d275121/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_delete_expired_used_coupon_code\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"52d1f9a3-243e-4e2c-a752-f40b6d275121"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/52d1f9a3-243e-4e2c-a752-f40b6d275121?source=api-prod","affectedVersions":"<5.16.1","severity":"low"},{"advisoryId":"WPSECADV/WF/562d0052-7f1a-441b-9ff7-1c8bcb4b74b4/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.8.2 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"562d0052-7f1a-441b-9ff7-1c8bcb4b74b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/562d0052-7f1a-441b-9ff7-1c8bcb4b74b4?source=api-prod","affectedVersions":"<=5.8.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/68052614-204f-4237-af0e-4b8210ebd59f/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"68052614-204f-4237-af0e-4b8210ebd59f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=api-prod","cve":"CVE-2023-2986","affectedVersions":"<=5.15.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via delete_expired_used_coupon_code\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1e51a99-f5d4-47d4-bead-00ca1f5f72c2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2?source=api-prod","affectedVersions":"<5.14.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=api-prod","cve":"CVE-2019-25152","affectedVersions":"<5.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"ab5d87d2-f3cb-4926-9cbf-acdbe9169f64"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=api-prod","cve":"CVE-2021-4414","affectedVersions":"<=5.8.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e743e656-2dd9-43ed-a190-b03af7c75c54/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via ts_reset_tracking_setting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"e743e656-2dd9-43ed-a190-b03af7c75c54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e743e656-2dd9-43ed-a190-b03af7c75c54?source=api-prod","affectedVersions":"<5.14.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/00243844-a2ec-42fd-84d9-03e89619e361/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce < 1.9 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-07-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"00243844-a2ec-42fd-84d9-03e89619e361"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00243844-a2ec-42fd-84d9-03e89619e361?source=api-prod","affectedVersions":"<1.9","severity":"high"},{"advisoryId":"WPSECADV/WF/1ce1316b-674a-4436-968f-9ffca4e8f726/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.1 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ce1316b-674a-4436-968f-9ffca4e8f726"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce1316b-674a-4436-968f-9ffca4e8f726?source=api-prod","affectedVersions":"<=5.16.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/4edbfeee-b668-4a85-a030-c15d6583dc82/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_preview_emails\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"4edbfeee-b668-4a85-a030-c15d6583dc82"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4edbfeee-b668-4a85-a030-c15d6583dc82?source=api-prod","affectedVersions":"<5.16.1","severity":"low"},{"advisoryId":"WPSECADV/WF/51cfe955-f854-4f88-a009-93f92ae13d86/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"51cfe955-f854-4f88-a009-93f92ae13d86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51cfe955-f854-4f88-a009-93f92ae13d86?source=api-prod","cve":"CVE-2023-41671","affectedVersions":"<=5.16.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/524e9ec1-9c7c-4b06-915c-8122ea6c3601/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"524e9ec1-9c7c-4b06-915c-8122ea6c3601"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601?source=api-prod","cve":"CVE-2023-44986","affectedVersions":"<=5.15.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/52d1f9a3-243e-4e2c-a752-f40b6d275121/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_delete_expired_used_coupon_code\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"52d1f9a3-243e-4e2c-a752-f40b6d275121"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/52d1f9a3-243e-4e2c-a752-f40b6d275121?source=api-prod","affectedVersions":"<5.16.1","severity":"low"},{"advisoryId":"WPSECADV/WF/562d0052-7f1a-441b-9ff7-1c8bcb4b74b4/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.8.2 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"562d0052-7f1a-441b-9ff7-1c8bcb4b74b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/562d0052-7f1a-441b-9ff7-1c8bcb4b74b4?source=api-prod","affectedVersions":"<=5.8.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/68052614-204f-4237-af0e-4b8210ebd59f/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"68052614-204f-4237-af0e-4b8210ebd59f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=api-prod","cve":"CVE-2023-2986","affectedVersions":"<=5.15.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via delete_expired_used_coupon_code\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1e51a99-f5d4-47d4-bead-00ca1f5f72c2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2?source=api-prod","affectedVersions":"<5.14.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=api-prod","cve":"CVE-2019-25152","affectedVersions":"<5.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"ab5d87d2-f3cb-4926-9cbf-acdbe9169f64"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=api-prod","cve":"CVE-2021-4414","affectedVersions":"<=5.8.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e743e656-2dd9-43ed-a190-b03af7c75c54/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via ts_reset_tracking_setting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"e743e656-2dd9-43ed-a190-b03af7c75c54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e743e656-2dd9-43ed-a190-b03af7c75c54?source=api-prod","affectedVersions":"<5.14.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f21c9730-0834-4126-bc0d-c5f84b46dce9/woocommerce-abandoned-cart","title":"Abandoned Cart Lite for WooCommerce <= 6.8.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"f21c9730-0834-4126-bc0d-c5f84b46dce9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f21c9730-0834-4126-bc0d-c5f84b46dce9?source=api-prod","cve":"CVE-2026-57637","affectedVersions":"<=6.8.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_776f6f636f6d6d657263652d63757272656e63792d7377697463686572811c9dc5_gen.json b/internal/data/assets/plugin_776f6f636f6d6d657263652d63757272656e63792d7377697463686572811c9dc5_gen.json index 82cd07d1..3f9cbb03 100644 --- a/internal/data/assets/plugin_776f6f636f6d6d657263652d63757272656e63792d7377697463686572811c9dc5_gen.json +++ b/internal/data/assets/plugin_776f6f636f6d6d657263652d63757272656e63792d7377697463686572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/139d4ec2-1147-4332-a56d-633890f32560/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.1.4 - Cross-Site Request Forgery via delete_profiles_data\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"139d4ec2-1147-4332-a56d-633890f32560"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/139d4ec2-1147-4332-a56d-633890f32560?source=api-prod","cve":"CVE-2023-49834","affectedVersions":"<=1.4.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 14:49:48","sources":[{"name":"Wordfence","remoteId":"1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f?source=api-prod","cve":"CVE-2026-9241","affectedVersions":"<=1.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/3d3fcadf-60bd-4a2e-a30c-e276dd04368c/woocommerce-currency-switcher","title":"WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d3fcadf-60bd-4a2e-a30c-e276dd04368c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3fcadf-60bd-4a2e-a30c-e276dd04368c?source=api-prod","cve":"CVE-2022-4431","affectedVersions":"<=1.3.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c1d49d0-c9aa-401c-80b9-d4df7fe97691/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c1d49d0-c9aa-401c-80b9-d4df7fe97691"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1d49d0-c9aa-401c-80b9-d4df7fe97691?source=api-prod","cve":"CVE-2024-3734","affectedVersions":"<=1.4.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/53df8dac-a446-425b-bdde-939ab38e5a29/woocommerce-currency-switcher","title":"FOX <= 1.4.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"53df8dac-a446-425b-bdde-939ab38e5a29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53df8dac-a446-425b-bdde-939ab38e5a29?source=api-prod","cve":"CVE-2026-39501","affectedVersions":"<=1.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cbcb659-6732-4893-b6a0-52a558cea351/woocommerce-currency-switcher","title":"WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5cbcb659-6732-4893-b6a0-52a558cea351"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbcb659-6732-4893-b6a0-52a558cea351?source=api-prod","cve":"CVE-2022-4431","affectedVersions":"<=1.3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6db5f214-ba1a-4528-9bb6-0592822bf8bb/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.1.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6db5f214-ba1a-4528-9bb6-0592822bf8bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6db5f214-ba1a-4528-9bb6-0592822bf8bb?source=api-prod","cve":"CVE-2024-30458","affectedVersions":"<=1.4.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0?source=api-prod","cve":"CVE-2026-4094","affectedVersions":"<=1.4.5","severity":"high"},{"advisoryId":"WPSECADV/WF/8cb37019-33f6-4f72-adfc-befbfbf69e47/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cb37019-33f6-4f72-adfc-befbfbf69e47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=api-prod","cve":"CVE-2023-6556","affectedVersions":"<=1.4.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa5b6311-d9ca-4736-a6e3-56c6746b2470/woocommerce-currency-switcher","title":"FOX <= 1.4.5 - Authenticated (Shop manager+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa5b6311-d9ca-4736-a6e3-56c6746b2470"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5b6311-d9ca-4736-a6e3-56c6746b2470?source=api-prod","cve":"CVE-2026-39497","affectedVersions":"<=1.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b85d8451-5283-4a76-8565-c667a3d2d917/woocommerce-currency-switcher","title":"WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"b85d8451-5283-4a76-8565-c667a3d2d917"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b85d8451-5283-4a76-8565-c667a3d2d917?source=api-prod","cve":"CVE-2021-24938","affectedVersions":"<=1.3.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c15eda1f-dc9f-4601-a337-ad3e66baf3b2/woocommerce-currency-switcher","title":"WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"c15eda1f-dc9f-4601-a337-ad3e66baf3b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c15eda1f-dc9f-4601-a337-ad3e66baf3b2?source=api-prod","cve":"CVE-2021-24566","affectedVersions":"<=1.3.7","severity":"high"},{"advisoryId":"WPSECADV/WF/cd53147f-2230-4b8b-a1a1-df377b334072/woocommerce-currency-switcher","title":"WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd53147f-2230-4b8b-a1a1-df377b334072"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd53147f-2230-4b8b-a1a1-df377b334072?source=api-prod","cve":"CVE-2022-0234","affectedVersions":"<=1.3.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceb0dffa-02a2-4193-b2c4-4774091eacfa/woocommerce-currency-switcher","title":"The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceb0dffa-02a2-4193-b2c4-4774091eacfa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=api-prod","cve":"CVE-2024-10640","affectedVersions":"<=1.4.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/cfd69b54-3056-4909-b3e8-ef2387ea9ea8/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"cfd69b54-3056-4909-b3e8-ef2387ea9ea8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd69b54-3056-4909-b3e8-ef2387ea9ea8?source=api-prod","cve":"CVE-2024-43297","affectedVersions":"<=1.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/dec51bd6-2ffe-47b6-9423-6131395bf439/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-13 13:27:43","sources":[{"name":"Wordfence","remoteId":"dec51bd6-2ffe-47b6-9423-6131395bf439"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dec51bd6-2ffe-47b6-9423-6131395bf439?source=api-prod","cve":"CVE-2024-8271","affectedVersions":"<=1.4.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f5442453-6b72-4c8b-8b9f-59b8536aac73/woocommerce-currency-switcher","title":"WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5442453-6b72-4c8b-8b9f-59b8536aac73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5442453-6b72-4c8b-8b9f-59b8536aac73?source=api-prod","cve":"CVE-2021-25043","affectedVersions":"<=1.3.7.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/139d4ec2-1147-4332-a56d-633890f32560/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.1.4 - Cross-Site Request Forgery via delete_profiles_data\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"139d4ec2-1147-4332-a56d-633890f32560"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/139d4ec2-1147-4332-a56d-633890f32560?source=api-prod","cve":"CVE-2023-49834","affectedVersions":"<=1.4.1.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-27 14:49:48","sources":[{"name":"Wordfence","remoteId":"1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f?source=api-prod","cve":"CVE-2026-9241","affectedVersions":"<=1.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d32e6d1-67b4-44e1-b82a-78ce08aea1e6/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.8 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d32e6d1-67b4-44e1-b82a-78ce08aea1e6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d32e6d1-67b4-44e1-b82a-78ce08aea1e6?source=api-prod","cve":"CVE-2026-57319","affectedVersions":"<=1.4.8","severity":"high"},{"advisoryId":"WPSECADV/WF/3d3fcadf-60bd-4a2e-a30c-e276dd04368c/woocommerce-currency-switcher","title":"WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"3d3fcadf-60bd-4a2e-a30c-e276dd04368c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3fcadf-60bd-4a2e-a30c-e276dd04368c?source=api-prod","cve":"CVE-2022-4431","affectedVersions":"<=1.3.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c1d49d0-c9aa-401c-80b9-d4df7fe97691/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c1d49d0-c9aa-401c-80b9-d4df7fe97691"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1d49d0-c9aa-401c-80b9-d4df7fe97691?source=api-prod","cve":"CVE-2024-3734","affectedVersions":"<=1.4.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/53df8dac-a446-425b-bdde-939ab38e5a29/woocommerce-currency-switcher","title":"FOX <= 1.4.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"53df8dac-a446-425b-bdde-939ab38e5a29"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53df8dac-a446-425b-bdde-939ab38e5a29?source=api-prod","cve":"CVE-2026-39501","affectedVersions":"<=1.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cbcb659-6732-4893-b6a0-52a558cea351/woocommerce-currency-switcher","title":"WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5cbcb659-6732-4893-b6a0-52a558cea351"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbcb659-6732-4893-b6a0-52a558cea351?source=api-prod","cve":"CVE-2022-4431","affectedVersions":"<=1.3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/6db5f214-ba1a-4528-9bb6-0592822bf8bb/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.1.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6db5f214-ba1a-4528-9bb6-0592822bf8bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6db5f214-ba1a-4528-9bb6-0592822bf8bb?source=api-prod","cve":"CVE-2024-30458","affectedVersions":"<=1.4.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb9d68c-c081-484e-ad5d-5eabcfa6d6f0?source=api-prod","cve":"CVE-2026-4094","affectedVersions":"<=1.4.5","severity":"high"},{"advisoryId":"WPSECADV/WF/8cb37019-33f6-4f72-adfc-befbfbf69e47/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cb37019-33f6-4f72-adfc-befbfbf69e47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=api-prod","cve":"CVE-2023-6556","affectedVersions":"<=1.4.1.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa5b6311-d9ca-4736-a6e3-56c6746b2470/woocommerce-currency-switcher","title":"FOX <= 1.4.5 - Authenticated (Shop manager+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa5b6311-d9ca-4736-a6e3-56c6746b2470"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5b6311-d9ca-4736-a6e3-56c6746b2470?source=api-prod","cve":"CVE-2026-39497","affectedVersions":"<=1.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b85d8451-5283-4a76-8565-c667a3d2d917/woocommerce-currency-switcher","title":"WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"b85d8451-5283-4a76-8565-c667a3d2d917"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b85d8451-5283-4a76-8565-c667a3d2d917?source=api-prod","cve":"CVE-2021-24938","affectedVersions":"<=1.3.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c15eda1f-dc9f-4601-a337-ad3e66baf3b2/woocommerce-currency-switcher","title":"WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"c15eda1f-dc9f-4601-a337-ad3e66baf3b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c15eda1f-dc9f-4601-a337-ad3e66baf3b2?source=api-prod","cve":"CVE-2021-24566","affectedVersions":"<=1.3.7","severity":"high"},{"advisoryId":"WPSECADV/WF/cd53147f-2230-4b8b-a1a1-df377b334072/woocommerce-currency-switcher","title":"WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd53147f-2230-4b8b-a1a1-df377b334072"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd53147f-2230-4b8b-a1a1-df377b334072?source=api-prod","cve":"CVE-2022-0234","affectedVersions":"<=1.3.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ceb0dffa-02a2-4193-b2c4-4774091eacfa/woocommerce-currency-switcher","title":"The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"ceb0dffa-02a2-4193-b2c4-4774091eacfa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=api-prod","cve":"CVE-2024-10640","affectedVersions":"<=1.4.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/cfd69b54-3056-4909-b3e8-ef2387ea9ea8/woocommerce-currency-switcher","title":"WOOCS – WooCommerce Currency Switcher <= 1.4.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"cfd69b54-3056-4909-b3e8-ef2387ea9ea8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd69b54-3056-4909-b3e8-ef2387ea9ea8?source=api-prod","cve":"CVE-2024-43297","affectedVersions":"<=1.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/dec51bd6-2ffe-47b6-9423-6131395bf439/woocommerce-currency-switcher","title":"FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-13 13:27:43","sources":[{"name":"Wordfence","remoteId":"dec51bd6-2ffe-47b6-9423-6131395bf439"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dec51bd6-2ffe-47b6-9423-6131395bf439?source=api-prod","cve":"CVE-2024-8271","affectedVersions":"<=1.4.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f5442453-6b72-4c8b-8b9f-59b8536aac73/woocommerce-currency-switcher","title":"WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5442453-6b72-4c8b-8b9f-59b8536aac73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5442453-6b72-4c8b-8b9f-59b8536aac73?source=api-prod","cve":"CVE-2021-25043","affectedVersions":"<=1.3.7.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_776f6f636f6d6d657263652d70726f647563742d6164646f6e811c9dc5_gen.json b/internal/data/assets/plugin_776f6f636f6d6d657263652d70726f647563742d6164646f6e811c9dc5_gen.json index 914a8bbe..cc9aa792 100644 --- a/internal/data/assets/plugin_776f6f636f6d6d657263652d70726f647563742d6164646f6e811c9dc5_gen.json +++ b/internal/data/assets/plugin_776f6f636f6d6d657263652d70726f647563742d6164646f6e811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/2b0198c8-4be8-44e0-9728-d5d2aa376796/woocommerce-product-addon","title":"PPOM for WooCommerce <= 1.1 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-09-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b0198c8-4be8-44e0-9728-d5d2aa376796"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0198c8-4be8-44e0-9728-d5d2aa376796?source=api-prod","affectedVersions":"<=1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/325813f3-c893-4e98-ad99-452ff63d5e18/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.20 - Unauthenticated Content Injection Vulnerability\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"325813f3-c893-4e98-ad99-452ff63d5e18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/325813f3-c893-4e98-ad99-452ff63d5e18?source=api-prod","cve":"CVE-2024-35728","affectedVersions":"<=32.0.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/352e27ad-4266-4384-be2b-d94d241373a8/woocommerce-product-addon","title":"PPOM for WooCommerce <= 33.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"352e27ad-4266-4384-be2b-d94d241373a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/352e27ad-4266-4384-be2b-d94d241373a8?source=api-prod","cve":"CVE-2025-24668","affectedVersions":"<=33.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f95bcc3-354e-4016-9a17-945569b076b6/woocommerce-product-addon","title":"Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f95bcc3-354e-4016-9a17-945569b076b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=api-prod","cve":"CVE-2024-3962","affectedVersions":"<=32.0.18","severity":"critical"},{"advisoryId":"WPSECADV/WF/6147582f-578a-47ad-b16c-65c37896783d/woocommerce-product-addon","title":"ThemeIsle SDK <= Various Versions - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"6147582f-578a-47ad-b16c-65c37896783d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-prod","cve":"CVE-2024-1047","affectedVersions":"<=32.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bde357d-e34a-4931-a1a4-bd3ed3b72cec/woocommerce-product-addon","title":"PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"8bde357d-e34a-4931-a1a4-bd3ed3b72cec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bde357d-e34a-4931-a1a4-bd3ed3b72cec?source=api-prod","cve":"CVE-2021-25018","affectedVersions":"<=23.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/8f105002-a19a-4376-af65-7e9416175174/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"8f105002-a19a-4376-af65-7e9416175174"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f105002-a19a-4376-af65-7e9416175174?source=api-prod","cve":"CVE-2023-1839","affectedVersions":"<32.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a129b7d-2732-4e4e-b168-98934f1c6ffe/woocommerce-product-addon","title":"PPOM for WooCommerce <= 33.0.16 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a129b7d-2732-4e4e-b168-98934f1c6ffe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a129b7d-2732-4e4e-b168-98934f1c6ffe?source=api-prod","cve":"CVE-2025-66069","affectedVersions":"<=33.0.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/b84c0f8c-25a7-47c7-93cf-9b5060c07c72/woocommerce-product-addon","title":"PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-08-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"b84c0f8c-25a7-47c7-93cf-9b5060c07c72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b84c0f8c-25a7-47c7-93cf-9b5060c07c72?source=api-prod","cve":"CVE-2019-14948","affectedVersions":"<18.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/cf851bed-f5d8-44e2-810d-906ba3d3c1c5/woocommerce-product-addon","title":"PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-17 18:09:32","sources":[{"name":"Wordfence","remoteId":"cf851bed-f5d8-44e2-810d-906ba3d3c1c5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cf851bed-f5d8-44e2-810d-906ba3d3c1c5?source=api-prod","cve":"CVE-2025-11391","affectedVersions":"<=33.0.15","severity":"critical"},{"advisoryId":"WPSECADV/WF/d223de07-6377-491f-8d2c-9c31aa814792/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d223de07-6377-491f-8d2c-9c31aa814792"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d223de07-6377-491f-8d2c-9c31aa814792?source=api-prod","cve":"CVE-2023-2256","affectedVersions":"<=32.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/eefcc290-b7f7-4cf0-9ccc-db4c883d6426/woocommerce-product-addon","title":"PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-17 18:11:36","sources":[{"name":"Wordfence","remoteId":"eefcc290-b7f7-4cf0-9ccc-db4c883d6426"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eefcc290-b7f7-4cf0-9ccc-db4c883d6426?source=api-prod","cve":"CVE-2025-11691","affectedVersions":"<=33.0.15","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/2b0198c8-4be8-44e0-9728-d5d2aa376796/woocommerce-product-addon","title":"PPOM for WooCommerce <= 1.1 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-09-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b0198c8-4be8-44e0-9728-d5d2aa376796"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0198c8-4be8-44e0-9728-d5d2aa376796?source=api-prod","affectedVersions":"<=1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/325813f3-c893-4e98-ad99-452ff63d5e18/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.20 - Unauthenticated Content Injection Vulnerability\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"325813f3-c893-4e98-ad99-452ff63d5e18"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/325813f3-c893-4e98-ad99-452ff63d5e18?source=api-prod","cve":"CVE-2024-35728","affectedVersions":"<=32.0.20","severity":"medium"},{"advisoryId":"WPSECADV/WF/352e27ad-4266-4384-be2b-d94d241373a8/woocommerce-product-addon","title":"PPOM for WooCommerce <= 33.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"352e27ad-4266-4384-be2b-d94d241373a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/352e27ad-4266-4384-be2b-d94d241373a8?source=api-prod","cve":"CVE-2025-24668","affectedVersions":"<=33.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4f95bcc3-354e-4016-9a17-945569b076b6/woocommerce-product-addon","title":"Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"4f95bcc3-354e-4016-9a17-945569b076b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=api-prod","cve":"CVE-2024-3962","affectedVersions":"<=32.0.18","severity":"critical"},{"advisoryId":"WPSECADV/WF/6147582f-578a-47ad-b16c-65c37896783d/woocommerce-product-addon","title":"ThemeIsle SDK <= Various Versions - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"6147582f-578a-47ad-b16c-65c37896783d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-prod","cve":"CVE-2024-1047","affectedVersions":"<=32.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bde357d-e34a-4931-a1a4-bd3ed3b72cec/woocommerce-product-addon","title":"PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-01-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"8bde357d-e34a-4931-a1a4-bd3ed3b72cec"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bde357d-e34a-4931-a1a4-bd3ed3b72cec?source=api-prod","cve":"CVE-2021-25018","affectedVersions":"<=23.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/8f105002-a19a-4376-af65-7e9416175174/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"8f105002-a19a-4376-af65-7e9416175174"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f105002-a19a-4376-af65-7e9416175174?source=api-prod","cve":"CVE-2023-1839","affectedVersions":"<32.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a129b7d-2732-4e4e-b168-98934f1c6ffe/woocommerce-product-addon","title":"PPOM for WooCommerce <= 33.0.16 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a129b7d-2732-4e4e-b168-98934f1c6ffe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a129b7d-2732-4e4e-b168-98934f1c6ffe?source=api-prod","cve":"CVE-2025-66069","affectedVersions":"<=33.0.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/abb362f1-8782-4217-a231-c9b258da6964/woocommerce-product-addon","title":"PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.18 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"abb362f1-8782-4217-a231-c9b258da6964"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abb362f1-8782-4217-a231-c9b258da6964?source=api-prod","cve":"CVE-2026-56050","affectedVersions":"<=33.0.18","severity":"medium"},{"advisoryId":"WPSECADV/WF/b84c0f8c-25a7-47c7-93cf-9b5060c07c72/woocommerce-product-addon","title":"PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-08-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"b84c0f8c-25a7-47c7-93cf-9b5060c07c72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b84c0f8c-25a7-47c7-93cf-9b5060c07c72?source=api-prod","cve":"CVE-2019-14948","affectedVersions":"<18.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/cf851bed-f5d8-44e2-810d-906ba3d3c1c5/woocommerce-product-addon","title":"PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-17 18:09:32","sources":[{"name":"Wordfence","remoteId":"cf851bed-f5d8-44e2-810d-906ba3d3c1c5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cf851bed-f5d8-44e2-810d-906ba3d3c1c5?source=api-prod","cve":"CVE-2025-11391","affectedVersions":"<=33.0.15","severity":"critical"},{"advisoryId":"WPSECADV/WF/d223de07-6377-491f-8d2c-9c31aa814792/woocommerce-product-addon","title":"PPOM for WooCommerce <= 32.0.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d223de07-6377-491f-8d2c-9c31aa814792"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d223de07-6377-491f-8d2c-9c31aa814792?source=api-prod","cve":"CVE-2023-2256","affectedVersions":"<=32.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/eefcc290-b7f7-4cf0-9ccc-db4c883d6426/woocommerce-product-addon","title":"PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-17 18:11:36","sources":[{"name":"Wordfence","remoteId":"eefcc290-b7f7-4cf0-9ccc-db4c883d6426"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eefcc290-b7f7-4cf0-9ccc-db4c883d6426?source=api-prod","cve":"CVE-2025-11691","affectedVersions":"<=33.0.15","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d616c6c2d696d706f7274811c9dc5_gen.json b/internal/data/assets/plugin_77702d616c6c2d696d706f7274811c9dc5_gen.json index d0027627..83537efb 100644 --- a/internal/data/assets/plugin_77702d616c6c2d696d706f7274811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d616c6c2d696d706f7274811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1072ad88-5760-4f2a-82b3-d515d6f73e52/wp-all-import","title":"WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1072ad88-5760-4f2a-82b3-d515d6f73e52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1072ad88-5760-4f2a-82b3-d515d6f73e52?source=api-prod","cve":"CVE-2022-2268","affectedVersions":"<=3.6.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/121cad41-d3cd-4042-b568-3d91909a38d3/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"121cad41-d3cd-4042-b568-3d91909a38d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/121cad41-d3cd-4042-b568-3d91909a38d3?source=api-prod","cve":"CVE-2024-31939","affectedVersions":"<=3.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/40682959-6cb0-4ffb-9338-519e82eb746e/wp-all-import","title":"Import any XML or CSV File <= 3.7.2 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"40682959-6cb0-4ffb-9338-519e82eb746e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40682959-6cb0-4ffb-9338-519e82eb746e?source=api-prod","cve":"CVE-2023-7082","affectedVersions":"<3.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/406fe34a-0991-4653-9924-b6586091d7df/wp-all-import","title":"WP All Import <= 3.4.5 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"406fe34a-0991-4653-9924-b6586091d7df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/406fe34a-0991-4653-9924-b6586091d7df?source=api-prod","cve":"CVE-2018-0546","affectedVersions":"<3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/420bcda3-e275-4811-ae37-df69d4d60cee/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"420bcda3-e275-4811-ae37-df69d4d60cee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/420bcda3-e275-4811-ae37-df69d4d60cee?source=api-prod","cve":"CVE-2022-2711","affectedVersions":"<=3.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b39c8e1-f2b7-436d-97d1-2d503d7ac835/wp-all-import","title":"Import any XML or CSV File to WordPress < 3.2.5 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b39c8e1-f2b7-436d-97d1-2d503d7ac835"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b39c8e1-f2b7-436d-97d1-2d503d7ac835?source=api-prod","cve":"CVE-2015-9330","affectedVersions":"<3.2.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/52d390e0-95ca-4570-8d4c-f679ee86ffea/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"52d390e0-95ca-4570-8d4c-f679ee86ffea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/52d390e0-95ca-4570-8d4c-f679ee86ffea?source=api-prod","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/5d281333-d9af-4eb7-bc5c-ea7ceeddac03/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d281333-d9af-4eb7-bc5c-ea7ceeddac03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=api-prod","cve":"CVE-2022-1565","affectedVersions":"<=3.6.7","severity":"high"},{"advisoryId":"WPSECADV/WF/6aae5b1d-9b84-4628-b0b6-7b39054e08a0/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - Missing Authorization and Cross-Site Request Forgery Checks\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"6aae5b1d-9b84-4628-b0b6-7b39054e08a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6aae5b1d-9b84-4628-b0b6-7b39054e08a0?source=api-prod","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6c06b79a-0803-4973-ba88-b97d7145f82b/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.6 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"6c06b79a-0803-4973-ba88-b97d7145f82b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6c06b79a-0803-4973-ba88-b97d7145f82b?source=api-prod","affectedVersions":"<=3.6.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/8475dd90-b47a-42b4-8e4e-44e8512e4fca/wp-all-import","title":"Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"8475dd90-b47a-42b4-8e4e-44e8512e4fca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8475dd90-b47a-42b4-8e4e-44e8512e4fca?source=api-prod","cve":"CVE-2025-12733","affectedVersions":"<=3.9.6","severity":"high"},{"advisoryId":"WPSECADV/WF/9704b633-5779-42a7-90d7-e532448f2e51/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-10-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9704b633-5779-42a7-90d7-e532448f2e51"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9704b633-5779-42a7-90d7-e532448f2e51?source=api-prod","cve":"CVE-2017-18567","affectedVersions":"<3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a5ce873-e90b-4bdc-b428-426818ff9a86/wp-all-import","title":"WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a5ce873-e90b-4bdc-b428-426818ff9a86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a5ce873-e90b-4bdc-b428-426818ff9a86?source=api-prod","cve":"CVE-2022-36386","affectedVersions":"<=3.6.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/9f999f89-29eb-4871-a304-0ba6954e7e5b/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"9f999f89-29eb-4871-a304-0ba6954e7e5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f999f89-29eb-4871-a304-0ba6954e7e5b?source=api-prod","cve":"CVE-2015-9329","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/afc85535-962d-479d-8580-9d02f7412930/wp-all-import","title":"WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"afc85535-962d-479d-8580-9d02f7412930"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afc85535-962d-479d-8580-9d02f7412930?source=api-prod","cve":"CVE-2026-2830","affectedVersions":"<=4.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf/wp-all-import","title":"Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf?source=api-prod","cve":"CVE-2025-10001","affectedVersions":"<=3.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c4d19f85-e39f-46e6-b62c-b6d3dc51a0df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df?source=api-prod","cve":"CVE-2018-20978","affectedVersions":"<3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/cbd4f08c-9989-4af9-b615-1db82909a1db/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"cbd4f08c-9989-4af9-b615-1db82909a1db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd4f08c-9989-4af9-b615-1db82909a1db?source=api-prod","cve":"CVE-2021-24714","affectedVersions":"<3.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d88a5dfc-4654-4299-b5a5-2a48b3823e37/wp-all-import","title":"Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d88a5dfc-4654-4299-b5a5-2a48b3823e37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d88a5dfc-4654-4299-b5a5-2a48b3823e37?source=api-prod","cve":"CVE-2014-2054","affectedVersions":"<=3.8.0","severity":"low"},{"advisoryId":"WPSECADV/WF/deb6821e-93ff-4636-912b-887deba59577/wp-all-import","title":"WP All Import <= 3.4.6 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"deb6821e-93ff-4636-912b-887deba59577"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/deb6821e-93ff-4636-912b-887deba59577?source=api-prod","cve":"CVE-2018-0547","affectedVersions":"<3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/e1bdda78-e0e3-4d0b-81b8-9c018f445225/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.3 & PRO < 4.1.1 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-08-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e1bdda78-e0e3-4d0b-81b8-9c018f445225"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bdda78-e0e3-4d0b-81b8-9c018f445225?source=api-prod","cve":"CVE-2015-9331","affectedVersions":"<3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/eab85a0a-f328-4cb6-b01f-d7e57540969d/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"eab85a0a-f328-4cb6-b01f-d7e57540969d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eab85a0a-f328-4cb6-b01f-d7e57540969d?source=api-prod","cve":"CVE-2022-3418","affectedVersions":"<=3.6.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1072ad88-5760-4f2a-82b3-d515d6f73e52/wp-all-import","title":"WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"1072ad88-5760-4f2a-82b3-d515d6f73e52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1072ad88-5760-4f2a-82b3-d515d6f73e52?source=api-prod","cve":"CVE-2022-2268","affectedVersions":"<=3.6.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/121cad41-d3cd-4042-b568-3d91909a38d3/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"121cad41-d3cd-4042-b568-3d91909a38d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/121cad41-d3cd-4042-b568-3d91909a38d3?source=api-prod","cve":"CVE-2024-31939","affectedVersions":"<=3.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/40682959-6cb0-4ffb-9338-519e82eb746e/wp-all-import","title":"Import any XML or CSV File <= 3.7.2 - Authenticated (Admin+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"40682959-6cb0-4ffb-9338-519e82eb746e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40682959-6cb0-4ffb-9338-519e82eb746e?source=api-prod","cve":"CVE-2023-7082","affectedVersions":"<3.7.3","severity":"high"},{"advisoryId":"WPSECADV/WF/406fe34a-0991-4653-9924-b6586091d7df/wp-all-import","title":"WP All Import <= 3.4.5 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"406fe34a-0991-4653-9924-b6586091d7df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/406fe34a-0991-4653-9924-b6586091d7df?source=api-prod","cve":"CVE-2018-0546","affectedVersions":"<3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/420bcda3-e275-4811-ae37-df69d4d60cee/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"420bcda3-e275-4811-ae37-df69d4d60cee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/420bcda3-e275-4811-ae37-df69d4d60cee?source=api-prod","cve":"CVE-2022-2711","affectedVersions":"<=3.6.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b39c8e1-f2b7-436d-97d1-2d503d7ac835/wp-all-import","title":"Import any XML or CSV File to WordPress < 3.2.5 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"4b39c8e1-f2b7-436d-97d1-2d503d7ac835"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b39c8e1-f2b7-436d-97d1-2d503d7ac835?source=api-prod","cve":"CVE-2015-9330","affectedVersions":"<3.2.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/52d390e0-95ca-4570-8d4c-f679ee86ffea/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"52d390e0-95ca-4570-8d4c-f679ee86ffea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/52d390e0-95ca-4570-8d4c-f679ee86ffea?source=api-prod","affectedVersions":"<=3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/55e5b3e2-0a8c-4628-835e-249c9362a238/wp-all-import","title":"WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets <= 4.0.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"55e5b3e2-0a8c-4628-835e-249c9362a238"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/55e5b3e2-0a8c-4628-835e-249c9362a238?source=api-prod","cve":"CVE-2026-57628","affectedVersions":"<=4.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5d281333-d9af-4eb7-bc5c-ea7ceeddac03/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d281333-d9af-4eb7-bc5c-ea7ceeddac03"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=api-prod","cve":"CVE-2022-1565","affectedVersions":"<=3.6.7","severity":"high"},{"advisoryId":"WPSECADV/WF/6aae5b1d-9b84-4628-b0b6-7b39054e08a0/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - Missing Authorization and Cross-Site Request Forgery Checks\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"6aae5b1d-9b84-4628-b0b6-7b39054e08a0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6aae5b1d-9b84-4628-b0b6-7b39054e08a0?source=api-prod","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6c06b79a-0803-4973-ba88-b97d7145f82b/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.6 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"6c06b79a-0803-4973-ba88-b97d7145f82b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6c06b79a-0803-4973-ba88-b97d7145f82b?source=api-prod","affectedVersions":"<=3.6.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/8475dd90-b47a-42b4-8e4e-44e8512e4fca/wp-all-import","title":"Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"8475dd90-b47a-42b4-8e4e-44e8512e4fca"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8475dd90-b47a-42b4-8e4e-44e8512e4fca?source=api-prod","cve":"CVE-2025-12733","affectedVersions":"<=3.9.6","severity":"high"},{"advisoryId":"WPSECADV/WF/9704b633-5779-42a7-90d7-e532448f2e51/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-10-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9704b633-5779-42a7-90d7-e532448f2e51"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9704b633-5779-42a7-90d7-e532448f2e51?source=api-prod","cve":"CVE-2017-18567","affectedVersions":"<3.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/9a5ce873-e90b-4bdc-b428-426818ff9a86/wp-all-import","title":"WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"9a5ce873-e90b-4bdc-b428-426818ff9a86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9a5ce873-e90b-4bdc-b428-426818ff9a86?source=api-prod","cve":"CVE-2022-36386","affectedVersions":"<=3.6.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/9f999f89-29eb-4871-a304-0ba6954e7e5b/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-02-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"9f999f89-29eb-4871-a304-0ba6954e7e5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f999f89-29eb-4871-a304-0ba6954e7e5b?source=api-prod","cve":"CVE-2015-9329","affectedVersions":"<=3.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/afc85535-962d-479d-8580-9d02f7412930/wp-all-import","title":"WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"afc85535-962d-479d-8580-9d02f7412930"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afc85535-962d-479d-8580-9d02f7412930?source=api-prod","cve":"CVE-2026-2830","affectedVersions":"<=4.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf/wp-all-import","title":"Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb03aeb8-32ab-4962-bc95-b10fb7bd7fcf?source=api-prod","cve":"CVE-2025-10001","affectedVersions":"<=3.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c4d19f85-e39f-46e6-b62c-b6d3dc51a0df"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df?source=api-prod","cve":"CVE-2018-20978","affectedVersions":"<3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/cbd4f08c-9989-4af9-b615-1db82909a1db/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"cbd4f08c-9989-4af9-b615-1db82909a1db"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd4f08c-9989-4af9-b615-1db82909a1db?source=api-prod","cve":"CVE-2021-24714","affectedVersions":"<3.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d88a5dfc-4654-4299-b5a5-2a48b3823e37/wp-all-import","title":"Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d88a5dfc-4654-4299-b5a5-2a48b3823e37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d88a5dfc-4654-4299-b5a5-2a48b3823e37?source=api-prod","cve":"CVE-2014-2054","affectedVersions":"<=3.8.0","severity":"low"},{"advisoryId":"WPSECADV/WF/deb6821e-93ff-4636-912b-887deba59577/wp-all-import","title":"WP All Import <= 3.4.6 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"deb6821e-93ff-4636-912b-887deba59577"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/deb6821e-93ff-4636-912b-887deba59577?source=api-prod","cve":"CVE-2018-0547","affectedVersions":"<3.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/e1bdda78-e0e3-4d0b-81b8-9c018f445225/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.2.3 & PRO < 4.1.1 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-08-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e1bdda78-e0e3-4d0b-81b8-9c018f445225"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bdda78-e0e3-4d0b-81b8-9c018f445225?source=api-prod","cve":"CVE-2015-9331","affectedVersions":"<3.2.4","severity":"high"},{"advisoryId":"WPSECADV/WF/eab85a0a-f328-4cb6-b01f-d7e57540969d/wp-all-import","title":"Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"eab85a0a-f328-4cb6-b01f-d7e57540969d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eab85a0a-f328-4cb6-b01f-d7e57540969d?source=api-prod","cve":"CVE-2022-3418","affectedVersions":"<=3.6.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d6175746f6d61746963811c9dc5_gen.json b/internal/data/assets/plugin_77702d6175746f6d61746963811c9dc5_gen.json index dac9693d..c6fa61ee 100644 --- a/internal/data/assets/plugin_77702d6175746f6d61746963811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d6175746f6d61746963811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/12adf619-4be8-4ecf-8f67-284fc44d87d0/wp-automatic","title":"Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"12adf619-4be8-4ecf-8f67-284fc44d87d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12adf619-4be8-4ecf-8f67-284fc44d87d0?source=api-prod","cve":"CVE-2024-27955","affectedVersions":"<=3.92.0","severity":"high"},{"advisoryId":"WPSECADV/WF/4be58bfa-d489-45f5-9169-db8bab718175/wp-automatic","title":"WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 17:27:27","sources":[{"name":"Wordfence","remoteId":"4be58bfa-d489-45f5-9169-db8bab718175"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4be58bfa-d489-45f5-9169-db8bab718175?source=api-prod","cve":"CVE-2024-4849","affectedVersions":"<=3.94.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/57be67fd-8485-495f-b5e9-6eb52af945b7/wp-automatic","title":"WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"57be67fd-8485-495f-b5e9-6eb52af945b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=api-prod","cve":"CVE-2025-5395","affectedVersions":"<=3.115.0","severity":"high"},{"advisoryId":"WPSECADV/WF/620e8931-64f0-4d9c-9a4c-1f5a703845ff/wp-automatic","title":"Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"620e8931-64f0-4d9c-9a4c-1f5a703845ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/620e8931-64f0-4d9c-9a4c-1f5a703845ff?source=api-prod","cve":"CVE-2024-27954","affectedVersions":"<=3.92.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/6231e47e-2120-4746-97c1-2aa80aa18f4e/wp-automatic","title":"WordPress Automatic Plugin <= 3.92.1 Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"6231e47e-2120-4746-97c1-2aa80aa18f4e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6231e47e-2120-4746-97c1-2aa80aa18f4e?source=api-prod","cve":"CVE-2024-32693","affectedVersions":"<=3.92.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/95d68a5d-4d0b-4030-a80a-ada31b118af2/wp-automatic","title":"WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-25 20:27:36","sources":[{"name":"Wordfence","remoteId":"95d68a5d-4d0b-4030-a80a-ada31b118af2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95d68a5d-4d0b-4030-a80a-ada31b118af2?source=api-prod","cve":"CVE-2025-6247","affectedVersions":"<=3.118.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a8b319be-f312-4d02-840f-e2a91c16b67a/wp-automatic","title":"Automatic <= 3.92.0 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"a8b319be-f312-4d02-840f-e2a91c16b67a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b319be-f312-4d02-840f-e2a91c16b67a?source=api-prod","cve":"CVE-2024-27956","affectedVersions":"<=3.92.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d0567dc8-7a4c-42f4-bf45-f31a8efaa354/wp-automatic","title":"WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0567dc8-7a4c-42f4-bf45-f31a8efaa354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=api-prod","cve":"CVE-2021-4374","affectedVersions":"<3.53.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/fa45d830-fa28-4d94-a6d5-2dc2b8456cf2/wp-automatic","title":"WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fa45d830-fa28-4d94-a6d5-2dc2b8456cf2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa45d830-fa28-4d94-a6d5-2dc2b8456cf2?source=api-prod","affectedVersions":"<=2.0.3","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/045f52f2-b77d-4ddb-a674-0fccf3e6dc7d/wp-automatic","title":"WordPress Automatic Plugin < 3.135.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"045f52f2-b77d-4ddb-a674-0fccf3e6dc7d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/045f52f2-b77d-4ddb-a674-0fccf3e6dc7d?source=api-prod","cve":"CVE-2026-56045","affectedVersions":"<3.135.1","severity":"high"},{"advisoryId":"WPSECADV/WF/12adf619-4be8-4ecf-8f67-284fc44d87d0/wp-automatic","title":"Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"12adf619-4be8-4ecf-8f67-284fc44d87d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12adf619-4be8-4ecf-8f67-284fc44d87d0?source=api-prod","cve":"CVE-2024-27955","affectedVersions":"<=3.92.0","severity":"high"},{"advisoryId":"WPSECADV/WF/4be58bfa-d489-45f5-9169-db8bab718175/wp-automatic","title":"WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 17:27:27","sources":[{"name":"Wordfence","remoteId":"4be58bfa-d489-45f5-9169-db8bab718175"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4be58bfa-d489-45f5-9169-db8bab718175?source=api-prod","cve":"CVE-2024-4849","affectedVersions":"<=3.94.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/57be67fd-8485-495f-b5e9-6eb52af945b7/wp-automatic","title":"WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"57be67fd-8485-495f-b5e9-6eb52af945b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=api-prod","cve":"CVE-2025-5395","affectedVersions":"<=3.115.0","severity":"high"},{"advisoryId":"WPSECADV/WF/620e8931-64f0-4d9c-9a4c-1f5a703845ff/wp-automatic","title":"Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"620e8931-64f0-4d9c-9a4c-1f5a703845ff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/620e8931-64f0-4d9c-9a4c-1f5a703845ff?source=api-prod","cve":"CVE-2024-27954","affectedVersions":"<=3.92.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/6231e47e-2120-4746-97c1-2aa80aa18f4e/wp-automatic","title":"WordPress Automatic Plugin <= 3.92.1 Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"6231e47e-2120-4746-97c1-2aa80aa18f4e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6231e47e-2120-4746-97c1-2aa80aa18f4e?source=api-prod","cve":"CVE-2024-32693","affectedVersions":"<=3.92.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/95d68a5d-4d0b-4030-a80a-ada31b118af2/wp-automatic","title":"WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-25 20:27:36","sources":[{"name":"Wordfence","remoteId":"95d68a5d-4d0b-4030-a80a-ada31b118af2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95d68a5d-4d0b-4030-a80a-ada31b118af2?source=api-prod","cve":"CVE-2025-6247","affectedVersions":"<=3.118.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a8b319be-f312-4d02-840f-e2a91c16b67a/wp-automatic","title":"Automatic <= 3.92.0 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"a8b319be-f312-4d02-840f-e2a91c16b67a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b319be-f312-4d02-840f-e2a91c16b67a?source=api-prod","cve":"CVE-2024-27956","affectedVersions":"<=3.92.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d0567dc8-7a4c-42f4-bf45-f31a8efaa354/wp-automatic","title":"WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0567dc8-7a4c-42f4-bf45-f31a8efaa354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=api-prod","cve":"CVE-2021-4374","affectedVersions":"<3.53.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/fa45d830-fa28-4d94-a6d5-2dc2b8456cf2/wp-automatic","title":"WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fa45d830-fa28-4d94-a6d5-2dc2b8456cf2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa45d830-fa28-4d94-a6d5-2dc2b8456cf2?source=api-prod","affectedVersions":"<=2.0.3","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d63616665811c9dc5_gen.json b/internal/data/assets/plugin_77702d63616665811c9dc5_gen.json index df02559d..ca62bd27 100644 --- a/internal/data/assets/plugin_77702d63616665811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d63616665811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/336e2429-97ab-4948-9d21-f0121216d2d1/wp-cafe","title":"WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-30 18:20:55","sources":[{"name":"Wordfence","remoteId":"336e2429-97ab-4948-9d21-f0121216d2d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/336e2429-97ab-4948-9d21-f0121216d2d1?source=api-prod","cve":"CVE-2024-5427","affectedVersions":"<=2.2.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/3779cf95-9dfd-492b-b3a2-68dce3bb342d/wp-cafe","title":"WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution <= 3.0.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"3779cf95-9dfd-492b-b3a2-68dce3bb342d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3779cf95-9dfd-492b-b3a2-68dce3bb342d?source=api-prod","cve":"CVE-2026-27071","affectedVersions":"<=3.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/41ba3105-4eb3-49b6-893a-d0735e22e1ee/wp-cafe","title":"WPCafe <= 2.2.32 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"41ba3105-4eb3-49b6-893a-d0735e22e1ee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41ba3105-4eb3-49b6-893a-d0735e22e1ee?source=api-prod","cve":"CVE-2025-39452","affectedVersions":"<=2.2.32","severity":"high"},{"advisoryId":"WPSECADV/WF/4261bc62-a091-408b-8643-e6fa61d62103/wp-cafe","title":"WPCafe <= 2.2.22 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"4261bc62-a091-408b-8643-e6fa61d62103"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4261bc62-a091-408b-8643-e6fa61d62103?source=api-prod","cve":"CVE-2023-47805","affectedVersions":"<=2.2.22","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671/wp-cafe","title":"WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-24 16:59:17","sources":[{"name":"Wordfence","remoteId":"5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=api-prod","cve":"CVE-2024-5431","affectedVersions":"<=2.2.25","severity":"high"},{"advisoryId":"WPSECADV/WF/5f83c19e-1b75-4fea-b4de-f7f844a449c0/wp-cafe","title":"WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-22 13:15:58","sources":[{"name":"Wordfence","remoteId":"5f83c19e-1b75-4fea-b4de-f7f844a449c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=api-prod","cve":"CVE-2024-1855","affectedVersions":"<=2.2.23","severity":"medium"},{"advisoryId":"WPSECADV/WF/7282c9aa-643a-48e7-9b97-09524afca1ba/wp-cafe","title":"WPCafe <= 2.2.31 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"7282c9aa-643a-48e7-9b97-09524afca1ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7282c9aa-643a-48e7-9b97-09524afca1ba?source=api-prod","cve":"CVE-2025-30829","affectedVersions":"<=2.2.31","severity":"high"},{"advisoryId":"WPSECADV/WF/963cb544-165e-4378-9844-753c72bf2274/wp-cafe","title":"WPCafe <= 2.2.27 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"963cb544-165e-4378-9844-753c72bf2274"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/963cb544-165e-4378-9844-753c72bf2274?source=api-prod","cve":"CVE-2024-37513","affectedVersions":"<=2.2.27","severity":"high"},{"advisoryId":"WPSECADV/WF/b49ae7fc-e860-4387-b596-12640ec7277f/wp-cafe","title":"WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b49ae7fc-e860-4387-b596-12640ec7277f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b49ae7fc-e860-4387-b596-12640ec7277f?source=api-prod","affectedVersions":"<=2.1.4","severity":"high"},{"advisoryId":"WPSECADV/WF/d4a905c0-f958-4c9b-9e96-dd8653b50497/wp-cafe","title":"WPCafe <= 2.2.28 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d4a905c0-f958-4c9b-9e96-dd8653b50497"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a905c0-f958-4c9b-9e96-dd8653b50497?source=api-prod","cve":"CVE-2024-43135","affectedVersions":"<=2.2.28","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/336e2429-97ab-4948-9d21-f0121216d2d1/wp-cafe","title":"WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-30 18:20:55","sources":[{"name":"Wordfence","remoteId":"336e2429-97ab-4948-9d21-f0121216d2d1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/336e2429-97ab-4948-9d21-f0121216d2d1?source=api-prod","cve":"CVE-2024-5427","affectedVersions":"<=2.2.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/3779cf95-9dfd-492b-b3a2-68dce3bb342d/wp-cafe","title":"WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution <= 3.0.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"3779cf95-9dfd-492b-b3a2-68dce3bb342d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3779cf95-9dfd-492b-b3a2-68dce3bb342d?source=api-prod","cve":"CVE-2026-27071","affectedVersions":"<=3.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/41ba3105-4eb3-49b6-893a-d0735e22e1ee/wp-cafe","title":"WPCafe <= 2.2.32 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"41ba3105-4eb3-49b6-893a-d0735e22e1ee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41ba3105-4eb3-49b6-893a-d0735e22e1ee?source=api-prod","cve":"CVE-2025-39452","affectedVersions":"<=2.2.32","severity":"high"},{"advisoryId":"WPSECADV/WF/4261bc62-a091-408b-8643-e6fa61d62103/wp-cafe","title":"WPCafe <= 2.2.22 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"4261bc62-a091-408b-8643-e6fa61d62103"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4261bc62-a091-408b-8643-e6fa61d62103?source=api-prod","cve":"CVE-2023-47805","affectedVersions":"<=2.2.22","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671/wp-cafe","title":"WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-24 16:59:17","sources":[{"name":"Wordfence","remoteId":"5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=api-prod","cve":"CVE-2024-5431","affectedVersions":"<=2.2.25","severity":"high"},{"advisoryId":"WPSECADV/WF/5f83c19e-1b75-4fea-b4de-f7f844a449c0/wp-cafe","title":"WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-22 13:15:58","sources":[{"name":"Wordfence","remoteId":"5f83c19e-1b75-4fea-b4de-f7f844a449c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=api-prod","cve":"CVE-2024-1855","affectedVersions":"<=2.2.23","severity":"medium"},{"advisoryId":"WPSECADV/WF/7282c9aa-643a-48e7-9b97-09524afca1ba/wp-cafe","title":"WPCafe <= 2.2.31 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"7282c9aa-643a-48e7-9b97-09524afca1ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7282c9aa-643a-48e7-9b97-09524afca1ba?source=api-prod","cve":"CVE-2025-30829","affectedVersions":"<=2.2.31","severity":"high"},{"advisoryId":"WPSECADV/WF/963cb544-165e-4378-9844-753c72bf2274/wp-cafe","title":"WPCafe <= 2.2.27 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"963cb544-165e-4378-9844-753c72bf2274"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/963cb544-165e-4378-9844-753c72bf2274?source=api-prod","cve":"CVE-2024-37513","affectedVersions":"<=2.2.27","severity":"high"},{"advisoryId":"WPSECADV/WF/b49ae7fc-e860-4387-b596-12640ec7277f/wp-cafe","title":"WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b49ae7fc-e860-4387-b596-12640ec7277f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b49ae7fc-e860-4387-b596-12640ec7277f?source=api-prod","affectedVersions":"<=2.1.4","severity":"high"},{"advisoryId":"WPSECADV/WF/d4a905c0-f958-4c9b-9e96-dd8653b50497/wp-cafe","title":"WPCafe <= 2.2.28 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"d4a905c0-f958-4c9b-9e96-dd8653b50497"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a905c0-f958-4c9b-9e96-dd8653b50497?source=api-prod","cve":"CVE-2024-43135","affectedVersions":"<=2.2.28","severity":"high"},{"advisoryId":"WPSECADV/WF/d7b40225-d994-43d2-8e8f-2dae271be9be/wp-cafe","title":"WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System <= 3.0.14 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7b40225-d994-43d2-8e8f-2dae271be9be"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b40225-d994-43d2-8e8f-2dae271be9be?source=api-prod","cve":"CVE-2026-57622","affectedVersions":"<=3.0.14","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d6a6f622d706f7274616c811c9dc5_gen.json b/internal/data/assets/plugin_77702d6a6f622d706f7274616c811c9dc5_gen.json index c9c109e6..569cf1c5 100644 --- a/internal/data/assets/plugin_77702d6a6f622d706f7274616c811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d6a6f622d706f7274616c811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0c347b9f-d297-4cb5-9c4a-1001d845ed5a/wp-job-portal","title":"WP Job Portal <= 2.5.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 15:05:46","sources":[{"name":"Wordfence","remoteId":"0c347b9f-d297-4cb5-9c4a-1001d845ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c347b9f-d297-4cb5-9c4a-1001d845ed5a?source=api-prod","cve":"CVE-2025-14467","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf?source=api-prod","cve":"CVE-2026-48880","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90?source=api-prod","cve":"CVE-2025-48272","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/3870fe43-bece-4a3c-99cf-03393beab78a/wp-job-portal","title":"WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"3870fe43-bece-4a3c-99cf-03393beab78a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3870fe43-bece-4a3c-99cf-03393beab78a?source=api-prod","cve":"CVE-2024-35760","affectedVersions":"<=2.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4107199d-e3c7-4379-b39d-1868de7d777b/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"4107199d-e3c7-4379-b39d-1868de7d777b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4107199d-e3c7-4379-b39d-1868de7d777b?source=api-prod","cve":"CVE-2024-11715","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4d67675a-b77b-41c6-a94f-d9385e609b37/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"4d67675a-b77b-41c6-a94f-d9385e609b37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d67675a-b77b-41c6-a94f-d9385e609b37?source=api-prod","cve":"CVE-2024-11713","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/505858dc-c420-484c-a067-6962836eea6a/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"505858dc-c420-484c-a067-6962836eea6a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/505858dc-c420-484c-a067-6962836eea6a?source=api-prod","cve":"CVE-2024-11714","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/507f3071-3274-4d25-8ae2-53d909bd9daa/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"507f3071-3274-4d25-8ae2-53d909bd9daa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/507f3071-3274-4d25-8ae2-53d909bd9daa?source=api-prod","cve":"CVE-2026-42685","affectedVersions":"<=2.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5ce039db-b597-4bbf-8067-933a262ae1b6/wp-job-portal","title":"WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"5ce039db-b597-4bbf-8067-933a262ae1b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce039db-b597-4bbf-8067-933a262ae1b6?source=api-prod","cve":"CVE-2022-41786","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5d8961fd-68ac-4a10-ab26-cfcda27c18e8/wp-job-portal","title":"WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d8961fd-68ac-4a10-ab26-cfcda27c18e8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=api-prod","cve":"CVE-2024-11711","affectedVersions":"<=2.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5f84140f-2572-4ffb-9b38-22eed5b0f80d/wp-job-portal","title":"Job Portal <= 2.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f84140f-2572-4ffb-9b38-22eed5b0f80d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f84140f-2572-4ffb-9b38-22eed5b0f80d?source=api-prod","cve":"CVE-2026-24379","affectedVersions":"<=2.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c/wp-job-portal","title":"WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=api-prod","cve":"CVE-2024-13873","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/630e4595-4be3-4886-8771-f781bcee674d/wp-job-portal","title":"WP Job Portal <= 2.1.8 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"630e4595-4be3-4886-8771-f781bcee674d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/630e4595-4be3-4886-8771-f781bcee674d?source=api-prod","cve":"CVE-2024-43266","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dfcd264-39e3-44af-8e0e-5c35734524d0/wp-job-portal","title":"WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 06:34:28","sources":[{"name":"Wordfence","remoteId":"6dfcd264-39e3-44af-8e0e-5c35734524d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dfcd264-39e3-44af-8e0e-5c35734524d0?source=api-prod","cve":"CVE-2025-14293","affectedVersions":"<=2.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/80fcaea8-5837-4d8c-afef-b9ed4fd31227/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"80fcaea8-5837-4d8c-afef-b9ed4fd31227"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80fcaea8-5837-4d8c-afef-b9ed4fd31227?source=api-prod","cve":"CVE-2024-11710","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/936d2714-4ace-4685-b3ff-6adac76495a3/wp-job-portal","title":"WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"936d2714-4ace-4685-b3ff-6adac76495a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/936d2714-4ace-4685-b3ff-6adac76495a3?source=api-prod","cve":"CVE-2024-35759","affectedVersions":"<=2.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/98a2570c-c757-44ad-9981-af0bf2d3c341/wp-job-portal","title":"WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"98a2570c-c757-44ad-9981-af0bf2d3c341"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98a2570c-c757-44ad-9981-af0bf2d3c341?source=api-prod","cve":"CVE-2022-41786","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/9c92dbe9-faeb-4ea9-9657-ed7accf63cc1/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c92dbe9-faeb-4ea9-9657-ed7accf63cc1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c92dbe9-faeb-4ea9-9657-ed7accf63cc1?source=api-prod","cve":"CVE-2025-48273","affectedVersions":"<=2.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/9caaa8f9-b04c-4522-97e8-323f38b38bb3/wp-job-portal","title":"WP Job Portal <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"9caaa8f9-b04c-4522-97e8-323f38b38bb3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9caaa8f9-b04c-4522-97e8-323f38b38bb3?source=api-prod","cve":"CVE-2024-52389","affectedVersions":"<=2.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cbce69a-53d0-4b83-9b7a-893a6b9c39c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4?source=api-prod","cve":"CVE-2024-13429","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a14e110f-0850-44f4-8de3-95a654096ae8/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a14e110f-0850-44f4-8de3-95a654096ae8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a14e110f-0850-44f4-8de3-95a654096ae8?source=api-prod","cve":"CVE-2024-13425","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1d07e86-e870-4978-a240-4c3e8050c5d6/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1d07e86-e870-4978-a240-4c3e8050c5d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1d07e86-e870-4978-a240-4c3e8050c5d6?source=api-prod","cve":"CVE-2026-42684","affectedVersions":"<=2.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/a7c786fe-898e-4478-97b9-c1fb41c9081c/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a7c786fe-898e-4478-97b9-c1fb41c9081c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c786fe-898e-4478-97b9-c1fb41c9081c?source=api-prod","cve":"CVE-2024-13428","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a84a4c56-a44e-450d-91fc-024f8ddeedee/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a84a4c56-a44e-450d-91fc-024f8ddeedee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=api-prod","cve":"CVE-2024-13371","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/afbd5080-8a25-4230-8836-20ffeca3f39d/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"afbd5080-8a25-4230-8836-20ffeca3f39d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afbd5080-8a25-4230-8836-20ffeca3f39d?source=api-prod","cve":"CVE-2025-48274","affectedVersions":"<=2.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5/wp-job-portal","title":"WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5?source=api-prod","cve":"CVE-2024-12131","affectedVersions":"<=2.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b613d4ab-6e96-428b-b853-bda5950a6027/wp-job-portal","title":"WP Job Portal <= 2.4.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"b613d4ab-6e96-428b-b853-bda5950a6027"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b613d4ab-6e96-428b-b853-bda5950a6027?source=api-prod","cve":"CVE-2026-24941","affectedVersions":"<=2.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/c309e32f-9b1a-453f-873c-cc9bd18bc115/wp-job-portal","title":"WP Job Portal <= 2.3.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"c309e32f-9b1a-453f-873c-cc9bd18bc115"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c309e32f-9b1a-453f-873c-cc9bd18bc115?source=api-prod","cve":"CVE-2025-47438","affectedVersions":"<=2.3.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/ca1d5275-3398-47a7-889b-4050ebe635ee/wp-job-portal","title":"WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-03 14:04:34","sources":[{"name":"Wordfence","remoteId":"ca1d5275-3398-47a7-889b-4050ebe635ee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=api-prod","cve":"CVE-2024-7950","affectedVersions":"<=2.1.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/d0aa1fad-1ff4-4bc5-a584-99b528470990/wp-job-portal","title":"WP Job Portal <= 2.0.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0aa1fad-1ff4-4bc5-a584-99b528470990"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0aa1fad-1ff4-4bc5-a584-99b528470990?source=api-prod","cve":"CVE-2023-52184","affectedVersions":"<=2.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/d19ac6fc-029f-4f19-913e-e082acecc594/wp-job-portal","title":"WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-02 19:25:08","sources":[{"name":"Wordfence","remoteId":"d19ac6fc-029f-4f19-913e-e082acecc594"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d19ac6fc-029f-4f19-913e-e082acecc594?source=api-prod","cve":"CVE-2024-12132","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68d2144-96b9-482e-9791-c3506661596e/wp-job-portal","title":"WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68d2144-96b9-482e-9791-c3506661596e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68d2144-96b9-482e-9791-c3506661596e?source=api-prod","cve":"CVE-2023-4490","affectedVersions":"<=2.0.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/e00e65ba-db58-4d13-8cb3-c4d62a2553fb/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"e00e65ba-db58-4d13-8cb3-c4d62a2553fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=api-prod","cve":"CVE-2024-13372","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9/wp-job-portal","title":"WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 10:39:46","sources":[{"name":"Wordfence","remoteId":"e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9?source=api-prod","cve":"CVE-2026-4758","affectedVersions":"<=2.4.9","severity":"high"},{"advisoryId":"WPSECADV/WF/ecc34552-c9b0-455f-b1c7-b31cc847cb22/wp-job-portal","title":"WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 10:12:47","sources":[{"name":"Wordfence","remoteId":"ecc34552-c9b0-455f-b1c7-b31cc847cb22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc34552-c9b0-455f-b1c7-b31cc847cb22?source=api-prod","cve":"CVE-2026-4306","affectedVersions":"<=2.4.8","severity":"high"},{"advisoryId":"WPSECADV/WF/ecc87d5f-dba4-40f8-946f-f2634614b579/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecc87d5f-dba4-40f8-946f-f2634614b579"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc87d5f-dba4-40f8-946f-f2634614b579?source=api-prod","cve":"CVE-2024-11712","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f11ea6b2-1225-42a5-aa7b-260315d0bec5/wp-job-portal","title":"WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"f11ea6b2-1225-42a5-aa7b-260315d0bec5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5?source=api-prod","cve":"CVE-2023-28534","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/f66457a1-7406-46f9-9a14-4ce6d77c4b84/wp-job-portal","title":"WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f66457a1-7406-46f9-9a14-4ce6d77c4b84"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f66457a1-7406-46f9-9a14-4ce6d77c4b84?source=api-prod","cve":"CVE-2025-26935","affectedVersions":"<=2.2.8","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0c347b9f-d297-4cb5-9c4a-1001d845ed5a/wp-job-portal","title":"WP Job Portal <= 2.5.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 15:05:46","sources":[{"name":"Wordfence","remoteId":"0c347b9f-d297-4cb5-9c4a-1001d845ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c347b9f-d297-4cb5-9c4a-1001d845ed5a?source=api-prod","cve":"CVE-2025-14467","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1be94fa8-ecaf-46e2-a2d6-9d6a4c7343bf?source=api-prod","cve":"CVE-2026-48880","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29f3be0b-c91b-4dd3-a37f-ecda8a5d2d90?source=api-prod","cve":"CVE-2025-48272","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/3870fe43-bece-4a3c-99cf-03393beab78a/wp-job-portal","title":"WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"3870fe43-bece-4a3c-99cf-03393beab78a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3870fe43-bece-4a3c-99cf-03393beab78a?source=api-prod","cve":"CVE-2024-35760","affectedVersions":"<=2.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4107199d-e3c7-4379-b39d-1868de7d777b/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"4107199d-e3c7-4379-b39d-1868de7d777b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4107199d-e3c7-4379-b39d-1868de7d777b?source=api-prod","cve":"CVE-2024-11715","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4d67675a-b77b-41c6-a94f-d9385e609b37/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"4d67675a-b77b-41c6-a94f-d9385e609b37"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d67675a-b77b-41c6-a94f-d9385e609b37?source=api-prod","cve":"CVE-2024-11713","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/505858dc-c420-484c-a067-6962836eea6a/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"505858dc-c420-484c-a067-6962836eea6a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/505858dc-c420-484c-a067-6962836eea6a?source=api-prod","cve":"CVE-2024-11714","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/507f3071-3274-4d25-8ae2-53d909bd9daa/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"507f3071-3274-4d25-8ae2-53d909bd9daa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/507f3071-3274-4d25-8ae2-53d909bd9daa?source=api-prod","cve":"CVE-2026-42685","affectedVersions":"<=2.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5ce039db-b597-4bbf-8067-933a262ae1b6/wp-job-portal","title":"WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"5ce039db-b597-4bbf-8067-933a262ae1b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce039db-b597-4bbf-8067-933a262ae1b6?source=api-prod","cve":"CVE-2022-41786","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5d8961fd-68ac-4a10-ab26-cfcda27c18e8/wp-job-portal","title":"WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"5d8961fd-68ac-4a10-ab26-cfcda27c18e8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=api-prod","cve":"CVE-2024-11711","affectedVersions":"<=2.2.1","severity":"high"},{"advisoryId":"WPSECADV/WF/5f84140f-2572-4ffb-9b38-22eed5b0f80d/wp-job-portal","title":"Job Portal <= 2.4.3 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"5f84140f-2572-4ffb-9b38-22eed5b0f80d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f84140f-2572-4ffb-9b38-22eed5b0f80d?source=api-prod","cve":"CVE-2026-24379","affectedVersions":"<=2.4.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c/wp-job-portal","title":"WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=api-prod","cve":"CVE-2024-13873","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/630e4595-4be3-4886-8771-f781bcee674d/wp-job-portal","title":"WP Job Portal <= 2.1.8 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"630e4595-4be3-4886-8771-f781bcee674d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/630e4595-4be3-4886-8771-f781bcee674d?source=api-prod","cve":"CVE-2024-43266","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dfcd264-39e3-44af-8e0e-5c35734524d0/wp-job-portal","title":"WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-11 06:34:28","sources":[{"name":"Wordfence","remoteId":"6dfcd264-39e3-44af-8e0e-5c35734524d0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dfcd264-39e3-44af-8e0e-5c35734524d0?source=api-prod","cve":"CVE-2025-14293","affectedVersions":"<=2.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/750d0925-aecb-4360-869d-765d7e46541a/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.2 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"750d0925-aecb-4360-869d-765d7e46541a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/750d0925-aecb-4360-869d-765d7e46541a?source=api-prod","cve":"CVE-2026-57653","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/80fcaea8-5837-4d8c-afef-b9ed4fd31227/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"80fcaea8-5837-4d8c-afef-b9ed4fd31227"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80fcaea8-5837-4d8c-afef-b9ed4fd31227?source=api-prod","cve":"CVE-2024-11710","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/936d2714-4ace-4685-b3ff-6adac76495a3/wp-job-portal","title":"WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"936d2714-4ace-4685-b3ff-6adac76495a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/936d2714-4ace-4685-b3ff-6adac76495a3?source=api-prod","cve":"CVE-2024-35759","affectedVersions":"<=2.1.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/98a2570c-c757-44ad-9981-af0bf2d3c341/wp-job-portal","title":"WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"98a2570c-c757-44ad-9981-af0bf2d3c341"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98a2570c-c757-44ad-9981-af0bf2d3c341?source=api-prod","cve":"CVE-2022-41786","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/9c92dbe9-faeb-4ea9-9657-ed7accf63cc1/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c92dbe9-faeb-4ea9-9657-ed7accf63cc1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c92dbe9-faeb-4ea9-9657-ed7accf63cc1?source=api-prod","cve":"CVE-2025-48273","affectedVersions":"<=2.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/9caaa8f9-b04c-4522-97e8-323f38b38bb3/wp-job-portal","title":"WP Job Portal <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"9caaa8f9-b04c-4522-97e8-323f38b38bb3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9caaa8f9-b04c-4522-97e8-323f38b38bb3?source=api-prod","cve":"CVE-2024-52389","affectedVersions":"<=2.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cbce69a-53d0-4b83-9b7a-893a6b9c39c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4?source=api-prod","cve":"CVE-2024-13429","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a14e110f-0850-44f4-8de3-95a654096ae8/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a14e110f-0850-44f4-8de3-95a654096ae8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a14e110f-0850-44f4-8de3-95a654096ae8?source=api-prod","cve":"CVE-2024-13425","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a1d07e86-e870-4978-a240-4c3e8050c5d6/wp-job-portal","title":"WP Job Portal – AI-Powered Recruitment System for Company or Job Board website <= 2.5.1 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"a1d07e86-e870-4978-a240-4c3e8050c5d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1d07e86-e870-4978-a240-4c3e8050c5d6?source=api-prod","cve":"CVE-2026-42684","affectedVersions":"<=2.5.1","severity":"high"},{"advisoryId":"WPSECADV/WF/a7c786fe-898e-4478-97b9-c1fb41c9081c/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a7c786fe-898e-4478-97b9-c1fb41c9081c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c786fe-898e-4478-97b9-c1fb41c9081c?source=api-prod","cve":"CVE-2024-13428","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/a84a4c56-a44e-450d-91fc-024f8ddeedee/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"a84a4c56-a44e-450d-91fc-024f8ddeedee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=api-prod","cve":"CVE-2024-13371","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/afbd5080-8a25-4230-8836-20ffeca3f39d/wp-job-portal","title":"WP Job Portal <= 2.3.2 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"afbd5080-8a25-4230-8836-20ffeca3f39d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afbd5080-8a25-4230-8836-20ffeca3f39d?source=api-prod","cve":"CVE-2025-48274","affectedVersions":"<=2.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5/wp-job-portal","title":"WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5?source=api-prod","cve":"CVE-2024-12131","affectedVersions":"<=2.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/b613d4ab-6e96-428b-b853-bda5950a6027/wp-job-portal","title":"WP Job Portal <= 2.4.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"b613d4ab-6e96-428b-b853-bda5950a6027"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b613d4ab-6e96-428b-b853-bda5950a6027?source=api-prod","cve":"CVE-2026-24941","affectedVersions":"<=2.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/c309e32f-9b1a-453f-873c-cc9bd18bc115/wp-job-portal","title":"WP Job Portal <= 2.3.1 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"c309e32f-9b1a-453f-873c-cc9bd18bc115"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c309e32f-9b1a-453f-873c-cc9bd18bc115?source=api-prod","cve":"CVE-2025-47438","affectedVersions":"<=2.3.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/ca1d5275-3398-47a7-889b-4050ebe635ee/wp-job-portal","title":"WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-03 14:04:34","sources":[{"name":"Wordfence","remoteId":"ca1d5275-3398-47a7-889b-4050ebe635ee"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=api-prod","cve":"CVE-2024-7950","affectedVersions":"<=2.1.6","severity":"critical"},{"advisoryId":"WPSECADV/WF/d0aa1fad-1ff4-4bc5-a584-99b528470990/wp-job-portal","title":"WP Job Portal <= 2.0.6 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"d0aa1fad-1ff4-4bc5-a584-99b528470990"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0aa1fad-1ff4-4bc5-a584-99b528470990?source=api-prod","cve":"CVE-2023-52184","affectedVersions":"<=2.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/d19ac6fc-029f-4f19-913e-e082acecc594/wp-job-portal","title":"WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-02 19:25:08","sources":[{"name":"Wordfence","remoteId":"d19ac6fc-029f-4f19-913e-e082acecc594"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d19ac6fc-029f-4f19-913e-e082acecc594?source=api-prod","cve":"CVE-2024-12132","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d68d2144-96b9-482e-9791-c3506661596e/wp-job-portal","title":"WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"d68d2144-96b9-482e-9791-c3506661596e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d68d2144-96b9-482e-9791-c3506661596e?source=api-prod","cve":"CVE-2023-4490","affectedVersions":"<=2.0.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/e00e65ba-db58-4d13-8cb3-c4d62a2553fb/wp-job-portal","title":"WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"e00e65ba-db58-4d13-8cb3-c4d62a2553fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=api-prod","cve":"CVE-2024-13372","affectedVersions":"<=2.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9/wp-job-portal","title":"WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 10:39:46","sources":[{"name":"Wordfence","remoteId":"e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9?source=api-prod","cve":"CVE-2026-4758","affectedVersions":"<=2.4.9","severity":"high"},{"advisoryId":"WPSECADV/WF/ecc34552-c9b0-455f-b1c7-b31cc847cb22/wp-job-portal","title":"WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 10:12:47","sources":[{"name":"Wordfence","remoteId":"ecc34552-c9b0-455f-b1c7-b31cc847cb22"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc34552-c9b0-455f-b1c7-b31cc847cb22?source=api-prod","cve":"CVE-2026-4306","affectedVersions":"<=2.4.8","severity":"high"},{"advisoryId":"WPSECADV/WF/ecc87d5f-dba4-40f8-946f-f2634614b579/wp-job-portal","title":"WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecc87d5f-dba4-40f8-946f-f2634614b579"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc87d5f-dba4-40f8-946f-f2634614b579?source=api-prod","cve":"CVE-2024-11712","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f11ea6b2-1225-42a5-aa7b-260315d0bec5/wp-job-portal","title":"WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"f11ea6b2-1225-42a5-aa7b-260315d0bec5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5?source=api-prod","cve":"CVE-2023-28534","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/f66457a1-7406-46f9-9a14-4ce6d77c4b84/wp-job-portal","title":"WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f66457a1-7406-46f9-9a14-4ce6d77c4b84"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f66457a1-7406-46f9-9a14-4ce6d77c4b84?source=api-prod","cve":"CVE-2025-26935","affectedVersions":"<=2.2.8","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d706f73742d617574686f72811c9dc5_gen.json b/internal/data/assets/plugin_77702d706f73742d617574686f72811c9dc5_gen.json index 7c30d6a4..ebd70a05 100644 --- a/internal/data/assets/plugin_77702d706f73742d617574686f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d706f73742d617574686f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/034bb19b-1ee6-4ded-b907-a3f182745e67/wp-post-author","title":"WP Post Author <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"034bb19b-1ee6-4ded-b907-a3f182745e67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/034bb19b-1ee6-4ded-b907-a3f182745e67?source=api-prod","cve":"CVE-2024-37101","affectedVersions":"<=3.6.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/155e3de1-e115-4683-bb4d-a0c5667dc3d3/wp-post-author","title":"WP Post Author <= 3.2.3 - Privilege Escalation\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"155e3de1-e115-4683-bb4d-a0c5667dc3d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/155e3de1-e115-4683-bb4d-a0c5667dc3d3?source=api-prod","affectedVersions":"<=3.2.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9/wp-post-author","title":"WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"4a82a3b7-eb05-4f52-84b7-f1a97dddedf9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9?source=api-prod","cve":"CVE-2024-34387","affectedVersions":"<=3.6.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/935171a3-9db0-4b01-babb-fa0b3d8985f6/wp-post-author","title":"WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"935171a3-9db0-4b01-babb-fa0b3d8985f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/935171a3-9db0-4b01-babb-fa0b3d8985f6?source=api-prod","cve":"CVE-2024-56247","affectedVersions":"<=3.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d667bafc-5f19-4889-a988-236df050c013/wp-post-author","title":"Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-11 20:41:41","sources":[{"name":"Wordfence","remoteId":"d667bafc-5f19-4889-a988-236df050c013"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=api-prod","cve":"CVE-2024-8757","affectedVersions":"<=3.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/wp-post-author","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/df681544-f64b-4590-a377-08b05693ff1f/wp-post-author","title":"WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.7.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"df681544-f64b-4590-a377-08b05693ff1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/df681544-f64b-4590-a377-08b05693ff1f?source=api-prod","cve":"CVE-2024-34389","affectedVersions":"<=3.7.4","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/034bb19b-1ee6-4ded-b907-a3f182745e67/wp-post-author","title":"WP Post Author <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"034bb19b-1ee6-4ded-b907-a3f182745e67"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/034bb19b-1ee6-4ded-b907-a3f182745e67?source=api-prod","cve":"CVE-2024-37101","affectedVersions":"<=3.6.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/155e3de1-e115-4683-bb4d-a0c5667dc3d3/wp-post-author","title":"WP Post Author <= 3.2.3 - Privilege Escalation\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"155e3de1-e115-4683-bb4d-a0c5667dc3d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/155e3de1-e115-4683-bb4d-a0c5667dc3d3?source=api-prod","affectedVersions":"<=3.2.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9/wp-post-author","title":"WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"4a82a3b7-eb05-4f52-84b7-f1a97dddedf9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9?source=api-prod","cve":"CVE-2024-34387","affectedVersions":"<=3.6.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/7f3b7b5e-486b-447a-af65-b58d680b9870/wp-post-author","title":"WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars <= 3.9.1 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7f3b7b5e-486b-447a-af65-b58d680b9870"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3b7b5e-486b-447a-af65-b58d680b9870?source=api-prod","cve":"CVE-2026-57643","affectedVersions":"<=3.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/935171a3-9db0-4b01-babb-fa0b3d8985f6/wp-post-author","title":"WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"935171a3-9db0-4b01-babb-fa0b3d8985f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/935171a3-9db0-4b01-babb-fa0b3d8985f6?source=api-prod","cve":"CVE-2024-56247","affectedVersions":"<=3.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d667bafc-5f19-4889-a988-236df050c013/wp-post-author","title":"Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-11 20:41:41","sources":[{"name":"Wordfence","remoteId":"d667bafc-5f19-4889-a988-236df050c013"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=api-prod","cve":"CVE-2024-8757","affectedVersions":"<=3.8.1","severity":"high"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/wp-post-author","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/df681544-f64b-4590-a377-08b05693ff1f/wp-post-author","title":"WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.7.4 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"df681544-f64b-4590-a377-08b05693ff1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/df681544-f64b-4590-a377-08b05693ff1f?source=api-prod","cve":"CVE-2024-34389","affectedVersions":"<=3.7.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7770636f6d706c657465811c9dc5_gen.json b/internal/data/assets/plugin_7770636f6d706c657465811c9dc5_gen.json index bb83105d..ee3b3233 100644 --- a/internal/data/assets/plugin_7770636f6d706c657465811c9dc5_gen.json +++ b/internal/data/assets/plugin_7770636f6d706c657465811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0e3adbc2-fa45-4c35-a214-2b101e8c9748/wpcomplete","title":"WPComplete <= 2.9.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e3adbc2-fa45-4c35-a214-2b101e8c9748"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e3adbc2-fa45-4c35-a214-2b101e8c9748?source=api-prod","cve":"CVE-2022-45825","affectedVersions":"<2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/10029296-1cb8-47dd-a0f0-833a906e72b5/wpcomplete","title":"WPComplete <= 2.9.5.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"10029296-1cb8-47dd-a0f0-833a906e72b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10029296-1cb8-47dd-a0f0-833a906e72b5?source=api-prod","cve":"CVE-2025-49906","affectedVersions":"<=2.9.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/56104b40-2d8a-40c9-8e80-01a093e54424/wpcomplete","title":"WPComplete <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"56104b40-2d8a-40c9-8e80-01a093e54424"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56104b40-2d8a-40c9-8e80-01a093e54424?source=api-prod","cve":"CVE-2025-50046","affectedVersions":"<=2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a03e825f-bccf-4e1a-b3f5-86b0c6958b79/wpcomplete","title":"WPComplete <= 2.9.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a03e825f-bccf-4e1a-b3f5-86b0c6958b79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a03e825f-bccf-4e1a-b3f5-86b0c6958b79?source=api-prod","cve":"CVE-2025-58974","affectedVersions":"<=2.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b4c9b125-4cea-448b-8b31-c033857346b3/wpcomplete","title":"WPComplete <= 2.9.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4c9b125-4cea-448b-8b31-c033857346b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c9b125-4cea-448b-8b31-c033857346b3?source=api-prod","cve":"CVE-2026-42750","affectedVersions":"<=2.9.5.4","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0e3adbc2-fa45-4c35-a214-2b101e8c9748/wpcomplete","title":"WPComplete <= 2.9.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e3adbc2-fa45-4c35-a214-2b101e8c9748"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e3adbc2-fa45-4c35-a214-2b101e8c9748?source=api-prod","cve":"CVE-2022-45825","affectedVersions":"<2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/10029296-1cb8-47dd-a0f0-833a906e72b5/wpcomplete","title":"WPComplete <= 2.9.5.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"10029296-1cb8-47dd-a0f0-833a906e72b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10029296-1cb8-47dd-a0f0-833a906e72b5?source=api-prod","cve":"CVE-2025-49906","affectedVersions":"<=2.9.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/56104b40-2d8a-40c9-8e80-01a093e54424/wpcomplete","title":"WPComplete <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"56104b40-2d8a-40c9-8e80-01a093e54424"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56104b40-2d8a-40c9-8e80-01a093e54424?source=api-prod","cve":"CVE-2025-50046","affectedVersions":"<=2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a03e825f-bccf-4e1a-b3f5-86b0c6958b79/wpcomplete","title":"WPComplete <= 2.9.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"a03e825f-bccf-4e1a-b3f5-86b0c6958b79"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a03e825f-bccf-4e1a-b3f5-86b0c6958b79?source=api-prod","cve":"CVE-2025-58974","affectedVersions":"<=2.9.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/b4c9b125-4cea-448b-8b31-c033857346b3/wpcomplete","title":"WPComplete <= 2.9.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4c9b125-4cea-448b-8b31-c033857346b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c9b125-4cea-448b-8b31-c033857346b3?source=api-prod","cve":"CVE-2026-42750","affectedVersions":"<=2.9.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ca74b5b1-e4dd-4ca9-8716-b9d0f5adcc0d/wpcomplete","title":"WPComplete <= 2.9.5.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca74b5b1-e4dd-4ca9-8716-b9d0f5adcc0d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca74b5b1-e4dd-4ca9-8716-b9d0f5adcc0d?source=api-prod","cve":"CVE-2026-57661","affectedVersions":"<=2.9.5.5","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7770666f726f811c9dc5_gen.json b/internal/data/assets/plugin_7770666f726f811c9dc5_gen.json index d443fb76..e28e15b9 100644 --- a/internal/data/assets/plugin_7770666f726f811c9dc5_gen.json +++ b/internal/data/assets/plugin_7770666f726f811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01f4318f-b56b-4a34-987b-05edeee5da69/wpforo","title":"wpForo Forum <= 2.2.3 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"01f4318f-b56b-4a34-987b-05edeee5da69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01f4318f-b56b-4a34-987b-05edeee5da69?source=api-prod","cve":"CVE-2023-47868","affectedVersions":"<=2.2.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/049ffab1-677d-4112-9f1d-092ee01299f1/wpforo","title":"wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 14:05:14","sources":[{"name":"Wordfence","remoteId":"049ffab1-677d-4112-9f1d-092ee01299f1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/049ffab1-677d-4112-9f1d-092ee01299f1?source=api-prod","cve":"CVE-2026-4666","affectedVersions":"<=2.4.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/05b15f33-0f95-458f-8c21-16c0dd98c8bc/wpforo","title":"wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-09 12:30:57","sources":[{"name":"Wordfence","remoteId":"05b15f33-0f95-458f-8c21-16c0dd98c8bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/05b15f33-0f95-458f-8c21-16c0dd98c8bc?source=api-prod","cve":"CVE-2025-4406","affectedVersions":"<=2.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c/wpforo","title":"wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c?source=api-prod","cve":"CVE-2022-40200","affectedVersions":"<=2.0.9","severity":"high"},{"advisoryId":"WPSECADV/WF/0e46ac8d-89ee-4480-bb96-83f2044a4323/wpforo","title":"wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 18:51:03","sources":[{"name":"Wordfence","remoteId":"0e46ac8d-89ee-4480-bb96-83f2044a4323"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e46ac8d-89ee-4480-bb96-83f2044a4323?source=api-prod","cve":"CVE-2026-5809","affectedVersions":"<=3.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/15967a0f-2512-4418-b503-b9d53032d40f/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"15967a0f-2512-4418-b503-b9d53032d40f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/15967a0f-2512-4418-b503-b9d53032d40f?source=api-prod","cve":"CVE-2019-19111","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ce1a40f-1489-42be-963e-052274a56e47/wpforo","title":"wpForo Forum <= 2.0.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"2ce1a40f-1489-42be-963e-052274a56e47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce1a40f-1489-42be-963e-052274a56e47?source=api-prod","cve":"CVE-2022-38144","affectedVersions":"<=2.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3155f8ba-b50e-490c-81bd-4a63142f164b/wpforo","title":"wpForo Forum < 1.4.12 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"3155f8ba-b50e-490c-81bd-4a63142f164b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3155f8ba-b50e-490c-81bd-4a63142f164b?source=api-prod","cve":"CVE-2018-11709","affectedVersions":"<1.4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/35b6a26a-d7c1-4538-87f3-fcb1095797a3/wpforo","title":"wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"35b6a26a-d7c1-4538-87f3-fcb1095797a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35b6a26a-d7c1-4538-87f3-fcb1095797a3?source=api-prod","cve":"CVE-2023-2309","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bce40ee-c378-4a44-9c5d-d83151975309/wpforo","title":"wpForo Forum <= 2.2.8 - Cross-Site Request Forgery via logout()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bce40ee-c378-4a44-9c5d-d83151975309"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309?source=api-prod","cve":"CVE-2023-47870","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bee82d8-d019-450b-b532-5b3e2e3aff6f/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bee82d8-d019-450b-b532-5b3e2e3aff6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bee82d8-d019-450b-b532-5b3e2e3aff6f?source=api-prod","cve":"CVE-2019-19109","affectedVersions":"<=1.6.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3c833223-c8c9-413f-9d72-6fb13101459b/wpforo","title":"wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3c833223-c8c9-413f-9d72-6fb13101459b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c833223-c8c9-413f-9d72-6fb13101459b?source=api-prod","cve":"CVE-2026-0910","affectedVersions":"<=2.4.13","severity":"high"},{"advisoryId":"WPSECADV/WF/424cf586-f225-4ce3-9b66-b0bece394f1f/wpforo","title":"wpForo Forum <= 3.1.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"424cf586-f225-4ce3-9b66-b0bece394f1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/424cf586-f225-4ce3-9b66-b0bece394f1f?source=api-prod","cve":"CVE-2026-49767","affectedVersions":"<=3.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/44ba3eee-525e-46ba-ae02-6f7a28f80c50/wpforo","title":"wpForo < = 1.5.1 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"44ba3eee-525e-46ba-ae02-6f7a28f80c50"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44ba3eee-525e-46ba-ae02-6f7a28f80c50?source=api-prod","cve":"CVE-2018-16613","affectedVersions":"<=1.5.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/478d7c1e-35b9-4796-8ccd-eb02591a3a17/wpforo","title":"wpForo Forum <= 3.0.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"478d7c1e-35b9-4796-8ccd-eb02591a3a17"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/478d7c1e-35b9-4796-8ccd-eb02591a3a17?source=api-prod","cve":"CVE-2026-42682","affectedVersions":"<=3.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/4bb046c1-a0dd-4d2f-952f-953c5be0a7a2/wpforo","title":"wpForo Forum < 3.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"4bb046c1-a0dd-4d2f-952f-953c5be0a7a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4bb046c1-a0dd-4d2f-952f-953c5be0a7a2?source=api-prod","cve":"CVE-2026-40767","affectedVersions":"<3.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c447dbb-f8fb-4b46-9c47-20ab7330bbaa/wpforo","title":"wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c447dbb-f8fb-4b46-9c47-20ab7330bbaa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c447dbb-f8fb-4b46-9c47-20ab7330bbaa?source=api-prod","cve":"CVE-2026-1581","affectedVersions":"<=2.4.14","severity":"high"},{"advisoryId":"WPSECADV/WF/5607a60e-a04a-4d28-bb04-bdacf8e97c56/wpforo","title":"wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5607a60e-a04a-4d28-bb04-bdacf8e97c56"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56?source=api-prod","cve":"CVE-2023-47872","affectedVersions":"<=2.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/71078aaf-9803-4b46-bc94-dbcb43745629/wpforo","title":"wpForo Forum <= 2.2.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"71078aaf-9803-4b46-bc94-dbcb43745629"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629?source=api-prod","cve":"CVE-2023-47869","affectedVersions":"<=2.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/79cc102a-6777-41be-a395-8c2eeb6deb73/wpforo","title":"wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 05:51:32","sources":[{"name":"Wordfence","remoteId":"79cc102a-6777-41be-a395-8c2eeb6deb73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc102a-6777-41be-a395-8c2eeb6deb73?source=api-prod","cve":"CVE-2026-6248","affectedVersions":"<=3.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/800fa098-b29f-4979-b7bd-b1186a4dafcb/wpforo","title":"wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"800fa098-b29f-4979-b7bd-b1186a4dafcb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=api-prod","cve":"CVE-2023-2249","affectedVersions":"<=2.1.7","severity":"high"},{"advisoryId":"WPSECADV/WF/83cb1333-3c74-426d-9838-a5cb90be29b2/wpforo","title":"wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"83cb1333-3c74-426d-9838-a5cb90be29b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/83cb1333-3c74-426d-9838-a5cb90be29b2?source=api-prod","cve":"CVE-2022-38055","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/89a6aab0-e85b-4604-b911-03a01c5cca13/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"89a6aab0-e85b-4604-b911-03a01c5cca13"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/89a6aab0-e85b-4604-b911-03a01c5cca13?source=api-prod","cve":"CVE-2019-19112","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8cd8ffcb-0a24-4e0a-a9f9-23501742715f/wpforo","title":"wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cd8ffcb-0a24-4e0a-a9f9-23501742715f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=api-prod","cve":"CVE-2025-0764","affectedVersions":"<=2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/99650c4d-d8ef-4970-af65-b22b7fdf3543/wpforo","title":"wpForo Forum <= 2.3.4 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"99650c4d-d8ef-4970-af65-b22b7fdf3543"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99650c4d-d8ef-4970-af65-b22b7fdf3543?source=api-prod","cve":"CVE-2024-43289","affectedVersions":"<=2.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cac5c66-d366-4a67-b29b-4efed67ab55b/wpforo","title":"wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cac5c66-d366-4a67-b29b-4efed67ab55b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cac5c66-d366-4a67-b29b-4efed67ab55b?source=api-prod","cve":"CVE-2024-43288","affectedVersions":"<=2.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a313f4d0-fd9e-47f1-99eb-351a2aff9bea/wpforo","title":"wpForo Forum <= 2.0.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"a313f4d0-fd9e-47f1-99eb-351a2aff9bea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a313f4d0-fd9e-47f1-99eb-351a2aff9bea?source=api-prod","cve":"CVE-2022-40632","affectedVersions":"<=2.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/a3902a32-2bb9-44bb-9dbd-3887f0b5be81/wpforo","title":"wpForo Forum <= 3.1.0 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"a3902a32-2bb9-44bb-9dbd-3887f0b5be81"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3902a32-2bb9-44bb-9dbd-3887f0b5be81?source=api-prod","cve":"CVE-2026-49769","affectedVersions":"<=3.1.0","severity":"high"},{"advisoryId":"WPSECADV/WF/a82769ae-84b2-45e3-a637-c98e0c0e77a9/wpforo","title":"wpForo Forum <= 2.4.3 - Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"a82769ae-84b2-45e3-a637-c98e0c0e77a9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a82769ae-84b2-45e3-a637-c98e0c0e77a9?source=api-prod","cve":"CVE-2025-31420","affectedVersions":"<=2.4.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728/wpforo","title":"wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa1eaac2-a23b-4ef6-803a-15f7ec7e5728"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728?source=api-prod","cve":"CVE-2025-11740","affectedVersions":"<=2.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa830c67-2860-489f-aa67-c7cc74437709/wpforo","title":"wpForo Forum <= 2.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa830c67-2860-489f-aa67-c7cc74437709"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa830c67-2860-489f-aa67-c7cc74437709?source=api-prod","cve":"CVE-2025-58597","affectedVersions":"<=2.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/b3c65619-e96c-47e1-b42a-a85d0b5237d9/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3c65619-e96c-47e1-b42a-a85d0b5237d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c65619-e96c-47e1-b42a-a85d0b5237d9?source=api-prod","cve":"CVE-2019-19110","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc406e8a-c4eb-45c3-a53c-37644e0dabfa/wpforo","title":"wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc406e8a-c4eb-45c3-a53c-37644e0dabfa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc406e8a-c4eb-45c3-a53c-37644e0dabfa?source=api-prod","cve":"CVE-2025-4203","affectedVersions":"<=2.4.8","severity":"high"},{"advisoryId":"WPSECADV/WF/c6070ea5-3231-4a36-b154-400c86eaf31b/wpforo","title":"wpForo Forum <= 3.0.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6070ea5-3231-4a36-b154-400c86eaf31b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6070ea5-3231-4a36-b154-400c86eaf31b?source=api-prod","cve":"CVE-2026-40798","affectedVersions":"<=3.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/ca46ea28-3115-4db1-8aeb-cbef731b0376/wpforo","title":"wpForo Forum <= 2.0.9 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca46ea28-3115-4db1-8aeb-cbef731b0376"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca46ea28-3115-4db1-8aeb-cbef731b0376?source=api-prod","cve":"CVE-2022-40192","affectedVersions":"<=2.0.9","severity":"high"},{"advisoryId":"WPSECADV/WF/e35be8ee-81a3-42ce-8304-992bc75663fd/wpforo","title":"wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-26 09:52:00","sources":[{"name":"Wordfence","remoteId":"e35be8ee-81a3-42ce-8304-992bc75663fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e35be8ee-81a3-42ce-8304-992bc75663fd?source=api-prod","cve":"CVE-2022-40206","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebf84c6a-fd6c-4113-91ff-27c7564cabdb/wpforo","title":"wpForo Forum <= 1.9.6 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebf84c6a-fd6c-4113-91ff-27c7564cabdb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebf84c6a-fd6c-4113-91ff-27c7564cabdb?source=api-prod","cve":"CVE-2021-24406","affectedVersions":"<=1.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee78642c-ad2a-4012-94e8-e01f71863791/wpforo","title":"wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 09:03:00","sources":[{"name":"Wordfence","remoteId":"ee78642c-ad2a-4012-94e8-e01f71863791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee78642c-ad2a-4012-94e8-e01f71863791?source=api-prod","cve":"CVE-2022-40205","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/f215e320-8563-4d25-9963-ed3664b4901d/wpforo","title":"wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-03 22:11:24","sources":[{"name":"Wordfence","remoteId":"f215e320-8563-4d25-9963-ed3664b4901d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f215e320-8563-4d25-9963-ed3664b4901d?source=api-prod","cve":"CVE-2026-3666","affectedVersions":"<=2.4.16","severity":"high"},{"advisoryId":"WPSECADV/WF/f53700f8-9a9e-449c-8f7f-38724d74bd49/wpforo","title":"wpForo Forum <= 2.4.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f53700f8-9a9e-449c-8f7f-38724d74bd49"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f53700f8-9a9e-449c-8f7f-38724d74bd49?source=api-prod","cve":"CVE-2025-66070","affectedVersions":"<=2.4.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/f54cdad2-88db-4604-8064-fa6175176760/wpforo","title":"wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-31 19:39:04","sources":[{"name":"Wordfence","remoteId":"f54cdad2-88db-4604-8064-fa6175176760"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f54cdad2-88db-4604-8064-fa6175176760?source=api-prod","cve":"CVE-2024-3200","affectedVersions":"<=2.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/fd1704ef-e259-40a3-974b-128145bc8a4a/wpforo","title":"wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-13 16:20:06","sources":[{"name":"Wordfence","remoteId":"fd1704ef-e259-40a3-974b-128145bc8a4a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd1704ef-e259-40a3-974b-128145bc8a4a?source=api-prod","cve":"CVE-2025-13126","affectedVersions":"<=2.4.12","severity":"high"},{"advisoryId":"WPSECADV/WF/fea6ddd5-f168-471c-99eb-efc46d1bfeb9/wpforo","title":"wpForo Forum <= 1.4.12 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"fea6ddd5-f168-471c-99eb-efc46d1bfeb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fea6ddd5-f168-471c-99eb-efc46d1bfeb9?source=api-prod","cve":"CVE-2018-11515","affectedVersions":"<=1.4.12","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01f4318f-b56b-4a34-987b-05edeee5da69/wpforo","title":"wpForo Forum <= 2.2.3 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"01f4318f-b56b-4a34-987b-05edeee5da69"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01f4318f-b56b-4a34-987b-05edeee5da69?source=api-prod","cve":"CVE-2023-47868","affectedVersions":"<=2.2.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/049ffab1-677d-4112-9f1d-092ee01299f1/wpforo","title":"wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 14:05:14","sources":[{"name":"Wordfence","remoteId":"049ffab1-677d-4112-9f1d-092ee01299f1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/049ffab1-677d-4112-9f1d-092ee01299f1?source=api-prod","cve":"CVE-2026-4666","affectedVersions":"<=2.4.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/05b15f33-0f95-458f-8c21-16c0dd98c8bc/wpforo","title":"wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-09 12:30:57","sources":[{"name":"Wordfence","remoteId":"05b15f33-0f95-458f-8c21-16c0dd98c8bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/05b15f33-0f95-458f-8c21-16c0dd98c8bc?source=api-prod","cve":"CVE-2025-4406","affectedVersions":"<=2.4.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c/wpforo","title":"wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c?source=api-prod","cve":"CVE-2022-40200","affectedVersions":"<=2.0.9","severity":"high"},{"advisoryId":"WPSECADV/WF/0e46ac8d-89ee-4480-bb96-83f2044a4323/wpforo","title":"wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 18:51:03","sources":[{"name":"Wordfence","remoteId":"0e46ac8d-89ee-4480-bb96-83f2044a4323"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e46ac8d-89ee-4480-bb96-83f2044a4323?source=api-prod","cve":"CVE-2026-5809","affectedVersions":"<=3.0.2","severity":"high"},{"advisoryId":"WPSECADV/WF/15967a0f-2512-4418-b503-b9d53032d40f/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"15967a0f-2512-4418-b503-b9d53032d40f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/15967a0f-2512-4418-b503-b9d53032d40f?source=api-prod","cve":"CVE-2019-19111","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ce1a40f-1489-42be-963e-052274a56e47/wpforo","title":"wpForo Forum <= 2.0.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"2ce1a40f-1489-42be-963e-052274a56e47"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce1a40f-1489-42be-963e-052274a56e47?source=api-prod","cve":"CVE-2022-38144","affectedVersions":"<=2.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3155f8ba-b50e-490c-81bd-4a63142f164b/wpforo","title":"wpForo Forum < 1.4.12 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"3155f8ba-b50e-490c-81bd-4a63142f164b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3155f8ba-b50e-490c-81bd-4a63142f164b?source=api-prod","cve":"CVE-2018-11709","affectedVersions":"<1.4.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/34e7688d-af94-4ba4-96a5-8b1ebbde8214/wpforo","title":"wpForo Forum <= 3.0.9 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"34e7688d-af94-4ba4-96a5-8b1ebbde8214"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34e7688d-af94-4ba4-96a5-8b1ebbde8214?source=api-prod","cve":"CVE-2026-57636","affectedVersions":"<=3.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/35b6a26a-d7c1-4538-87f3-fcb1095797a3/wpforo","title":"wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"35b6a26a-d7c1-4538-87f3-fcb1095797a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35b6a26a-d7c1-4538-87f3-fcb1095797a3?source=api-prod","cve":"CVE-2023-2309","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bce40ee-c378-4a44-9c5d-d83151975309/wpforo","title":"wpForo Forum <= 2.2.8 - Cross-Site Request Forgery via logout()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bce40ee-c378-4a44-9c5d-d83151975309"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309?source=api-prod","cve":"CVE-2023-47870","affectedVersions":"<=2.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/3bee82d8-d019-450b-b532-5b3e2e3aff6f/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"3bee82d8-d019-450b-b532-5b3e2e3aff6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3bee82d8-d019-450b-b532-5b3e2e3aff6f?source=api-prod","cve":"CVE-2019-19109","affectedVersions":"<=1.6.5","severity":"high"},{"advisoryId":"WPSECADV/WF/3c833223-c8c9-413f-9d72-6fb13101459b/wpforo","title":"wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3c833223-c8c9-413f-9d72-6fb13101459b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c833223-c8c9-413f-9d72-6fb13101459b?source=api-prod","cve":"CVE-2026-0910","affectedVersions":"<=2.4.13","severity":"high"},{"advisoryId":"WPSECADV/WF/424cf586-f225-4ce3-9b66-b0bece394f1f/wpforo","title":"wpForo Forum <= 3.1.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"424cf586-f225-4ce3-9b66-b0bece394f1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/424cf586-f225-4ce3-9b66-b0bece394f1f?source=api-prod","cve":"CVE-2026-49767","affectedVersions":"<=3.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/44ba3eee-525e-46ba-ae02-6f7a28f80c50/wpforo","title":"wpForo < = 1.5.1 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"44ba3eee-525e-46ba-ae02-6f7a28f80c50"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44ba3eee-525e-46ba-ae02-6f7a28f80c50?source=api-prod","cve":"CVE-2018-16613","affectedVersions":"<=1.5.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/478d7c1e-35b9-4796-8ccd-eb02591a3a17/wpforo","title":"wpForo Forum <= 3.0.6 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"478d7c1e-35b9-4796-8ccd-eb02591a3a17"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/478d7c1e-35b9-4796-8ccd-eb02591a3a17?source=api-prod","cve":"CVE-2026-42682","affectedVersions":"<=3.0.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/4bb046c1-a0dd-4d2f-952f-953c5be0a7a2/wpforo","title":"wpForo Forum < 3.0.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"4bb046c1-a0dd-4d2f-952f-953c5be0a7a2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4bb046c1-a0dd-4d2f-952f-953c5be0a7a2?source=api-prod","cve":"CVE-2026-40767","affectedVersions":"<3.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c447dbb-f8fb-4b46-9c47-20ab7330bbaa/wpforo","title":"wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c447dbb-f8fb-4b46-9c47-20ab7330bbaa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c447dbb-f8fb-4b46-9c47-20ab7330bbaa?source=api-prod","cve":"CVE-2026-1581","affectedVersions":"<=2.4.14","severity":"high"},{"advisoryId":"WPSECADV/WF/5607a60e-a04a-4d28-bb04-bdacf8e97c56/wpforo","title":"wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"5607a60e-a04a-4d28-bb04-bdacf8e97c56"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56?source=api-prod","cve":"CVE-2023-47872","affectedVersions":"<=2.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/71078aaf-9803-4b46-bc94-dbcb43745629/wpforo","title":"wpForo Forum <= 2.2.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"71078aaf-9803-4b46-bc94-dbcb43745629"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629?source=api-prod","cve":"CVE-2023-47869","affectedVersions":"<=2.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/79cc102a-6777-41be-a395-8c2eeb6deb73/wpforo","title":"wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 05:51:32","sources":[{"name":"Wordfence","remoteId":"79cc102a-6777-41be-a395-8c2eeb6deb73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc102a-6777-41be-a395-8c2eeb6deb73?source=api-prod","cve":"CVE-2026-6248","affectedVersions":"<=3.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/800fa098-b29f-4979-b7bd-b1186a4dafcb/wpforo","title":"wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"800fa098-b29f-4979-b7bd-b1186a4dafcb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=api-prod","cve":"CVE-2023-2249","affectedVersions":"<=2.1.7","severity":"high"},{"advisoryId":"WPSECADV/WF/83cb1333-3c74-426d-9838-a5cb90be29b2/wpforo","title":"wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"83cb1333-3c74-426d-9838-a5cb90be29b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/83cb1333-3c74-426d-9838-a5cb90be29b2?source=api-prod","cve":"CVE-2022-38055","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/89a6aab0-e85b-4604-b911-03a01c5cca13/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"89a6aab0-e85b-4604-b911-03a01c5cca13"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/89a6aab0-e85b-4604-b911-03a01c5cca13?source=api-prod","cve":"CVE-2019-19112","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8cd8ffcb-0a24-4e0a-a9f9-23501742715f/wpforo","title":"wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"8cd8ffcb-0a24-4e0a-a9f9-23501742715f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=api-prod","cve":"CVE-2025-0764","affectedVersions":"<=2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/99650c4d-d8ef-4970-af65-b22b7fdf3543/wpforo","title":"wpForo Forum <= 2.3.4 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"99650c4d-d8ef-4970-af65-b22b7fdf3543"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99650c4d-d8ef-4970-af65-b22b7fdf3543?source=api-prod","cve":"CVE-2024-43289","affectedVersions":"<=2.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/9cac5c66-d366-4a67-b29b-4efed67ab55b/wpforo","title":"wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"9cac5c66-d366-4a67-b29b-4efed67ab55b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cac5c66-d366-4a67-b29b-4efed67ab55b?source=api-prod","cve":"CVE-2024-43288","affectedVersions":"<=2.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a313f4d0-fd9e-47f1-99eb-351a2aff9bea/wpforo","title":"wpForo Forum <= 2.0.5 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"a313f4d0-fd9e-47f1-99eb-351a2aff9bea"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a313f4d0-fd9e-47f1-99eb-351a2aff9bea?source=api-prod","cve":"CVE-2022-40632","affectedVersions":"<=2.0.5","severity":"high"},{"advisoryId":"WPSECADV/WF/a3902a32-2bb9-44bb-9dbd-3887f0b5be81/wpforo","title":"wpForo Forum <= 3.1.0 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"a3902a32-2bb9-44bb-9dbd-3887f0b5be81"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3902a32-2bb9-44bb-9dbd-3887f0b5be81?source=api-prod","cve":"CVE-2026-49769","affectedVersions":"<=3.1.0","severity":"high"},{"advisoryId":"WPSECADV/WF/a82769ae-84b2-45e3-a637-c98e0c0e77a9/wpforo","title":"wpForo Forum <= 2.4.3 - Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"a82769ae-84b2-45e3-a637-c98e0c0e77a9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a82769ae-84b2-45e3-a637-c98e0c0e77a9?source=api-prod","cve":"CVE-2025-31420","affectedVersions":"<=2.4.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728/wpforo","title":"wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-31 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa1eaac2-a23b-4ef6-803a-15f7ec7e5728"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728?source=api-prod","cve":"CVE-2025-11740","affectedVersions":"<=2.4.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa830c67-2860-489f-aa67-c7cc74437709/wpforo","title":"wpForo Forum <= 2.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"aa830c67-2860-489f-aa67-c7cc74437709"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa830c67-2860-489f-aa67-c7cc74437709?source=api-prod","cve":"CVE-2025-58597","affectedVersions":"<=2.4.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/b3c65619-e96c-47e1-b42a-a85d0b5237d9/wpforo","title":"wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3c65619-e96c-47e1-b42a-a85d0b5237d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c65619-e96c-47e1-b42a-a85d0b5237d9?source=api-prod","cve":"CVE-2019-19110","affectedVersions":"<=1.6.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc406e8a-c4eb-45c3-a53c-37644e0dabfa/wpforo","title":"wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc406e8a-c4eb-45c3-a53c-37644e0dabfa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc406e8a-c4eb-45c3-a53c-37644e0dabfa?source=api-prod","cve":"CVE-2025-4203","affectedVersions":"<=2.4.8","severity":"high"},{"advisoryId":"WPSECADV/WF/c6070ea5-3231-4a36-b154-400c86eaf31b/wpforo","title":"wpForo Forum <= 3.0.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c6070ea5-3231-4a36-b154-400c86eaf31b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6070ea5-3231-4a36-b154-400c86eaf31b?source=api-prod","cve":"CVE-2026-40798","affectedVersions":"<=3.0.4","severity":"high"},{"advisoryId":"WPSECADV/WF/ca46ea28-3115-4db1-8aeb-cbef731b0376/wpforo","title":"wpForo Forum <= 2.0.9 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca46ea28-3115-4db1-8aeb-cbef731b0376"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca46ea28-3115-4db1-8aeb-cbef731b0376?source=api-prod","cve":"CVE-2022-40192","affectedVersions":"<=2.0.9","severity":"high"},{"advisoryId":"WPSECADV/WF/e35be8ee-81a3-42ce-8304-992bc75663fd/wpforo","title":"wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-26 09:52:00","sources":[{"name":"Wordfence","remoteId":"e35be8ee-81a3-42ce-8304-992bc75663fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e35be8ee-81a3-42ce-8304-992bc75663fd?source=api-prod","cve":"CVE-2022-40206","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebf84c6a-fd6c-4113-91ff-27c7564cabdb/wpforo","title":"wpForo Forum <= 1.9.6 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebf84c6a-fd6c-4113-91ff-27c7564cabdb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebf84c6a-fd6c-4113-91ff-27c7564cabdb?source=api-prod","cve":"CVE-2021-24406","affectedVersions":"<=1.9.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee78642c-ad2a-4012-94e8-e01f71863791/wpforo","title":"wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 09:03:00","sources":[{"name":"Wordfence","remoteId":"ee78642c-ad2a-4012-94e8-e01f71863791"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee78642c-ad2a-4012-94e8-e01f71863791?source=api-prod","cve":"CVE-2022-40205","affectedVersions":"<=2.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/f215e320-8563-4d25-9963-ed3664b4901d/wpforo","title":"wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-03 22:11:24","sources":[{"name":"Wordfence","remoteId":"f215e320-8563-4d25-9963-ed3664b4901d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f215e320-8563-4d25-9963-ed3664b4901d?source=api-prod","cve":"CVE-2026-3666","affectedVersions":"<=2.4.16","severity":"high"},{"advisoryId":"WPSECADV/WF/f53700f8-9a9e-449c-8f7f-38724d74bd49/wpforo","title":"wpForo Forum <= 2.4.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"f53700f8-9a9e-449c-8f7f-38724d74bd49"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f53700f8-9a9e-449c-8f7f-38724d74bd49?source=api-prod","cve":"CVE-2025-66070","affectedVersions":"<=2.4.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/f54cdad2-88db-4604-8064-fa6175176760/wpforo","title":"wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-31 19:39:04","sources":[{"name":"Wordfence","remoteId":"f54cdad2-88db-4604-8064-fa6175176760"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f54cdad2-88db-4604-8064-fa6175176760?source=api-prod","cve":"CVE-2024-3200","affectedVersions":"<=2.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/fd1704ef-e259-40a3-974b-128145bc8a4a/wpforo","title":"wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-13 16:20:06","sources":[{"name":"Wordfence","remoteId":"fd1704ef-e259-40a3-974b-128145bc8a4a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd1704ef-e259-40a3-974b-128145bc8a4a?source=api-prod","cve":"CVE-2025-13126","affectedVersions":"<=2.4.12","severity":"high"},{"advisoryId":"WPSECADV/WF/fea6ddd5-f168-471c-99eb-efc46d1bfeb9/wpforo","title":"wpForo Forum <= 1.4.12 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"fea6ddd5-f168-471c-99eb-efc46d1bfeb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fea6ddd5-f168-471c-99eb-efc46d1bfeb9?source=api-prod","cve":"CVE-2018-11515","affectedVersions":"<=1.4.12","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7a69702d72656369706573811c9dc5_gen.json b/internal/data/assets/plugin_7a69702d72656369706573811c9dc5_gen.json index e4224878..565bd4ef 100644 --- a/internal/data/assets/plugin_7a69702d72656369706573811c9dc5_gen.json +++ b/internal/data/assets/plugin_7a69702d72656369706573811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6/zip-recipes","title":"Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6?source=api-prod","cve":"CVE-2023-52180","affectedVersions":"<8.1.1","severity":"high"},{"advisoryId":"WPSECADV/WF/727a0649-082f-46d0-8d6f-de53ee7fb18e/zip-recipes","title":"Zip Recipes <= 8.0.7 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"727a0649-082f-46d0-8d6f-de53ee7fb18e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/727a0649-082f-46d0-8d6f-de53ee7fb18e?source=api-prod","affectedVersions":"<8.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd7d3afd-6648-4ffb-85a9-cd5a6096963e/zip-recipes","title":"Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"dd7d3afd-6648-4ffb-85a9-cd5a6096963e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7d3afd-6648-4ffb-85a9-cd5a6096963e?source=api-prod","cve":"CVE-2023-31076","affectedVersions":"<8.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebd1483a-949d-4edb-9b86-007879d2d207/zip-recipes","title":"Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebd1483a-949d-4edb-9b86-007879d2d207"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd1483a-949d-4edb-9b86-007879d2d207?source=api-prod","cve":"CVE-2023-35089","affectedVersions":"<=8.0.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6/zip-recipes","title":"Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6?source=api-prod","cve":"CVE-2023-52180","affectedVersions":"<8.1.1","severity":"high"},{"advisoryId":"WPSECADV/WF/1aab38ba-ade7-48c9-ac7c-dff1237a9d89/zip-recipes","title":"Recipe Cards For Your Food Blog from Zip Recipes <= 8.2.7 - Authenticated (Contributor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"1aab38ba-ade7-48c9-ac7c-dff1237a9d89"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1aab38ba-ade7-48c9-ac7c-dff1237a9d89?source=api-prod","cve":"CVE-2026-57663","affectedVersions":"<=8.2.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/727a0649-082f-46d0-8d6f-de53ee7fb18e/zip-recipes","title":"Zip Recipes <= 8.0.7 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"727a0649-082f-46d0-8d6f-de53ee7fb18e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/727a0649-082f-46d0-8d6f-de53ee7fb18e?source=api-prod","affectedVersions":"<8.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd7d3afd-6648-4ffb-85a9-cd5a6096963e/zip-recipes","title":"Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"dd7d3afd-6648-4ffb-85a9-cd5a6096963e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7d3afd-6648-4ffb-85a9-cd5a6096963e?source=api-prod","cve":"CVE-2023-31076","affectedVersions":"<8.0.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebd1483a-949d-4edb-9b86-007879d2d207/zip-recipes","title":"Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebd1483a-949d-4edb-9b86-007879d2d207"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd1483a-949d-4edb-9b86-007879d2d207?source=api-prod","cve":"CVE-2023-35089","affectedVersions":"<=8.0.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/theme_6c697374696e6770726f811c9dc5_gen.json b/internal/data/assets/theme_6c697374696e6770726f811c9dc5_gen.json index 352e98b7..7afc1d77 100644 --- a/internal/data/assets/theme_6c697374696e6770726f811c9dc5_gen.json +++ b/internal/data/assets/theme_6c697374696e6770726f811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/108fc77a-b260-4bbf-a551-7593bbecc6e0/listingpro","title":"ListingPro <= 2.9.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"108fc77a-b260-4bbf-a551-7593bbecc6e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/108fc77a-b260-4bbf-a551-7593bbecc6e0?source=api-prod","cve":"CVE-2025-63039","affectedVersions":"<=2.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/19fbb332-f660-4572-82a3-c68e0bc7efcf/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.5.4 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"19fbb332-f660-4572-82a3-c68e0bc7efcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19fbb332-f660-4572-82a3-c68e0bc7efcf?source=api-prod","affectedVersions":"<2.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/4af4b971-7304-47c9-8d01-eae36e40c45c/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"4af4b971-7304-47c9-8d01-eae36e40c45c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4af4b971-7304-47c9-8d01-eae36e40c45c?source=api-prod","cve":"CVE-2019-19542","affectedVersions":"<=2.0.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/56808590-0226-4968-ba64-0965793a3511/listingpro","title":"ListingPro <= 2.9.4 - Authenticated (Subscriber+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"56808590-0226-4968-ba64-0965793a3511"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56808590-0226-4968-ba64-0965793a3511?source=api-prod","cve":"CVE-2024-39624","affectedVersions":"<=2.9.4","severity":"high"},{"advisoryId":"WPSECADV/WF/586a4d73-7d3e-4c1d-b369-76f804e555fd/listingpro","title":"ListingPro <= 2.9.4 - Cross-Site Request Forgery to Account Takeover\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"586a4d73-7d3e-4c1d-b369-76f804e555fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/586a4d73-7d3e-4c1d-b369-76f804e555fd?source=api-prod","cve":"CVE-2024-39623","affectedVersions":"<=2.9.4","severity":"high"},{"advisoryId":"WPSECADV/WF/76dc5fc0-adb9-401c-ab50-e0cb23a88fa3/listingpro","title":"ListingPro <= 2.9.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"76dc5fc0-adb9-401c-ab50-e0cb23a88fa3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76dc5fc0-adb9-401c-ab50-e0cb23a88fa3?source=api-prod","cve":"CVE-2024-39622","affectedVersions":"<=2.9.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/97bc8742-f47a-448d-9eb2-8f08c1cb1e07/listingpro","title":"ListingPro < 2.9.10 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"97bc8742-f47a-448d-9eb2-8f08c1cb1e07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97bc8742-f47a-448d-9eb2-8f08c1cb1e07?source=api-prod","cve":"CVE-2025-64377","affectedVersions":"<2.9.10","severity":"high"},{"advisoryId":"WPSECADV/WF/a08fa649-3092-4c26-a009-2dd576b9b1ac/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"a08fa649-3092-4c26-a009-2dd576b9b1ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=api-prod","cve":"CVE-2020-36719","affectedVersions":"<2.6.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/b9b21f8e-8d66-4d3e-a383-bea20a3c4498/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"b9b21f8e-8d66-4d3e-a383-bea20a3c4498"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=api-prod","cve":"CVE-2020-36723","affectedVersions":"<2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd78a017-46b8-4335-b81d-480d4d0bcec2/listingpro","title":"ListingPro < 2.9.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd78a017-46b8-4335-b81d-480d4d0bcec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd78a017-46b8-4335-b81d-480d4d0bcec2?source=api-prod","cve":"CVE-2025-64376","affectedVersions":"<2.9.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6c1ba13-9c1a-4ba8-b481-677bf0b1534b/listingpro","title":"ListingPro <= 2.9.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6c1ba13-9c1a-4ba8-b481-677bf0b1534b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6c1ba13-9c1a-4ba8-b481-677bf0b1534b?source=api-prod","cve":"CVE-2025-63047","affectedVersions":"<=2.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/ddb979b5-8fd6-41ed-a535-ad6646a14677/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"ddb979b5-8fd6-41ed-a535-ad6646a14677"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb979b5-8fd6-41ed-a535-ad6646a14677?source=api-prod","cve":"CVE-2019-19540","affectedVersions":"<2.0.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7ad57d0-375b-4a64-a61c-90b72052552f/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7ad57d0-375b-4a64-a61c-90b72052552f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ad57d0-375b-4a64-a61c-90b72052552f?source=api-prod","cve":"CVE-2019-19541","affectedVersions":"<=2.0.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebc65c11-184d-480a-959e-8b0a9d6c139d/listingpro","title":"ListingPro < 2.9.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebc65c11-184d-480a-959e-8b0a9d6c139d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebc65c11-184d-480a-959e-8b0a9d6c139d?source=api-prod","cve":"CVE-2025-64378","affectedVersions":"<2.9.10","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/108fc77a-b260-4bbf-a551-7593bbecc6e0/listingpro","title":"ListingPro <= 2.9.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"108fc77a-b260-4bbf-a551-7593bbecc6e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/108fc77a-b260-4bbf-a551-7593bbecc6e0?source=api-prod","cve":"CVE-2025-63039","affectedVersions":"<=2.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/19fbb332-f660-4572-82a3-c68e0bc7efcf/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.5.4 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-01-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"19fbb332-f660-4572-82a3-c68e0bc7efcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19fbb332-f660-4572-82a3-c68e0bc7efcf?source=api-prod","affectedVersions":"<2.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/4af4b971-7304-47c9-8d01-eae36e40c45c/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"4af4b971-7304-47c9-8d01-eae36e40c45c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4af4b971-7304-47c9-8d01-eae36e40c45c?source=api-prod","cve":"CVE-2019-19542","affectedVersions":"<=2.0.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/56808590-0226-4968-ba64-0965793a3511/listingpro","title":"ListingPro <= 2.9.4 - Authenticated (Subscriber+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"56808590-0226-4968-ba64-0965793a3511"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56808590-0226-4968-ba64-0965793a3511?source=api-prod","cve":"CVE-2024-39624","affectedVersions":"<=2.9.4","severity":"high"},{"advisoryId":"WPSECADV/WF/586a4d73-7d3e-4c1d-b369-76f804e555fd/listingpro","title":"ListingPro <= 2.9.4 - Cross-Site Request Forgery to Account Takeover\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"586a4d73-7d3e-4c1d-b369-76f804e555fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/586a4d73-7d3e-4c1d-b369-76f804e555fd?source=api-prod","cve":"CVE-2024-39623","affectedVersions":"<=2.9.4","severity":"high"},{"advisoryId":"WPSECADV/WF/757d8211-88d5-4187-9f82-79339ed70825/listingpro","title":"ListingPro - WordPress Directory & Listing Theme <= 2.9.11 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"757d8211-88d5-4187-9f82-79339ed70825"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/757d8211-88d5-4187-9f82-79339ed70825?source=api-prod","cve":"CVE-2026-56046","affectedVersions":"<=2.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/76dc5fc0-adb9-401c-ab50-e0cb23a88fa3/listingpro","title":"ListingPro <= 2.9.4 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"76dc5fc0-adb9-401c-ab50-e0cb23a88fa3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76dc5fc0-adb9-401c-ab50-e0cb23a88fa3?source=api-prod","cve":"CVE-2024-39622","affectedVersions":"<=2.9.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/97bc8742-f47a-448d-9eb2-8f08c1cb1e07/listingpro","title":"ListingPro < 2.9.10 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"97bc8742-f47a-448d-9eb2-8f08c1cb1e07"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97bc8742-f47a-448d-9eb2-8f08c1cb1e07?source=api-prod","cve":"CVE-2025-64377","affectedVersions":"<2.9.10","severity":"high"},{"advisoryId":"WPSECADV/WF/a08fa649-3092-4c26-a009-2dd576b9b1ac/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"a08fa649-3092-4c26-a009-2dd576b9b1ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=api-prod","cve":"CVE-2020-36719","affectedVersions":"<2.6.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/b9b21f8e-8d66-4d3e-a383-bea20a3c4498/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"b9b21f8e-8d66-4d3e-a383-bea20a3c4498"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=api-prod","cve":"CVE-2020-36723","affectedVersions":"<2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/cd78a017-46b8-4335-b81d-480d4d0bcec2/listingpro","title":"ListingPro < 2.9.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"cd78a017-46b8-4335-b81d-480d4d0bcec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd78a017-46b8-4335-b81d-480d4d0bcec2?source=api-prod","cve":"CVE-2025-64376","affectedVersions":"<2.9.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6c1ba13-9c1a-4ba8-b481-677bf0b1534b/listingpro","title":"ListingPro <= 2.9.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6c1ba13-9c1a-4ba8-b481-677bf0b1534b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6c1ba13-9c1a-4ba8-b481-677bf0b1534b?source=api-prod","cve":"CVE-2025-63047","affectedVersions":"<=2.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/ddb979b5-8fd6-41ed-a535-ad6646a14677/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"ddb979b5-8fd6-41ed-a535-ad6646a14677"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb979b5-8fd6-41ed-a535-ad6646a14677?source=api-prod","cve":"CVE-2019-19540","affectedVersions":"<2.0.14.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e7ad57d0-375b-4a64-a61c-90b72052552f/listingpro","title":"ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e7ad57d0-375b-4a64-a61c-90b72052552f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ad57d0-375b-4a64-a61c-90b72052552f?source=api-prod","cve":"CVE-2019-19541","affectedVersions":"<=2.0.14.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/ebc65c11-184d-480a-959e-8b0a9d6c139d/listingpro","title":"ListingPro < 2.9.10 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"ebc65c11-184d-480a-959e-8b0a9d6c139d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ebc65c11-184d-480a-959e-8b0a9d6c139d?source=api-prod","cve":"CVE-2025-64378","affectedVersions":"<2.9.10","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/theme_7265616c6573746174652d37811c9dc5_gen.json b/internal/data/assets/theme_7265616c6573746174652d37811c9dc5_gen.json index 1caabf0d..cdd96d3c 100644 --- a/internal/data/assets/theme_7265616c6573746174652d37811c9dc5_gen.json +++ b/internal/data/assets/theme_7265616c6573746174652d37811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/007af51b-95b5-4b12-9f74-abf31f6de341/realestate-7","title":"Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"007af51b-95b5-4b12-9f74-abf31f6de341"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/157b3095-b662-465e-a975-5b71b5d4ba2a/realestate-7","title":"Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"157b3095-b662-465e-a975-5b71b5d4ba2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/185f9dc4-39e6-422a-97e2-7e8814ccf64a/realestate-7","title":"Real Estate 7 <= 3.0.3 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-07-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"185f9dc4-39e6-422a-97e2-7e8814ccf64a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/185f9dc4-39e6-422a-97e2-7e8814ccf64a?source=api-prod","affectedVersions":"<=3.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3debeffa-5cc3-4d13-aed8-72753a62d8fc/realestate-7","title":"Real Estate 7 WordPress <= 3.5.9 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"3debeffa-5cc3-4d13-aed8-72753a62d8fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3debeffa-5cc3-4d13-aed8-72753a62d8fc?source=api-prod","cve":"CVE-2026-54827","affectedVersions":"<=3.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/4ed50ad7-a31b-488e-85fc-ff521488f62a/realestate-7","title":"Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ed50ad7-a31b-488e-85fc-ff521488f62a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed50ad7-a31b-488e-85fc-ff521488f62a?source=api-prod","affectedVersions":"<2.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5778ba3d-6670-47ad-ae65-50b6fb8e5db0/realestate-7","title":"Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"5778ba3d-6670-47ad-ae65-50b6fb8e5db0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5778ba3d-6670-47ad-ae65-50b6fb8e5db0?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c83457d-ba06-43c5-acdd-77dbfb0d4af4/realestate-7","title":"WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-31 19:22:57","sources":[{"name":"Wordfence","remoteId":"5c83457d-ba06-43c5-acdd-77dbfb0d4af4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=api-prod","cve":"CVE-2025-2891","affectedVersions":"<=3.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/952aec28-a380-4c6d-8391-b21cddf90a5c/realestate-7","title":"Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"952aec28-a380-4c6d-8391-b21cddf90a5c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c?source=api-prod","cve":"CVE-2022-47146","affectedVersions":"<=3.3.1","severity":"high"},{"advisoryId":"WPSECADV/WF/97c24208-46b2-48a0-a87b-78e642c044cd/realestate-7","title":"WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"97c24208-46b2-48a0-a87b-78e642c044cd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97c24208-46b2-48a0-a87b-78e642c044cd?source=api-prod","cve":"CVE-2021-24387","affectedVersions":"<3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a50b3304-d55b-487a-8137-d5083c704cf4/realestate-7","title":"Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"a50b3304-d55b-487a-8137-d5083c704cf4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=api-prod","cve":"CVE-2024-13421","affectedVersions":"<=3.5.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/d5ecb52e-6bf0-4168-b0d7-6972d23c9122/realestate-7","title":"Real Estate 7 WordPress < 2.9.5 - Multiple Vulnerabilities\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-01-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5ecb52e-6bf0-4168-b0d7-6972d23c9122"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ecb52e-6bf0-4168-b0d7-6972d23c9122?source=api-prod","affectedVersions":"<2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e52914cc-da0c-4b79-b378-4ef63e7974bb/realestate-7","title":"Real Estate 7 WordPress < 3.0.6 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e52914cc-da0c-4b79-b378-4ef63e7974bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e52914cc-da0c-4b79-b378-4ef63e7974bb?source=api-prod","affectedVersions":"<=3.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/eb58dd93-3789-46c6-bfca-7866427e077d/realestate-7","title":"Real Estate 7 <= 3.5.2 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"eb58dd93-3789-46c6-bfca-7866427e077d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb58dd93-3789-46c6-bfca-7866427e077d?source=api-prod","cve":"CVE-2025-39459","affectedVersions":"<=3.5.2","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/007af51b-95b5-4b12-9f74-abf31f6de341/realestate-7","title":"Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"007af51b-95b5-4b12-9f74-abf31f6de341"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/157b3095-b662-465e-a975-5b71b5d4ba2a/realestate-7","title":"Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"157b3095-b662-465e-a975-5b71b5d4ba2a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/185f9dc4-39e6-422a-97e2-7e8814ccf64a/realestate-7","title":"Real Estate 7 <= 3.0.3 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-07-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"185f9dc4-39e6-422a-97e2-7e8814ccf64a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/185f9dc4-39e6-422a-97e2-7e8814ccf64a?source=api-prod","affectedVersions":"<=3.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3debeffa-5cc3-4d13-aed8-72753a62d8fc/realestate-7","title":"Real Estate 7 WordPress <= 3.5.9 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"3debeffa-5cc3-4d13-aed8-72753a62d8fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3debeffa-5cc3-4d13-aed8-72753a62d8fc?source=api-prod","cve":"CVE-2026-54827","affectedVersions":"<=3.5.9","severity":"high"},{"advisoryId":"WPSECADV/WF/4ed50ad7-a31b-488e-85fc-ff521488f62a/realestate-7","title":"Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ed50ad7-a31b-488e-85fc-ff521488f62a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed50ad7-a31b-488e-85fc-ff521488f62a?source=api-prod","affectedVersions":"<2.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5778ba3d-6670-47ad-ae65-50b6fb8e5db0/realestate-7","title":"Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"5778ba3d-6670-47ad-ae65-50b6fb8e5db0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5778ba3d-6670-47ad-ae65-50b6fb8e5db0?source=api-prod","affectedVersions":"<=3.3.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5c83457d-ba06-43c5-acdd-77dbfb0d4af4/realestate-7","title":"WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-31 19:22:57","sources":[{"name":"Wordfence","remoteId":"5c83457d-ba06-43c5-acdd-77dbfb0d4af4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=api-prod","cve":"CVE-2025-2891","affectedVersions":"<=3.5.4","severity":"high"},{"advisoryId":"WPSECADV/WF/7699f741-b743-4fe7-9acb-d81d4da711ce/realestate-7","title":"Real Estate 7 WordPress <= 3.5.9 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7699f741-b743-4fe7-9acb-d81d4da711ce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7699f741-b743-4fe7-9acb-d81d4da711ce?source=api-prod","cve":"CVE-2026-57641","affectedVersions":"<=3.5.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/952aec28-a380-4c6d-8391-b21cddf90a5c/realestate-7","title":"Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"952aec28-a380-4c6d-8391-b21cddf90a5c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c?source=api-prod","cve":"CVE-2022-47146","affectedVersions":"<=3.3.1","severity":"high"},{"advisoryId":"WPSECADV/WF/97c24208-46b2-48a0-a87b-78e642c044cd/realestate-7","title":"WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"97c24208-46b2-48a0-a87b-78e642c044cd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/97c24208-46b2-48a0-a87b-78e642c044cd?source=api-prod","cve":"CVE-2021-24387","affectedVersions":"<3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/a50b3304-d55b-487a-8137-d5083c704cf4/realestate-7","title":"Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-02-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"a50b3304-d55b-487a-8137-d5083c704cf4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=api-prod","cve":"CVE-2024-13421","affectedVersions":"<=3.5.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/d5ecb52e-6bf0-4168-b0d7-6972d23c9122/realestate-7","title":"Real Estate 7 WordPress < 2.9.5 - Multiple Vulnerabilities\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-01-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5ecb52e-6bf0-4168-b0d7-6972d23c9122"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ecb52e-6bf0-4168-b0d7-6972d23c9122?source=api-prod","affectedVersions":"<2.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/e52914cc-da0c-4b79-b378-4ef63e7974bb/realestate-7","title":"Real Estate 7 WordPress < 3.0.6 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"e52914cc-da0c-4b79-b378-4ef63e7974bb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e52914cc-da0c-4b79-b378-4ef63e7974bb?source=api-prod","affectedVersions":"<=3.0.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/eb58dd93-3789-46c6-bfca-7866427e077d/realestate-7","title":"Real Estate 7 <= 3.5.2 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"eb58dd93-3789-46c6-bfca-7866427e077d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb58dd93-3789-46c6-bfca-7866427e077d?source=api-prod","cve":"CVE-2025-39459","affectedVersions":"<=3.5.2","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/theme_73706c617368811c9dc5_gen.json b/internal/data/assets/theme_73706c617368811c9dc5_gen.json new file mode 100644 index 00000000..5955c96f --- /dev/null +++ b/internal/data/assets/theme_73706c617368811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/d2de0442-2a2b-402c-abb9-5f49e172d0c3/splash","title":"Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d2de0442-2a2b-402c-abb9-5f49e172d0c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d2de0442-2a2b-402c-abb9-5f49e172d0c3?source=api-prod","cve":"CVE-2025-68063","affectedVersions":"<=4.4.3","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/theme_7765726b7374617474811c9dc5_gen.json b/internal/data/assets/theme_7765726b7374617474811c9dc5_gen.json index 597826d0..033f2f92 100644 --- a/internal/data/assets/theme_7765726b7374617474811c9dc5_gen.json +++ b/internal/data/assets/theme_7765726b7374617474811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1ac1c9f7-3f8f-41d3-af53-f0ee0466e383/werkstatt","title":"Werkstatt < 4.8.3 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ac1c9f7-3f8f-41d3-af53-f0ee0466e383"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac1c9f7-3f8f-41d3-af53-f0ee0466e383?source=api-prod","cve":"CVE-2025-69314","affectedVersions":"<4.8.3","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1ac1c9f7-3f8f-41d3-af53-f0ee0466e383/werkstatt","title":"Werkstatt < 4.8.3 - Unauthenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"1ac1c9f7-3f8f-41d3-af53-f0ee0466e383"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac1c9f7-3f8f-41d3-af53-f0ee0466e383?source=api-prod","cve":"CVE-2025-69314","affectedVersions":"<4.8.3","severity":"high"},{"advisoryId":"WPSECADV/WF/2d66d939-7679-4831-9bce-104b71e997a8/werkstatt","title":"Werkstatt - Creative Portfolio WordPress Theme <= 4.7.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d66d939-7679-4831-9bce-104b71e997a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d66d939-7679-4831-9bce-104b71e997a8?source=api-prod","cve":"CVE-2026-57690","affectedVersions":"<=4.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9b27cf00-bc1f-4c91-b5ee-debba9f361ed/werkstatt","title":"Werkstatt - Creative Portfolio WordPress Theme <= 4.7.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"9b27cf00-bc1f-4c91-b5ee-debba9f361ed"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9b27cf00-bc1f-4c91-b5ee-debba9f361ed?source=api-prod","cve":"CVE-2026-57689","affectedVersions":"<=4.7.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/theme_776f6666696365811c9dc5_gen.json b/internal/data/assets/theme_776f6666696365811c9dc5_gen.json index 5bac791e..e7249ffa 100644 --- a/internal/data/assets/theme_776f6666696365811c9dc5_gen.json +++ b/internal/data/assets/theme_776f6666696365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/02d6e9c3-f040-4a41-a803-4bbe5f86c29b/woffice","title":"Woffice <= 5.4.10 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"02d6e9c3-f040-4a41-a803-4bbe5f86c29b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02d6e9c3-f040-4a41-a803-4bbe5f86c29b?source=api-prod","cve":"CVE-2024-43153","affectedVersions":"<=5.4.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/3a7aac7d-225f-45d5-86ac-183c56e76326/woffice","title":"Woffice <= 5.4.30 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3a7aac7d-225f-45d5-86ac-183c56e76326"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3a7aac7d-225f-45d5-86ac-183c56e76326?source=api-prod","cve":"CVE-2025-67918","affectedVersions":"<=5.4.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c64089a-929c-4a36-8aa8-61a5c9e8562b/woffice","title":"Woffice <= 5.4.14 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c64089a-929c-4a36-8aa8-61a5c9e8562b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c64089a-929c-4a36-8aa8-61a5c9e8562b?source=api-prod","cve":"CVE-2024-43234","affectedVersions":"<=5.4.14","severity":"critical"},{"advisoryId":"WPSECADV/WF/6dd6169b-bc94-4642-8975-2e96bc01576f/woffice","title":"Woffice <= 5.4.21 - Authentication Bypass via Registration Role\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6dd6169b-bc94-4642-8975-2e96bc01576f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=api-prod","cve":"CVE-2025-2798","affectedVersions":"<=5.4.21","severity":"critical"},{"advisoryId":"WPSECADV/WF/eaf17a09-3e35-4df8-acb9-7829942597c6/woffice","title":"Woffice CRM <= 4.0.1 - Authorization Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-08-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"eaf17a09-3e35-4df8-acb9-7829942597c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf17a09-3e35-4df8-acb9-7829942597c6?source=api-prod","affectedVersions":"<=4.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/fa05a758-56a0-49e0-868f-a5db27d877a8/woffice","title":"Woffice <= 5.4.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fa05a758-56a0-49e0-868f-a5db27d877a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa05a758-56a0-49e0-868f-a5db27d877a8?source=api-prod","cve":"CVE-2024-37472","affectedVersions":"<=5.4.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/02d6e9c3-f040-4a41-a803-4bbe5f86c29b/woffice","title":"Woffice <= 5.4.10 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"02d6e9c3-f040-4a41-a803-4bbe5f86c29b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02d6e9c3-f040-4a41-a803-4bbe5f86c29b?source=api-prod","cve":"CVE-2024-43153","affectedVersions":"<=5.4.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/18f7664b-6e2b-4422-8d6e-5bc4e6611069/woffice","title":"Woffice CRM <= 5.4.31 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"18f7664b-6e2b-4422-8d6e-5bc4e6611069"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18f7664b-6e2b-4422-8d6e-5bc4e6611069?source=api-prod","cve":"CVE-2026-27435","affectedVersions":"<=5.4.31","severity":"medium"},{"advisoryId":"WPSECADV/WF/3a7aac7d-225f-45d5-86ac-183c56e76326/woffice","title":"Woffice <= 5.4.30 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"3a7aac7d-225f-45d5-86ac-183c56e76326"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3a7aac7d-225f-45d5-86ac-183c56e76326?source=api-prod","cve":"CVE-2025-67918","affectedVersions":"<=5.4.30","severity":"medium"},{"advisoryId":"WPSECADV/WF/4c64089a-929c-4a36-8aa8-61a5c9e8562b/woffice","title":"Woffice <= 5.4.14 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"4c64089a-929c-4a36-8aa8-61a5c9e8562b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4c64089a-929c-4a36-8aa8-61a5c9e8562b?source=api-prod","cve":"CVE-2024-43234","affectedVersions":"<=5.4.14","severity":"critical"},{"advisoryId":"WPSECADV/WF/6dd6169b-bc94-4642-8975-2e96bc01576f/woffice","title":"Woffice <= 5.4.21 - Authentication Bypass via Registration Role\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6dd6169b-bc94-4642-8975-2e96bc01576f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=api-prod","cve":"CVE-2025-2798","affectedVersions":"<=5.4.21","severity":"critical"},{"advisoryId":"WPSECADV/WF/eaf17a09-3e35-4df8-acb9-7829942597c6/woffice","title":"Woffice CRM <= 4.0.1 - Authorization Bypass\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-08-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"eaf17a09-3e35-4df8-acb9-7829942597c6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf17a09-3e35-4df8-acb9-7829942597c6?source=api-prod","affectedVersions":"<=4.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/fa05a758-56a0-49e0-868f-a5db27d877a8/woffice","title":"Woffice <= 5.4.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fa05a758-56a0-49e0-868f-a5db27d877a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa05a758-56a0-49e0-868f-a5db27d877a8?source=api-prod","cve":"CVE-2024-37472","affectedVersions":"<=5.4.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/theme_776f6f646d617274811c9dc5_gen.json b/internal/data/assets/theme_776f6f646d617274811c9dc5_gen.json index 65766a73..87a03df7 100644 --- a/internal/data/assets/theme_776f6f646d617274811c9dc5_gen.json +++ b/internal/data/assets/theme_776f6f646d617274811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/02fde6b1-d709-4329-ae9c-fea444c1aec8/woodmart","title":"Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"02fde6b1-d709-4329-ae9c-fea444c1aec8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8?source=api-prod","cve":"CVE-2023-32500","affectedVersions":"<=7.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4/woodmart","title":"WoodMart <= 7.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e0e0c15-caf6-4166-a365-a2a73cd9ebc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4?source=api-prod","cve":"CVE-2023-32240","affectedVersions":"<=7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/156581cb-f3d8-4253-af4d-cdc59b95d763/woodmart","title":"WoodMart <= 8.3.9 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"156581cb-f3d8-4253-af4d-cdc59b95d763"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/156581cb-f3d8-4253-af4d-cdc59b95d763?source=api-prod","cve":"CVE-2026-32405","affectedVersions":"<=8.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/1caa8baa-0783-4bc9-af03-46a3a2cf3538/woodmart","title":"WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"1caa8baa-0783-4bc9-af03-46a3a2cf3538"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538?source=api-prod","cve":"CVE-2024-12333","affectedVersions":"<=8.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3408895e-3418-4f70-8b7c-76f6ba899d11/woodmart","title":"WoodMart <= 8.2.5 - Unauthenticated Post Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3408895e-3418-4f70-8b7c-76f6ba899d11"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11?source=api-prod","cve":"CVE-2025-6745","affectedVersions":"<=8.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f84f31-5aeb-4f6f-9e10-33e365f6f2c8/woodmart","title":"WoodMart <= 8.3.7 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f84f31-5aeb-4f6f-9e10-33e365f6f2c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f84f31-5aeb-4f6f-9e10-33e365f6f2c8?source=api-prod","cve":"CVE-2025-47600","affectedVersions":"<=8.3.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b881509-572b-4e2d-9e75-defaa2cc32dc/woodmart","title":"WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 17:26:26","sources":[{"name":"Wordfence","remoteId":"4b881509-572b-4e2d-9e75-defaa2cc32dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc?source=api-prod","cve":"CVE-2025-6743","affectedVersions":"<=8.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d/woodmart","title":"WoodMart < 8.3.2 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d?source=api-prod","cve":"CVE-2025-49935","affectedVersions":"<8.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6fc92b8f-6794-461a-b6b6-598de21f5e2d/woodmart","title":"WoodMart <= 7.2.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"6fc92b8f-6794-461a-b6b6-598de21f5e2d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d?source=api-prod","cve":"CVE-2023-41872","affectedVersions":"<=7.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/73017e92-d95e-4b9c-a44a-779b498f58b7/woodmart","title":"WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"73017e92-d95e-4b9c-a44a-779b498f58b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7?source=api-prod","cve":"CVE-2023-25790","affectedVersions":"<=7.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8923d9c9-7af6-4109-9c39-b5faee57f8e1/woodmart","title":"Woodmart <= 8.3.8 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"8923d9c9-7af6-4109-9c39-b5faee57f8e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8923d9c9-7af6-4109-9c39-b5faee57f8e1?source=api-prod","cve":"CVE-2026-23971","affectedVersions":"<=8.3.8","severity":"high"},{"advisoryId":"WPSECADV/WF/98c1363e-b25d-46fc-b6bf-0285a37f748c/woodmart","title":"WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 17:24:44","sources":[{"name":"Wordfence","remoteId":"98c1363e-b25d-46fc-b6bf-0285a37f748c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c?source=api-prod","cve":"CVE-2025-6746","affectedVersions":"<=8.2.3","severity":"high"},{"advisoryId":"WPSECADV/WF/b030aa28-5310-4f69-8b86-7e0b0bae741b/woodmart","title":"WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"b030aa28-5310-4f69-8b86-7e0b0bae741b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b?source=api-prod","cve":"CVE-2025-8097","affectedVersions":"<=8.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/cb1db880-0942-4fac-a548-8b6a28dce8c0/woodmart","title":"Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"cb1db880-0942-4fac-a548-8b6a28dce8c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0?source=api-prod","cve":"CVE-2023-25790","affectedVersions":"<=7.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d9906492-971c-48c3-adb4-e408a7550fff/woodmart","title":"WoodMart < 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9906492-971c-48c3-adb4-e408a7550fff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9906492-971c-48c3-adb4-e408a7550fff?source=api-prod","cve":"CVE-2025-49936","affectedVersions":"<8.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd056d29-3bd9-49e4-bcc4-fa487de8a27e/woodmart","title":"Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"dd056d29-3bd9-49e4-bcc4-fa487de8a27e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e?source=api-prod","cve":"CVE-2025-6744","affectedVersions":"<=8.2.3","severity":"high"},{"advisoryId":"WPSECADV/WF/f9a60c4e-a524-4a99-858a-14787f37d60c/woodmart","title":"WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9a60c4e-a524-4a99-858a-14787f37d60c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a60c4e-a524-4a99-858a-14787f37d60c?source=api-prod","cve":"CVE-2023-32239","affectedVersions":"<=7.2.1","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/02fde6b1-d709-4329-ae9c-fea444c1aec8/woodmart","title":"Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"02fde6b1-d709-4329-ae9c-fea444c1aec8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8?source=api-prod","cve":"CVE-2023-32500","affectedVersions":"<=7.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4/woodmart","title":"WoodMart <= 7.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"0e0e0c15-caf6-4166-a365-a2a73cd9ebc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4?source=api-prod","cve":"CVE-2023-32240","affectedVersions":"<=7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/156581cb-f3d8-4253-af4d-cdc59b95d763/woodmart","title":"WoodMart <= 8.3.9 - Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"156581cb-f3d8-4253-af4d-cdc59b95d763"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/156581cb-f3d8-4253-af4d-cdc59b95d763?source=api-prod","cve":"CVE-2026-32405","affectedVersions":"<=8.3.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/1caa8baa-0783-4bc9-af03-46a3a2cf3538/woodmart","title":"WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"1caa8baa-0783-4bc9-af03-46a3a2cf3538"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538?source=api-prod","cve":"CVE-2024-12333","affectedVersions":"<=8.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/3408895e-3418-4f70-8b7c-76f6ba899d11/woodmart","title":"WoodMart <= 8.2.5 - Unauthenticated Post Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"3408895e-3418-4f70-8b7c-76f6ba899d11"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11?source=api-prod","cve":"CVE-2025-6745","affectedVersions":"<=8.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/38f84f31-5aeb-4f6f-9e10-33e365f6f2c8/woodmart","title":"WoodMart <= 8.3.7 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"38f84f31-5aeb-4f6f-9e10-33e365f6f2c8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f84f31-5aeb-4f6f-9e10-33e365f6f2c8?source=api-prod","cve":"CVE-2025-47600","affectedVersions":"<=8.3.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/4b881509-572b-4e2d-9e75-defaa2cc32dc/woodmart","title":"WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 17:26:26","sources":[{"name":"Wordfence","remoteId":"4b881509-572b-4e2d-9e75-defaa2cc32dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc?source=api-prod","cve":"CVE-2025-6743","affectedVersions":"<=8.2.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d/woodmart","title":"WoodMart < 8.3.2 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ccc2f0c-07d5-45a5-86ec-1e6b6c5a316d?source=api-prod","cve":"CVE-2025-49935","affectedVersions":"<8.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6fc92b8f-6794-461a-b6b6-598de21f5e2d/woodmart","title":"WoodMart <= 7.2.4 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"6fc92b8f-6794-461a-b6b6-598de21f5e2d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d?source=api-prod","cve":"CVE-2023-41872","affectedVersions":"<=7.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/73017e92-d95e-4b9c-a44a-779b498f58b7/woodmart","title":"WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"73017e92-d95e-4b9c-a44a-779b498f58b7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7?source=api-prod","cve":"CVE-2023-25790","affectedVersions":"<=7.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8923d9c9-7af6-4109-9c39-b5faee57f8e1/woodmart","title":"Woodmart <= 8.3.8 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"8923d9c9-7af6-4109-9c39-b5faee57f8e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8923d9c9-7af6-4109-9c39-b5faee57f8e1?source=api-prod","cve":"CVE-2026-23971","affectedVersions":"<=8.3.8","severity":"high"},{"advisoryId":"WPSECADV/WF/98c1363e-b25d-46fc-b6bf-0285a37f748c/woodmart","title":"WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 17:24:44","sources":[{"name":"Wordfence","remoteId":"98c1363e-b25d-46fc-b6bf-0285a37f748c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c?source=api-prod","cve":"CVE-2025-6746","affectedVersions":"<=8.2.3","severity":"high"},{"advisoryId":"WPSECADV/WF/9f4344d6-7679-499a-8086-9ae34b29a913/woodmart","title":"Woodmart <= 8.5.3 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-06-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"9f4344d6-7679-499a-8086-9ae34b29a913"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4344d6-7679-499a-8086-9ae34b29a913?source=api-prod","cve":"CVE-2026-56072","affectedVersions":"<=8.5.3","severity":"high"},{"advisoryId":"WPSECADV/WF/b030aa28-5310-4f69-8b86-7e0b0bae741b/woodmart","title":"WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"b030aa28-5310-4f69-8b86-7e0b0bae741b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b?source=api-prod","cve":"CVE-2025-8097","affectedVersions":"<=8.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/cb1db880-0942-4fac-a548-8b6a28dce8c0/woodmart","title":"Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"cb1db880-0942-4fac-a548-8b6a28dce8c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0?source=api-prod","cve":"CVE-2023-25790","affectedVersions":"<=7.0.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d9906492-971c-48c3-adb4-e408a7550fff/woodmart","title":"WoodMart < 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"d9906492-971c-48c3-adb4-e408a7550fff"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9906492-971c-48c3-adb4-e408a7550fff?source=api-prod","cve":"CVE-2025-49936","affectedVersions":"<8.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/dd056d29-3bd9-49e4-bcc4-fa487de8a27e/woodmart","title":"Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"dd056d29-3bd9-49e4-bcc4-fa487de8a27e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e?source=api-prod","cve":"CVE-2025-6744","affectedVersions":"<=8.2.3","severity":"high"},{"advisoryId":"WPSECADV/WF/f9a60c4e-a524-4a99-858a-14787f37d60c/woodmart","title":"WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9a60c4e-a524-4a99-858a-14787f37d60c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a60c4e-a524-4a99-858a-14787f37d60c?source=api-prod","cve":"CVE-2023-32239","affectedVersions":"<=7.2.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets_gen.go b/internal/data/assets_gen.go index 89601add..d7e9936b 100644 --- a/internal/data/assets_gen.go +++ b/internal/data/assets_gen.go @@ -3506,6 +3506,8 @@ var ( theme_7370696b6f811c9dc5 []byte //go:embed assets/theme_7370696e811c9dc5_gen.json theme_7370696e811c9dc5 []byte + //go:embed assets/theme_73706c617368811c9dc5_gen.json + theme_73706c617368811c9dc5 []byte //go:embed assets/theme_73706c656e646f7572811c9dc5_gen.json theme_73706c656e646f7572811c9dc5 []byte //go:embed assets/theme_73706f636b811c9dc5_gen.json @@ -7722,6 +7724,8 @@ func themeAdvisories(slug string) ([]byte, error) { return theme_7370696b6f811c9dc5, nil case "spin": return theme_7370696e811c9dc5, nil + case "splash": + return theme_73706c617368811c9dc5, nil case "splendour": return theme_73706c656e646f7572811c9dc5, nil case "spock": diff --git a/internal/data/assets_gen_test.go b/internal/data/assets_gen_test.go index 9f405fa9..b508b8e2 100644 --- a/internal/data/assets_gen_test.go +++ b/internal/data/assets_gen_test.go @@ -625,6 +625,7 @@ func plugins() []string { "ai-responsive-gallery-album", "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard", "ai-seo-translator", + "ai-share-summarize", "ai-site-builder", "ai-text-to-speech", "ai-twitter-feeds", @@ -2320,6 +2321,7 @@ func plugins() []string { "child-height-predictor", "child-support-calculator", "child-theme-generator", + "child-theme-wizard", "child-themes", "child-themes-helper", "chilexpress-oficial", @@ -4052,6 +4054,7 @@ func plugins() []string { "editor-custom-color-palette", "editor-wysiwyg-background-color", "editorial-calendar", + "editorial-rating", "edoc-easy-tables", "edoc-employee-application", "eds-font-awesome", @@ -4474,6 +4477,7 @@ func plugins() []string { "export-media-urls", "export-post-info", "export-to-text", + "export-user-data", "export-users", "export-users-data-csv", "export-users-data-distinct", @@ -5115,6 +5119,7 @@ func plugins() []string { "funnelcockpit", "funnelforms-free", "funnelforms-pro", + "funnelkit-stripe-woo-payment-gateway", "furikake", "furnob-core", "fuse-social-floating-sidebar", @@ -5391,6 +5396,7 @@ func plugins() []string { "gm-woo-product-list-widget", "gm-woocommerce-quote-popup", "gmace", + "gmail-smtp", "gmap-embed", "gmap-point-list", "gmap-shortcode", @@ -5762,6 +5768,7 @@ func plugins() []string { "hero-banner-ultimate", "hero-maps-pro", "hesabfa-accounting", + "hester-core", "hestia-nginx-cache", "heureka", "hide-admin-bar-based-on-user-roles", @@ -6020,6 +6027,7 @@ func plugins() []string { "image-banner-widget", "image-captcha", "image-caption-hover-pro", + "image-carousel", "image-carousel-for-divi", "image-carousel-shortcode", "image-classify", @@ -6326,6 +6334,7 @@ func plugins() []string { "invoice-creator", "invoice-payment-for-woocommerce", "invoicing", + "io-engagement-analytics", "ioncube-tester-plus", "ione360-configurator", "ip-address-blocker", @@ -6980,6 +6989,7 @@ func plugins() []string { "live-chat-facebook-fanpage", "live-chat-support-by-social-intents", "live-composer-page-builder", + "live-copy-paste", "live-css-preview", "live-dashboard", "live-flight-radar", @@ -8857,6 +8867,7 @@ func plugins() []string { "pixelyoursite-pro", "pixfields", "pixfort-core", + "pixmagix", "pixnet", "pixobe-cartography", "pixproof", @@ -17445,6 +17456,7 @@ func themes() []string { "spikes-black", "spiko", "spin", + "splash", "splendour", "spock", "square",