diff --git a/internal/data/assets/plugin_6163662d657874656e646564811c9dc5_gen.json b/internal/data/assets/plugin_6163662d657874656e646564811c9dc5_gen.json index 89d635eb..b4cbeefb 100644 --- a/internal/data/assets/plugin_6163662d657874656e646564811c9dc5_gen.json +++ b/internal/data/assets/plugin_6163662d657874656e646564811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/ae9cd51f-e6c8-4aec-a044-376075e9540a/acf-extended","title":"Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ae9cd51f-e6c8-4aec-a044-376075e9540a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae9cd51f-e6c8-4aec-a044-376075e9540a?source=api-prod","cve":"CVE-2021-24865","affectedVersions":"<=0.8.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/c508cb73-53e6-4ebe-b3d0-285908b722c9/acf-extended","title":"Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-02 18:43:18","sources":[{"name":"Wordfence","remoteId":"c508cb73-53e6-4ebe-b3d0-285908b722c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c508cb73-53e6-4ebe-b3d0-285908b722c9?source=api-prod","cve":"CVE-2025-13486","affectedVersions":">=0.9.0.5,<=0.9.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/d44f8af2-3525-4b00-afa8-a908250cc838/acf-extended","title":"Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 21:07:19","sources":[{"name":"Wordfence","remoteId":"d44f8af2-3525-4b00-afa8-a908250cc838"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8af2-3525-4b00-afa8-a908250cc838?source=api-prod","cve":"CVE-2025-14533","affectedVersions":"<=0.9.2.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/dcbe0c72-d518-45d3-a220-896a51071b26/acf-extended","title":"Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"dcbe0c72-d518-45d3-a220-896a51071b26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26?source=api-prod","cve":"CVE-2023-5292","affectedVersions":"<=0.8.9.3","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/ae9cd51f-e6c8-4aec-a044-376075e9540a/acf-extended","title":"Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ae9cd51f-e6c8-4aec-a044-376075e9540a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ae9cd51f-e6c8-4aec-a044-376075e9540a?source=api-prod","cve":"CVE-2021-24865","affectedVersions":"<=0.8.8.6","severity":"high"},{"advisoryId":"WPSECADV/WF/c508cb73-53e6-4ebe-b3d0-285908b722c9/acf-extended","title":"Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-02 18:43:18","sources":[{"name":"Wordfence","remoteId":"c508cb73-53e6-4ebe-b3d0-285908b722c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c508cb73-53e6-4ebe-b3d0-285908b722c9?source=api-prod","cve":"CVE-2025-13486","affectedVersions":">=0.9.0.5,<=0.9.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/d44f8af2-3525-4b00-afa8-a908250cc838/acf-extended","title":"Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 21:07:19","sources":[{"name":"Wordfence","remoteId":"d44f8af2-3525-4b00-afa8-a908250cc838"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8af2-3525-4b00-afa8-a908250cc838?source=api-prod","cve":"CVE-2025-14533","affectedVersions":"<=0.9.2.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/dcbe0c72-d518-45d3-a220-896a51071b26/acf-extended","title":"Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"dcbe0c72-d518-45d3-a220-896a51071b26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26?source=api-prod","cve":"CVE-2023-5292","affectedVersions":"<=0.8.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8544784-1994-47e2-be39-568d0ab9ee00/acf-extended","title":"Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 09:54:49","sources":[{"name":"Wordfence","remoteId":"f8544784-1994-47e2-be39-568d0ab9ee00"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8544784-1994-47e2-be39-568d0ab9ee00?source=api-prod","cve":"CVE-2025-15463","affectedVersions":"<=0.9.2.3","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626574746572646f6373811c9dc5_gen.json b/internal/data/assets/plugin_626574746572646f6373811c9dc5_gen.json index 0b90bd1e..9e136708 100644 --- a/internal/data/assets/plugin_626574746572646f6373811c9dc5_gen.json +++ b/internal/data/assets/plugin_626574746572646f6373811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1595f231-d300-484a-a0e1-1e2bc7b82ed3/betterdocs","title":"BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 17:52:33","sources":[{"name":"Wordfence","remoteId":"1595f231-d300-484a-a0e1-1e2bc7b82ed3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=api-prod","cve":"CVE-2025-14980","affectedVersions":"<=4.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3/betterdocs","title":"BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a7d6059-4cef-4bd1-a14d-ad544bfaeea3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3?source=api-prod","cve":"CVE-2023-47762","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d113191-b550-4752-b536-644206ab56c1/betterdocs","title":"BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d113191-b550-4752-b536-644206ab56c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d113191-b550-4752-b536-644206ab56c1?source=api-prod","cve":"CVE-2024-2845","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/432b11be-174d-45d6-aa3b-2fbfa85ec17a/betterdocs","title":"BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-23 14:45:35","sources":[{"name":"Wordfence","remoteId":"432b11be-174d-45d6-aa3b-2fbfa85ec17a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/432b11be-174d-45d6-aa3b-2fbfa85ec17a?source=api-prod","cve":"CVE-2026-6393","affectedVersions":"<=4.3.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/5231b741-4d02-45b5-b2aa-0d9d3536a416/betterdocs","title":"BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-15 19:18:06","sources":[{"name":"Wordfence","remoteId":"5231b741-4d02-45b5-b2aa-0d9d3536a416"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5231b741-4d02-45b5-b2aa-0d9d3536a416?source=api-prod","cve":"CVE-2025-7499","affectedVersions":"<=4.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5b7e4c3c-a12e-4b11-9673-79a7060052a8/betterdocs","title":"BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-15 18:25:01","sources":[{"name":"Wordfence","remoteId":"5b7e4c3c-a12e-4b11-9673-79a7060052a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=api-prod","cve":"CVE-2026-3875","affectedVersions":"<=4.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/95ff5150-ff45-48f8-bd39-0df79838942e/betterdocs","title":"BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"95ff5150-ff45-48f8-bd39-0df79838942e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95ff5150-ff45-48f8-bd39-0df79838942e?source=api-prod","cve":"CVE-2024-30226","affectedVersions":"<=3.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/a29832db-f85f-475b-8671-3d2115f33f19/betterdocs","title":"BetterDocs <= 3.5.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"a29832db-f85f-475b-8671-3d2115f33f19"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a29832db-f85f-475b-8671-3d2115f33f19?source=api-prod","cve":"CVE-2024-43129","affectedVersions":"<=3.5.8","severity":"high"},{"advisoryId":"WPSECADV/WF/ecad5438-8992-454c-bdc8-fac7635c1024/betterdocs","title":"BetterDocs <= 3.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecad5438-8992-454c-bdc8-fac7635c1024"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecad5438-8992-454c-bdc8-fac7635c1024?source=api-prod","cve":"CVE-2024-43227","affectedVersions":"<=3.5.8","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1595f231-d300-484a-a0e1-1e2bc7b82ed3/betterdocs","title":"BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 17:52:33","sources":[{"name":"Wordfence","remoteId":"1595f231-d300-484a-a0e1-1e2bc7b82ed3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=api-prod","cve":"CVE-2025-14980","affectedVersions":"<=4.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3/betterdocs","title":"BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a7d6059-4cef-4bd1-a14d-ad544bfaeea3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3?source=api-prod","cve":"CVE-2023-47762","affectedVersions":"<=2.5.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2d113191-b550-4752-b536-644206ab56c1/betterdocs","title":"BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2d113191-b550-4752-b536-644206ab56c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d113191-b550-4752-b536-644206ab56c1?source=api-prod","cve":"CVE-2024-2845","affectedVersions":"<=3.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/432b11be-174d-45d6-aa3b-2fbfa85ec17a/betterdocs","title":"BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-23 14:45:35","sources":[{"name":"Wordfence","remoteId":"432b11be-174d-45d6-aa3b-2fbfa85ec17a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/432b11be-174d-45d6-aa3b-2fbfa85ec17a?source=api-prod","cve":"CVE-2026-6393","affectedVersions":"<=4.3.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/5231b741-4d02-45b5-b2aa-0d9d3536a416/betterdocs","title":"BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-15 19:18:06","sources":[{"name":"Wordfence","remoteId":"5231b741-4d02-45b5-b2aa-0d9d3536a416"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5231b741-4d02-45b5-b2aa-0d9d3536a416?source=api-prod","cve":"CVE-2025-7499","affectedVersions":"<=4.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5b7e4c3c-a12e-4b11-9673-79a7060052a8/betterdocs","title":"BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-15 18:25:01","sources":[{"name":"Wordfence","remoteId":"5b7e4c3c-a12e-4b11-9673-79a7060052a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=api-prod","cve":"CVE-2026-3875","affectedVersions":"<=4.3.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/95ff5150-ff45-48f8-bd39-0df79838942e/betterdocs","title":"BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"95ff5150-ff45-48f8-bd39-0df79838942e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/95ff5150-ff45-48f8-bd39-0df79838942e?source=api-prod","cve":"CVE-2024-30226","affectedVersions":"<=3.3.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/a29832db-f85f-475b-8671-3d2115f33f19/betterdocs","title":"BetterDocs <= 3.5.8 - Authenticated (Contributor+) Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"a29832db-f85f-475b-8671-3d2115f33f19"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a29832db-f85f-475b-8671-3d2115f33f19?source=api-prod","cve":"CVE-2024-43129","affectedVersions":"<=3.5.8","severity":"high"},{"advisoryId":"WPSECADV/WF/a58080ca-8b07-42ce-8bed-10ad1c028833/betterdocs","title":"BetterDocs <= 4.3.10 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"a58080ca-8b07-42ce-8bed-10ad1c028833"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a58080ca-8b07-42ce-8bed-10ad1c028833?source=api-prod","cve":"CVE-2026-42644","affectedVersions":"<=4.3.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/ecad5438-8992-454c-bdc8-fac7635c1024/betterdocs","title":"BetterDocs <= 3.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"ecad5438-8992-454c-bdc8-fac7635c1024"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecad5438-8992-454c-bdc8-fac7635c1024?source=api-prod","cve":"CVE-2024-43227","affectedVersions":"<=3.5.8","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json b/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json index e29d1355..d75d4cc2 100644 --- a/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json +++ b/internal/data/assets/plugin_626c6f6732736f6369616c811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/02b61eb1-a93f-4437-87de-d698af8ef9f6/blog2social","title":"Blog2Social <= 6.9.3 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"02b61eb1-a93f-4437-87de-d698af8ef9f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02b61eb1-a93f-4437-87de-d698af8ef9f6?source=api-prod","affectedVersions":"<=6.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/25baf78e-e9bc-421b-8a66-9571ac3625c3/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"25baf78e-e9bc-421b-8a66-9571ac3625c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod","cve":"CVE-2022-3247","affectedVersions":"<=6.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2812b31d-11c0-4efe-95e2-ea713293dad1/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2812b31d-11c0-4efe-95e2-ea713293dad1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-prod","cve":"CVE-2021-24137","affectedVersions":"<=6.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2dea1bcb-14c2-4ec9-8a4d-087bac2db486/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2dea1bcb-14c2-4ec9-8a4d-087bac2db486"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-prod","cve":"CVE-2024-3678","affectedVersions":"<=7.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 17:30:36","sources":[{"name":"Wordfence","remoteId":"2ea06520-d7a9-49bb-812e-2fa2e50d0ec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=api-prod","cve":"CVE-2025-12560","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3710f139-0f17-426c-b48c-4c42ae4bab5f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 16:35:38","sources":[{"name":"Wordfence","remoteId":"3710f139-0f17-426c-b48c-4c42ae4bab5f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3710f139-0f17-426c-b48c-4c42ae4bab5f?source=api-prod","cve":"CVE-2025-12563","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3b472eb8-9808-4a50-b2b4-0b0b3256053f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 18:21:36","sources":[{"name":"Wordfence","remoteId":"3b472eb8-9808-4a50-b2b4-0b0b3256053f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=api-prod","cve":"CVE-2024-3549","affectedVersions":"<=7.4.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/61b590f5-7854-42f7-b5e2-e6feaaf03a73/blog2social","title":"Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 15:38:42","sources":[{"name":"Wordfence","remoteId":"61b590f5-7854-42f7-b5e2-e6feaaf03a73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61b590f5-7854-42f7-b5e2-e6feaaf03a73?source=api-prod","cve":"CVE-2025-13558","affectedVersions":"<=8.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/65b48fc0-27fd-4a37-afb8-2213ca0d4746/blog2social","title":"Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-16 13:39:52","sources":[{"name":"Wordfence","remoteId":"65b48fc0-27fd-4a37-afb8-2213ca0d4746"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=api-prod","cve":"CVE-2025-5673","affectedVersions":"<=8.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8655a6-f410-480d-8c45-2527b53fa129/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b8655a6-f410-480d-8c45-2527b53fa129"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8655a6-f410-480d-8c45-2527b53fa129?source=api-prod","affectedVersions":"<5.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/6de73c31-a58d-41d9-aaed-2d7853ad1f25/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6de73c31-a58d-41d9-aaed-2d7853ad1f25"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-prod","cve":"CVE-2022-3246","affectedVersions":"<=6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/7374db91-4e7d-4db2-9c58-bb9bdda5c85d/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7374db91-4e7d-4db2-9c58-bb9bdda5c85d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7374db91-4e7d-4db2-9c58-bb9bdda5c85d?source=api-prod","cve":"CVE-2025-14943","affectedVersions":"<=8.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7817f343-1ed6-4b76-afbe-1054de892422/blog2social","title":"Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"7817f343-1ed6-4b76-afbe-1054de892422"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7817f343-1ed6-4b76-afbe-1054de892422?source=api-prod","cve":"CVE-2021-24956","affectedVersions":"<=6.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b5e5b0a-dd6a-401f-86db-940b3386ed21/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b5e5b0a-dd6a-401f-86db-940b3386ed21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-prod","cve":"CVE-2019-13572","affectedVersions":"<5.6.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/7dc46bc4-ecfb-438f-b951-7b957489cd96/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 14:26:40","sources":[{"name":"Wordfence","remoteId":"7dc46bc4-ecfb-438f-b951-7b957489cd96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=api-prod","cve":"CVE-2026-4331","affectedVersions":"<=8.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81108abb-69e5-4571-8209-484b4b0f5617/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"81108abb-69e5-4571-8209-484b4b0f5617"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81108abb-69e5-4571-8209-484b4b0f5617?source=api-prod","cve":"CVE-2019-17550","affectedVersions":"<5.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/930e7fd6-ae0b-465a-aa93-04ef80011d32/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 21:30:45","sources":[{"name":"Wordfence","remoteId":"930e7fd6-ae0b-465a-aa93-04ef80011d32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=api-prod","cve":"CVE-2026-1942","affectedVersions":"<=8.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/94afe3e2-a1f1-470b-afaf-c7926beaec9a/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-31 18:01:17","sources":[{"name":"Wordfence","remoteId":"94afe3e2-a1f1-470b-afaf-c7926beaec9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=api-prod","cve":"CVE-2024-7302","affectedVersions":"<=7.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a00147db-2ca5-4290-ae13-27be6119b751/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a00147db-2ca5-4290-ae13-27be6119b751"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a00147db-2ca5-4290-ae13-27be6119b751?source=api-prod","cve":"CVE-2023-3936","affectedVersions":"<7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d3dccecb-893c-4746-9047-5c32ca227508/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"d3dccecb-893c-4746-9047-5c32ca227508"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dccecb-893c-4746-9047-5c32ca227508?source=api-prod","cve":"CVE-2019-9576","affectedVersions":"<5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d61d2dc5-7461-460c-8dbc-e32a512d5828/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d61d2dc5-7461-460c-8dbc-e32a512d5828"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d61d2dc5-7461-460c-8dbc-e32a512d5828?source=api-prod","cve":"CVE-2025-4133","affectedVersions":"<=8.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3eec9c6-fef9-4d6e-8328-51efb997c99c/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 19:13:42","sources":[{"name":"Wordfence","remoteId":"f3eec9c6-fef9-4d6e-8328-51efb997c99c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eec9c6-fef9-4d6e-8328-51efb997c99c?source=api-prod","cve":"CVE-2026-4330","affectedVersions":"<=8.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5b8d39c-d307-42c9-a972-29b5521a82a4/blog2social","title":"Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5b8d39c-d307-42c9-a972-29b5521a82a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-prod","cve":"CVE-2022-3622","affectedVersions":"<=6.9.11","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/02b61eb1-a93f-4437-87de-d698af8ef9f6/blog2social","title":"Blog2Social <= 6.9.3 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"02b61eb1-a93f-4437-87de-d698af8ef9f6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02b61eb1-a93f-4437-87de-d698af8ef9f6?source=api-prod","affectedVersions":"<=6.9.3","severity":"high"},{"advisoryId":"WPSECADV/WF/25baf78e-e9bc-421b-8a66-9571ac3625c3/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"25baf78e-e9bc-421b-8a66-9571ac3625c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod","cve":"CVE-2022-3247","affectedVersions":"<=6.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2812b31d-11c0-4efe-95e2-ea713293dad1/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2812b31d-11c0-4efe-95e2-ea713293dad1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-prod","cve":"CVE-2021-24137","affectedVersions":"<=6.3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2dea1bcb-14c2-4ec9-8a4d-087bac2db486/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"2dea1bcb-14c2-4ec9-8a4d-087bac2db486"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-prod","cve":"CVE-2024-3678","affectedVersions":"<=7.4.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 17:30:36","sources":[{"name":"Wordfence","remoteId":"2ea06520-d7a9-49bb-812e-2fa2e50d0ec2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=api-prod","cve":"CVE-2025-12560","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3710f139-0f17-426c-b48c-4c42ae4bab5f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-05 16:35:38","sources":[{"name":"Wordfence","remoteId":"3710f139-0f17-426c-b48c-4c42ae4bab5f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3710f139-0f17-426c-b48c-4c42ae4bab5f?source=api-prod","cve":"CVE-2025-12563","affectedVersions":"<=8.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/3b472eb8-9808-4a50-b2b4-0b0b3256053f/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-10 18:21:36","sources":[{"name":"Wordfence","remoteId":"3b472eb8-9808-4a50-b2b4-0b0b3256053f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=api-prod","cve":"CVE-2024-3549","affectedVersions":"<=7.4.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/61b590f5-7854-42f7-b5e2-e6feaaf03a73/blog2social","title":"Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 15:38:42","sources":[{"name":"Wordfence","remoteId":"61b590f5-7854-42f7-b5e2-e6feaaf03a73"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61b590f5-7854-42f7-b5e2-e6feaaf03a73?source=api-prod","cve":"CVE-2025-13558","affectedVersions":"<=8.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/65b48fc0-27fd-4a37-afb8-2213ca0d4746/blog2social","title":"Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-16 13:39:52","sources":[{"name":"Wordfence","remoteId":"65b48fc0-27fd-4a37-afb8-2213ca0d4746"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=api-prod","cve":"CVE-2025-5673","affectedVersions":"<=8.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6b8655a6-f410-480d-8c45-2527b53fa129/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b8655a6-f410-480d-8c45-2527b53fa129"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8655a6-f410-480d-8c45-2527b53fa129?source=api-prod","affectedVersions":"<5.0.1","severity":"high"},{"advisoryId":"WPSECADV/WF/6de73c31-a58d-41d9-aaed-2d7853ad1f25/blog2social","title":"Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-03 00:00:00","sources":[{"name":"Wordfence","remoteId":"6de73c31-a58d-41d9-aaed-2d7853ad1f25"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-prod","cve":"CVE-2022-3246","affectedVersions":"<=6.9.9","severity":"high"},{"advisoryId":"WPSECADV/WF/7374db91-4e7d-4db2-9c58-bb9bdda5c85d/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"7374db91-4e7d-4db2-9c58-bb9bdda5c85d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7374db91-4e7d-4db2-9c58-bb9bdda5c85d?source=api-prod","cve":"CVE-2025-14943","affectedVersions":"<=8.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7817f343-1ed6-4b76-afbe-1054de892422/blog2social","title":"Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-11-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"7817f343-1ed6-4b76-afbe-1054de892422"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7817f343-1ed6-4b76-afbe-1054de892422?source=api-prod","cve":"CVE-2021-24956","affectedVersions":"<=6.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b5e5b0a-dd6a-401f-86db-940b3386ed21/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b5e5b0a-dd6a-401f-86db-940b3386ed21"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-prod","cve":"CVE-2019-13572","affectedVersions":"<5.6.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/7dc46bc4-ecfb-438f-b951-7b957489cd96/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-25 14:26:40","sources":[{"name":"Wordfence","remoteId":"7dc46bc4-ecfb-438f-b951-7b957489cd96"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=api-prod","cve":"CVE-2026-4331","affectedVersions":"<=8.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81108abb-69e5-4571-8209-484b4b0f5617/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-11-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"81108abb-69e5-4571-8209-484b4b0f5617"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81108abb-69e5-4571-8209-484b4b0f5617?source=api-prod","cve":"CVE-2019-17550","affectedVersions":"<5.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/930e7fd6-ae0b-465a-aa93-04ef80011d32/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 21:30:45","sources":[{"name":"Wordfence","remoteId":"930e7fd6-ae0b-465a-aa93-04ef80011d32"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=api-prod","cve":"CVE-2026-1942","affectedVersions":"<=8.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/94afe3e2-a1f1-470b-afaf-c7926beaec9a/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-31 18:01:17","sources":[{"name":"Wordfence","remoteId":"94afe3e2-a1f1-470b-afaf-c7926beaec9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=api-prod","cve":"CVE-2024-7302","affectedVersions":"<=7.5.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/a00147db-2ca5-4290-ae13-27be6119b751/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a00147db-2ca5-4290-ae13-27be6119b751"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a00147db-2ca5-4290-ae13-27be6119b751?source=api-prod","cve":"CVE-2023-3936","affectedVersions":"<7.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/d3dccecb-893c-4746-9047-5c32ca227508/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-05-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"d3dccecb-893c-4746-9047-5c32ca227508"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dccecb-893c-4746-9047-5c32ca227508?source=api-prod","cve":"CVE-2019-9576","affectedVersions":"<5.0.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d61d2dc5-7461-460c-8dbc-e32a512d5828/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"d61d2dc5-7461-460c-8dbc-e32a512d5828"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d61d2dc5-7461-460c-8dbc-e32a512d5828?source=api-prod","cve":"CVE-2025-4133","affectedVersions":"<=8.3.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f0859e21-851a-4a6d-aa6c-9f759c5866d9/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:27:25","sources":[{"name":"Wordfence","remoteId":"f0859e21-851a-4a6d-aa6c-9f759c5866d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0859e21-851a-4a6d-aa6c-9f759c5866d9?source=api-prod","cve":"CVE-2026-7051","affectedVersions":"<=8.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3eec9c6-fef9-4d6e-8328-51efb997c99c/blog2social","title":"Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-07 19:13:42","sources":[{"name":"Wordfence","remoteId":"f3eec9c6-fef9-4d6e-8328-51efb997c99c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eec9c6-fef9-4d6e-8328-51efb997c99c?source=api-prod","cve":"CVE-2026-4330","affectedVersions":"<=8.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/f5b8d39c-d307-42c9-a972-29b5521a82a4/blog2social","title":"Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"f5b8d39c-d307-42c9-a972-29b5521a82a4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-prod","cve":"CVE-2022-3622","affectedVersions":"<=6.9.11","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_62726f6164737472656574811c9dc5_gen.json b/internal/data/assets/plugin_62726f6164737472656574811c9dc5_gen.json index 6ff6078b..b2010e4f 100644 --- a/internal/data/assets/plugin_62726f6164737472656574811c9dc5_gen.json +++ b/internal/data/assets/plugin_62726f6164737472656574811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/10dbaf83-03c4-409d-b31a-198eab101dd1/broadstreet","title":"Broadstreet Ads <= 1.52.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"10dbaf83-03c4-409d-b31a-198eab101dd1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10dbaf83-03c4-409d-b31a-198eab101dd1?source=api-prod","cve":"CVE-2025-69311","affectedVersions":"<=1.52.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bb71f5d-a766-4f39-a2c6-78644cdd2882/broadstreet","title":"Broadstreet <= 1.51.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"8bb71f5d-a766-4f39-a2c6-78644cdd2882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb71f5d-a766-4f39-a2c6-78644cdd2882?source=api-prod","cve":"CVE-2025-32270","affectedVersions":"<=1.51.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/aeda43bc-eeee-463d-80b7-dec7975b4d19/broadstreet","title":"Broadstreet <= 1.51.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 18:41:57","sources":[{"name":"Wordfence","remoteId":"aeda43bc-eeee-463d-80b7-dec7975b4d19"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=api-prod","cve":"CVE-2024-11825","affectedVersions":"<=1.51.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6eea36b-e80a-4b21-8997-d828cc8da6a3/broadstreet","title":"Broadstreet <= 1.52.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6eea36b-e80a-4b21-8997-d828cc8da6a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6eea36b-e80a-4b21-8997-d828cc8da6a3?source=api-prod","cve":"CVE-2025-32211","affectedVersions":"<=1.52.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b839c597-5230-4702-b4ac-b4c127d0b6d2/broadstreet","title":"Broadstreet <= 1.51.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b839c597-5230-4702-b4ac-b4c127d0b6d2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b839c597-5230-4702-b4ac-b4c127d0b6d2?source=api-prod","cve":"CVE-2025-48113","affectedVersions":"<=1.51.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc8ccaee-058b-476f-9d92-08db23df024b/broadstreet","title":"Broadstreet Ads <= 1.51.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc8ccaee-058b-476f-9d92-08db23df024b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc8ccaee-058b-476f-9d92-08db23df024b?source=api-prod","cve":"CVE-2025-4652","affectedVersions":"<=1.51.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/10dbaf83-03c4-409d-b31a-198eab101dd1/broadstreet","title":"Broadstreet Ads <= 1.52.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"10dbaf83-03c4-409d-b31a-198eab101dd1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/10dbaf83-03c4-409d-b31a-198eab101dd1?source=api-prod","cve":"CVE-2025-69311","affectedVersions":"<=1.52.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/480ab377-b979-4e1c-9c7a-cf63d69ad697/broadstreet","title":"Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:43:29","sources":[{"name":"Wordfence","remoteId":"480ab377-b979-4e1c-9c7a-cf63d69ad697"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/480ab377-b979-4e1c-9c7a-cf63d69ad697?source=api-prod","cve":"CVE-2025-9988","affectedVersions":"<=1.53.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/8bb71f5d-a766-4f39-a2c6-78644cdd2882/broadstreet","title":"Broadstreet <= 1.51.1 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"8bb71f5d-a766-4f39-a2c6-78644cdd2882"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb71f5d-a766-4f39-a2c6-78644cdd2882?source=api-prod","cve":"CVE-2025-32270","affectedVersions":"<=1.51.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/aeda43bc-eeee-463d-80b7-dec7975b4d19/broadstreet","title":"Broadstreet <= 1.51.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-24 18:41:57","sources":[{"name":"Wordfence","remoteId":"aeda43bc-eeee-463d-80b7-dec7975b4d19"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=api-prod","cve":"CVE-2024-11825","affectedVersions":"<=1.51.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b3cc3835-25f5-43b3-82be-397b8b3bd369/broadstreet","title":"Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:29:58","sources":[{"name":"Wordfence","remoteId":"b3cc3835-25f5-43b3-82be-397b8b3bd369"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cc3835-25f5-43b3-82be-397b8b3bd369?source=api-prod","cve":"CVE-2025-9987","affectedVersions":"<=1.53.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6eea36b-e80a-4b21-8997-d828cc8da6a3/broadstreet","title":"Broadstreet <= 1.52.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6eea36b-e80a-4b21-8997-d828cc8da6a3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6eea36b-e80a-4b21-8997-d828cc8da6a3?source=api-prod","cve":"CVE-2025-32211","affectedVersions":"<=1.52.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/b839c597-5230-4702-b4ac-b4c127d0b6d2/broadstreet","title":"Broadstreet <= 1.51.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b839c597-5230-4702-b4ac-b4c127d0b6d2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b839c597-5230-4702-b4ac-b4c127d0b6d2?source=api-prod","cve":"CVE-2025-48113","affectedVersions":"<=1.51.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc8ccaee-058b-476f-9d92-08db23df024b/broadstreet","title":"Broadstreet Ads <= 1.51.7 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"bc8ccaee-058b-476f-9d92-08db23df024b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc8ccaee-058b-476f-9d92-08db23df024b?source=api-prod","cve":"CVE-2025-4652","affectedVersions":"<=1.51.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9b6e9a7-1ac5-45d0-83c3-a3f79935904a/broadstreet","title":"Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:28:56","sources":[{"name":"Wordfence","remoteId":"f9b6e9a7-1ac5-45d0-83c3-a3f79935904a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b6e9a7-1ac5-45d0-83c3-a3f79935904a?source=api-prod","cve":"CVE-2025-9989","affectedVersions":"<=1.53.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_63686172697461626c65811c9dc5_gen.json b/internal/data/assets/plugin_63686172697461626c65811c9dc5_gen.json index 649ed4c8..a6c5d2db 100644 --- a/internal/data/assets/plugin_63686172697461626c65811c9dc5_gen.json +++ b/internal/data/assets/plugin_63686172697461626c65811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0ee60943-b583-4a99-8e62-846b380c98aa/charitable","title":"Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0ee60943-b583-4a99-8e62-846b380c98aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0ee60943-b583-4a99-8e62-846b380c98aa?source=api-prod","cve":"CVE-2024-8791","affectedVersions":"<=1.8.1.14","severity":"critical"},{"advisoryId":"WPSECADV/WF/161c2365-932f-44d0-a76c-4aeb01f9379c/charitable","title":"Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"161c2365-932f-44d0-a76c-4aeb01f9379c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/161c2365-932f-44d0-a76c-4aeb01f9379c?source=api-prod","cve":"CVE-2025-47520","affectedVersions":"<=1.8.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/23a01c60-d843-4fc5-a5fa-677f452008b5/charitable","title":"Charitable – Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"23a01c60-d843-4fc5-a5fa-677f452008b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23a01c60-d843-4fc5-a5fa-677f452008b5?source=api-prod","cve":"CVE-2021-24531","affectedVersions":"<=1.6.50","severity":"medium"},{"advisoryId":"WPSECADV/WF/2b3b9576-7c7d-4665-92d5-03aa292cdbbe/charitable","title":"Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b3b9576-7c7d-4665-92d5-03aa292cdbbe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b3b9576-7c7d-4665-92d5-03aa292cdbbe?source=api-prod","cve":"CVE-2022-47441","affectedVersions":"<=1.7.0.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/453d8918-32dc-43d6-8969-71f719536891/charitable","title":"Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-25 14:11:07","sources":[{"name":"Wordfence","remoteId":"453d8918-32dc-43d6-8969-71f719536891"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/453d8918-32dc-43d6-8969-71f719536891?source=api-prod","cve":"CVE-2025-5275","affectedVersions":"<=1.8.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/46b7820c-f36d-4c7d-b326-07259786fc6a/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 17:36:30","sources":[{"name":"Wordfence","remoteId":"46b7820c-f36d-4c7d-b326-07259786fc6a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46b7820c-f36d-4c7d-b326-07259786fc6a?source=api-prod","cve":"CVE-2025-11893","affectedVersions":"<=1.8.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/522ecc1c-5834-4325-9234-79cf712213f3/charitable","title":"Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"522ecc1c-5834-4325-9234-79cf712213f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3?source=api-prod","cve":"CVE-2023-4404","affectedVersions":"<=1.7.0.12","severity":"critical"},{"advisoryId":"WPSECADV/WF/5be1b4b2-4b33-45d7-82fd-b4d51e16535c/charitable","title":"Charitable <= 1.5.13 - Unauthorized Access to Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"5be1b4b2-4b33-45d7-82fd-b4d51e16535c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1b4b2-4b33-45d7-82fd-b4d51e16535c?source=api-prod","cve":"CVE-2018-21011","affectedVersions":"<1.5.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/68014bb5-b2ef-4e2f-9c47-85e555ded5a7/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"68014bb5-b2ef-4e2f-9c47-85e555ded5a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68014bb5-b2ef-4e2f-9c47-85e555ded5a7?source=api-prod","cve":"CVE-2024-10876","affectedVersions":"<=1.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb6c977f-6ab3-4c94-83b1-968dafca4a8e/charitable","title":"Charitable <= 1.8.1.7 - Missing Authorization to Unauthorized Donation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb6c977f-6ab3-4c94-83b1-968dafca4a8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6c977f-6ab3-4c94-83b1-968dafca4a8e?source=api-prod","cve":"CVE-2024-37506","affectedVersions":"<=1.8.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc3b2645-7b57-4884-99c5-e37dbd4a9600/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-06 18:46:47","sources":[{"name":"Wordfence","remoteId":"bc3b2645-7b57-4884-99c5-e37dbd4a9600"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3b2645-7b57-4884-99c5-e37dbd4a9600?source=api-prod","cve":"CVE-2026-3177","affectedVersions":"<=1.8.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86/charitable","title":"Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86?source=api-prod","cve":"CVE-2025-30770","affectedVersions":"<=1.8.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7ccbe77-939f-4828-9b86-40cd654cfce6/charitable","title":"Charitable <= 1.8.1.7 - Missing Authorization via ajax_license_check()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7ccbe77-939f-4828-9b86-40cd654cfce6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7ccbe77-939f-4828-9b86-40cd654cfce6?source=api-prod","cve":"CVE-2024-37510","affectedVersions":"<=1.8.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/dbaedb36-6710-48ab-8bb5-e6065fa8df51/charitable","title":"Charitable <= 1.7.0.13 - Authenticated(Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"dbaedb36-6710-48ab-8bb5-e6065fa8df51"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51?source=api-prod","cve":"CVE-2023-47816","affectedVersions":"<1.7.0.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8aa8dd6-abff-4c37-98d5-39a924b15651/charitable","title":"Charitable – Donation Plugin <= 1.6.50 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8aa8dd6-abff-4c37-98d5-39a924b15651"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8aa8dd6-abff-4c37-98d5-39a924b15651?source=api-prod","affectedVersions":"<=1.6.50","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0ee60943-b583-4a99-8e62-846b380c98aa/charitable","title":"Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0ee60943-b583-4a99-8e62-846b380c98aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0ee60943-b583-4a99-8e62-846b380c98aa?source=api-prod","cve":"CVE-2024-8791","affectedVersions":"<=1.8.1.14","severity":"critical"},{"advisoryId":"WPSECADV/WF/161c2365-932f-44d0-a76c-4aeb01f9379c/charitable","title":"Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"161c2365-932f-44d0-a76c-4aeb01f9379c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/161c2365-932f-44d0-a76c-4aeb01f9379c?source=api-prod","cve":"CVE-2025-47520","affectedVersions":"<=1.8.5.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/23a01c60-d843-4fc5-a5fa-677f452008b5/charitable","title":"Charitable – Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"23a01c60-d843-4fc5-a5fa-677f452008b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/23a01c60-d843-4fc5-a5fa-677f452008b5?source=api-prod","cve":"CVE-2021-24531","affectedVersions":"<=1.6.50","severity":"medium"},{"advisoryId":"WPSECADV/WF/2b3b9576-7c7d-4665-92d5-03aa292cdbbe/charitable","title":"Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-04-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"2b3b9576-7c7d-4665-92d5-03aa292cdbbe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b3b9576-7c7d-4665-92d5-03aa292cdbbe?source=api-prod","cve":"CVE-2022-47441","affectedVersions":"<=1.7.0.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/453d8918-32dc-43d6-8969-71f719536891/charitable","title":"Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-25 14:11:07","sources":[{"name":"Wordfence","remoteId":"453d8918-32dc-43d6-8969-71f719536891"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/453d8918-32dc-43d6-8969-71f719536891?source=api-prod","cve":"CVE-2025-5275","affectedVersions":"<=1.8.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/46b7820c-f36d-4c7d-b326-07259786fc6a/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 17:36:30","sources":[{"name":"Wordfence","remoteId":"46b7820c-f36d-4c7d-b326-07259786fc6a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46b7820c-f36d-4c7d-b326-07259786fc6a?source=api-prod","cve":"CVE-2025-11893","affectedVersions":"<=1.8.8.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/522ecc1c-5834-4325-9234-79cf712213f3/charitable","title":"Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"522ecc1c-5834-4325-9234-79cf712213f3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3?source=api-prod","cve":"CVE-2023-4404","affectedVersions":"<=1.7.0.12","severity":"critical"},{"advisoryId":"WPSECADV/WF/5be1b4b2-4b33-45d7-82fd-b4d51e16535c/charitable","title":"Charitable <= 1.5.13 - Unauthorized Access to Information Disclosure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-05-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"5be1b4b2-4b33-45d7-82fd-b4d51e16535c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1b4b2-4b33-45d7-82fd-b4d51e16535c?source=api-prod","cve":"CVE-2018-21011","affectedVersions":"<1.5.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/68014bb5-b2ef-4e2f-9c47-85e555ded5a7/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"68014bb5-b2ef-4e2f-9c47-85e555ded5a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68014bb5-b2ef-4e2f-9c47-85e555ded5a7?source=api-prod","cve":"CVE-2024-10876","affectedVersions":"<=1.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/950bed9d-8698-4aa0-86a4-fac9e07bb42b/charitable","title":"Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:46:10","sources":[{"name":"Wordfence","remoteId":"950bed9d-8698-4aa0-86a4-fac9e07bb42b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/950bed9d-8698-4aa0-86a4-fac9e07bb42b?source=api-prod","cve":"CVE-2026-7619","affectedVersions":"<=1.8.10.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/bb6c977f-6ab3-4c94-83b1-968dafca4a8e/charitable","title":"Charitable <= 1.8.1.7 - Missing Authorization to Unauthorized Donation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"bb6c977f-6ab3-4c94-83b1-968dafca4a8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6c977f-6ab3-4c94-83b1-968dafca4a8e?source=api-prod","cve":"CVE-2024-37506","affectedVersions":"<=1.8.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/bc3b2645-7b57-4884-99c5-e37dbd4a9600/charitable","title":"Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-06 18:46:47","sources":[{"name":"Wordfence","remoteId":"bc3b2645-7b57-4884-99c5-e37dbd4a9600"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3b2645-7b57-4884-99c5-e37dbd4a9600?source=api-prod","cve":"CVE-2026-3177","affectedVersions":"<=1.8.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86/charitable","title":"Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b5eb2a-4a6a-4a58-93ec-c83a573b8a86?source=api-prod","cve":"CVE-2025-30770","affectedVersions":"<=1.8.4.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/d7ccbe77-939f-4828-9b86-40cd654cfce6/charitable","title":"Charitable <= 1.8.1.7 - Missing Authorization via ajax_license_check()\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d7ccbe77-939f-4828-9b86-40cd654cfce6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7ccbe77-939f-4828-9b86-40cd654cfce6?source=api-prod","cve":"CVE-2024-37510","affectedVersions":"<=1.8.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/dbaedb36-6710-48ab-8bb5-e6065fa8df51/charitable","title":"Charitable <= 1.7.0.13 - Authenticated(Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-10-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"dbaedb36-6710-48ab-8bb5-e6065fa8df51"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51?source=api-prod","cve":"CVE-2023-47816","affectedVersions":"<1.7.0.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8aa8dd6-abff-4c37-98d5-39a924b15651/charitable","title":"Charitable – Donation Plugin <= 1.6.50 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8aa8dd6-abff-4c37-98d5-39a924b15651"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8aa8dd6-abff-4c37-98d5-39a924b15651?source=api-prod","affectedVersions":"<=1.6.50","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f6d70652d776f6f2d636f6d706172652d70726f6475637473811c9dc5_gen.json b/internal/data/assets/plugin_636f6d70652d776f6f2d636f6d706172652d70726f6475637473811c9dc5_gen.json new file mode 100644 index 00000000..3852ee76 --- /dev/null +++ b/internal/data/assets/plugin_636f6d70652d776f6f2d636f6d706172652d70726f6475637473811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/035f2be6-6c20-4f61-8302-bf36df633c80/compe-woo-compare-products","title":"COMPE <= 1.1.4 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-14 00:00:00","sources":[{"name":"Wordfence","remoteId":"035f2be6-6c20-4f61-8302-bf36df633c80"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/035f2be6-6c20-4f61-8302-bf36df633c80?source=api-prod","cve":"CVE-2026-40737","affectedVersions":"<=1.1.4","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f72656163746976697479811c9dc5_gen.json b/internal/data/assets/plugin_636f72656163746976697479811c9dc5_gen.json index a6ea613f..c0c069fc 100644 --- a/internal/data/assets/plugin_636f72656163746976697479811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f72656163746976697479811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/a2432a0a-d262-4460-bd2d-2cb200d51f6f/coreactivity","title":"coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a2432a0a-d262-4460-bd2d-2cb200d51f6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a2432a0a-d262-4460-bd2d-2cb200d51f6f?source=api-prod","cve":"CVE-2024-0852","affectedVersions":"<=1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474/coreactivity","title":"coreActivity <= 2.0.1 - IP Spoofing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474?source=api-prod","cve":"CVE-2024-0868","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e1ebbb18-0266-49e8-ada3-b63905021846/coreactivity","title":"coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"e1ebbb18-0266-49e8-ada3-b63905021846"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e1ebbb18-0266-49e8-ada3-b63905021846?source=api-prod","cve":"CVE-2025-3436","affectedVersions":"<=2.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/59f30135-6dd9-4367-90a9-a10ad491357d/coreactivity","title":"coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"59f30135-6dd9-4367-90a9-a10ad491357d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59f30135-6dd9-4367-90a9-a10ad491357d?source=api-prod","cve":"CVE-2026-7635","affectedVersions":"<=3.0","severity":"high"},{"advisoryId":"WPSECADV/WF/a2432a0a-d262-4460-bd2d-2cb200d51f6f/coreactivity","title":"coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"a2432a0a-d262-4460-bd2d-2cb200d51f6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a2432a0a-d262-4460-bd2d-2cb200d51f6f?source=api-prod","cve":"CVE-2024-0852","affectedVersions":"<=1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474/coreactivity","title":"coreActivity <= 2.0.1 - IP Spoofing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474?source=api-prod","cve":"CVE-2024-0868","affectedVersions":"<=2.0.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e1ebbb18-0266-49e8-ada3-b63905021846/coreactivity","title":"coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"e1ebbb18-0266-49e8-ada3-b63905021846"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e1ebbb18-0266-49e8-ada3-b63905021846?source=api-prod","cve":"CVE-2025-3436","affectedVersions":"<=2.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f73742d63616c63756c61746f722d6275696c646572811c9dc5_gen.json b/internal/data/assets/plugin_636f73742d63616c63756c61746f722d6275696c646572811c9dc5_gen.json index 05240b8d..06f56a01 100644 --- a/internal/data/assets/plugin_636f73742d63616c63756c61746f722d6275696c646572811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f73742d63616c63756c61746f722d6275696c646572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/03ad3677-1b02-4f22-af50-e88b2ec83f54/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"03ad3677-1b02-4f22-af50-e88b2ec83f54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=api-prod","cve":"CVE-2024-6011","affectedVersions":"<=3.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/127691c4-dc63-44e0-b591-b342a3809888/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.42 - Cross-Site Request Forgery to Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"127691c4-dc63-44e0-b591-b342a3809888"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/127691c4-dc63-44e0-b591-b342a3809888?source=api-prod","cve":"CVE-2024-10892","affectedVersions":"<=3.2.42","severity":"medium"},{"advisoryId":"WPSECADV/WF/2387408b-3017-42c8-8663-3d7d5f858c8a/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.65 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2387408b-3017-42c8-8663-3d7d5f858c8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2387408b-3017-42c8-8663-3d7d5f858c8a?source=api-prod","cve":"CVE-2025-31414","affectedVersions":"<=3.2.65","severity":"medium"},{"advisoryId":"WPSECADV/WF/32f3dfe1-816a-486c-8996-cc340af51638/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.65 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"32f3dfe1-816a-486c-8996-cc340af51638"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32f3dfe1-816a-486c-8996-cc340af51638?source=api-prod","cve":"CVE-2025-39587","affectedVersions":"<=3.2.65","severity":"high"},{"advisoryId":"WPSECADV/WF/4154684d-3f9b-418f-b9d1-a5d22d4d84d3/cost-calculator-builder","title":"Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-01 11:27:40","sources":[{"name":"Wordfence","remoteId":"4154684d-3f9b-418f-b9d1-a5d22d4d84d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4154684d-3f9b-418f-b9d1-a5d22d4d84d3?source=api-prod","cve":"CVE-2025-12529","affectedVersions":"<=3.6.3","severity":"high"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/cost-calculator-builder","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fc5fb44-8264-46b7-9486-f145d6cbfde2/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.15 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fc5fb44-8264-46b7-9486-f145d6cbfde2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fc5fb44-8264-46b7-9486-f145d6cbfde2?source=api-prod","cve":"CVE-2024-43144","affectedVersions":"<=3.2.15","severity":"critical"},{"advisoryId":"WPSECADV/WF/7a7157c0-8378-4aa0-bc47-635be4ba2f8f/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 20:32:04","sources":[{"name":"Wordfence","remoteId":"7a7157c0-8378-4aa0-bc47-635be4ba2f8f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a7157c0-8378-4aa0-bc47-635be4ba2f8f?source=api-prod","cve":"CVE-2025-2128","affectedVersions":"<=3.2.67","severity":"medium"},{"advisoryId":"WPSECADV/WF/816e70ce-c599-4ed6-84c6-72f18f8c162d/cost-calculator-builder","title":"Cost Calculator Builder <= 3.5.32 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"816e70ce-c599-4ed6-84c6-72f18f8c162d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/816e70ce-c599-4ed6-84c6-72f18f8c162d?source=api-prod","cve":"CVE-2025-62049","affectedVersions":"<=3.5.32","severity":"medium"},{"advisoryId":"WPSECADV/WF/94d60fcb-a542-41a9-b6ac-6ac2607068aa/cost-calculator-builder","title":"Cost Calculator Builder <= 3.1.42 - Improper Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"94d60fcb-a542-41a9-b6ac-6ac2607068aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94d60fcb-a542-41a9-b6ac-6ac2607068aa?source=api-prod","cve":"CVE-2023-40011","affectedVersions":"<3.1.43","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd/cost-calculator-builder","title":"Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-03 14:11:08","sources":[{"name":"Wordfence","remoteId":"aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd?source=api-prod","cve":"CVE-2025-9243","affectedVersions":"<=3.5.32","severity":"high"},{"advisoryId":"WPSECADV/WF/b8415e5f-17a4-425c-ac28-5dd886d1bcf1/cost-calculator-builder","title":"Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-15 20:25:52","sources":[{"name":"Wordfence","remoteId":"b8415e5f-17a4-425c-ac28-5dd886d1bcf1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b8415e5f-17a4-425c-ac28-5dd886d1bcf1?source=api-prod","cve":"CVE-2025-14757","affectedVersions":"<=3.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f18617cd-b2e9-480d-9ec0-9438a416721e/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.28 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f18617cd-b2e9-480d-9ec0-9438a416721e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f18617cd-b2e9-480d-9ec0-9438a416721e?source=api-prod","cve":"CVE-2024-8379","affectedVersions":"<=3.2.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/f83cb847-1aa0-4fc1-a494-4f1851ce0b1c/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"f83cb847-1aa0-4fc1-a494-4f1851ce0b1c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f83cb847-1aa0-4fc1-a494-4f1851ce0b1c?source=api-prod","cve":"CVE-2025-48277","affectedVersions":"<=3.2.74","severity":"medium"},{"advisoryId":"WPSECADV/WF/fd7da039-f6b8-46b7-a43a-145e9f8844c3/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd7da039-f6b8-46b7-a43a-145e9f8844c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7da039-f6b8-46b7-a43a-145e9f8844c3?source=api-prod","cve":"CVE-2024-6012","affectedVersions":"<=3.2.12","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/03ad3677-1b02-4f22-af50-e88b2ec83f54/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"03ad3677-1b02-4f22-af50-e88b2ec83f54"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=api-prod","cve":"CVE-2024-6011","affectedVersions":"<=3.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/127691c4-dc63-44e0-b591-b342a3809888/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.42 - Cross-Site Request Forgery to Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"127691c4-dc63-44e0-b591-b342a3809888"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/127691c4-dc63-44e0-b591-b342a3809888?source=api-prod","cve":"CVE-2024-10892","affectedVersions":"<=3.2.42","severity":"medium"},{"advisoryId":"WPSECADV/WF/2387408b-3017-42c8-8663-3d7d5f858c8a/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.65 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2387408b-3017-42c8-8663-3d7d5f858c8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2387408b-3017-42c8-8663-3d7d5f858c8a?source=api-prod","cve":"CVE-2025-31414","affectedVersions":"<=3.2.65","severity":"medium"},{"advisoryId":"WPSECADV/WF/32f3dfe1-816a-486c-8996-cc340af51638/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.65 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"32f3dfe1-816a-486c-8996-cc340af51638"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32f3dfe1-816a-486c-8996-cc340af51638?source=api-prod","cve":"CVE-2025-39587","affectedVersions":"<=3.2.65","severity":"high"},{"advisoryId":"WPSECADV/WF/4154684d-3f9b-418f-b9d1-a5d22d4d84d3/cost-calculator-builder","title":"Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-01 11:27:40","sources":[{"name":"Wordfence","remoteId":"4154684d-3f9b-418f-b9d1-a5d22d4d84d3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4154684d-3f9b-418f-b9d1-a5d22d4d84d3?source=api-prod","cve":"CVE-2025-12529","affectedVersions":"<=3.6.3","severity":"high"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/cost-calculator-builder","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":"<=2.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fc5fb44-8264-46b7-9486-f145d6cbfde2/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.15 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fc5fb44-8264-46b7-9486-f145d6cbfde2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fc5fb44-8264-46b7-9486-f145d6cbfde2?source=api-prod","cve":"CVE-2024-43144","affectedVersions":"<=3.2.15","severity":"critical"},{"advisoryId":"WPSECADV/WF/7a7157c0-8378-4aa0-bc47-635be4ba2f8f/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-10 20:32:04","sources":[{"name":"Wordfence","remoteId":"7a7157c0-8378-4aa0-bc47-635be4ba2f8f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a7157c0-8378-4aa0-bc47-635be4ba2f8f?source=api-prod","cve":"CVE-2025-2128","affectedVersions":"<=3.2.67","severity":"medium"},{"advisoryId":"WPSECADV/WF/816e70ce-c599-4ed6-84c6-72f18f8c162d/cost-calculator-builder","title":"Cost Calculator Builder <= 3.5.32 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"816e70ce-c599-4ed6-84c6-72f18f8c162d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/816e70ce-c599-4ed6-84c6-72f18f8c162d?source=api-prod","cve":"CVE-2025-62049","affectedVersions":"<=3.5.32","severity":"medium"},{"advisoryId":"WPSECADV/WF/94d60fcb-a542-41a9-b6ac-6ac2607068aa/cost-calculator-builder","title":"Cost Calculator Builder <= 3.1.42 - Improper Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-08-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"94d60fcb-a542-41a9-b6ac-6ac2607068aa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94d60fcb-a542-41a9-b6ac-6ac2607068aa?source=api-prod","cve":"CVE-2023-40011","affectedVersions":"<3.1.43","severity":"medium"},{"advisoryId":"WPSECADV/WF/aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd/cost-calculator-builder","title":"Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-03 14:11:08","sources":[{"name":"Wordfence","remoteId":"aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa46bdb3-6bbe-4f2f-8e1a-fbb54c5b39fd?source=api-prod","cve":"CVE-2025-9243","affectedVersions":"<=3.5.32","severity":"high"},{"advisoryId":"WPSECADV/WF/b8415e5f-17a4-425c-ac28-5dd886d1bcf1/cost-calculator-builder","title":"Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-15 20:25:52","sources":[{"name":"Wordfence","remoteId":"b8415e5f-17a4-425c-ac28-5dd886d1bcf1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b8415e5f-17a4-425c-ac28-5dd886d1bcf1?source=api-prod","cve":"CVE-2025-14757","affectedVersions":"<=3.6.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f18617cd-b2e9-480d-9ec0-9438a416721e/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.28 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"f18617cd-b2e9-480d-9ec0-9438a416721e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f18617cd-b2e9-480d-9ec0-9438a416721e?source=api-prod","cve":"CVE-2024-8379","affectedVersions":"<=3.2.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/f83cb847-1aa0-4fc1-a494-4f1851ce0b1c/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"f83cb847-1aa0-4fc1-a494-4f1851ce0b1c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f83cb847-1aa0-4fc1-a494-4f1851ce0b1c?source=api-prod","cve":"CVE-2025-48277","affectedVersions":"<=3.2.74","severity":"medium"},{"advisoryId":"WPSECADV/WF/fd7da039-f6b8-46b7-a43a-145e9f8844c3/cost-calculator-builder","title":"Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"fd7da039-f6b8-46b7-a43a-145e9f8844c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7da039-f6b8-46b7-a43a-145e9f8844c3?source=api-prod","cve":"CVE-2024-6012","affectedVersions":"<=3.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/fe684f43-8442-4b29-84a8-da8c6863e62b/cost-calculator-builder","title":"Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:19:44","sources":[{"name":"Wordfence","remoteId":"fe684f43-8442-4b29-84a8-da8c6863e62b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fe684f43-8442-4b29-84a8-da8c6863e62b?source=api-prod","cve":"CVE-2025-14755","affectedVersions":"<=4.0.1","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f73742d6f662d676f6f64732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json b/internal/data/assets/plugin_636f73742d6f662d676f6f64732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json index 85dc5fb1..ad5aa17b 100644 --- a/internal/data/assets/plugin_636f73742d6f662d676f6f64732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f73742d6f662d676f6f64732d666f722d776f6f636f6d6d65726365811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2?source=api-prod","cve":"CVE-2023-23868","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6a228f6-5c72-4c26-8b02-61158b96bd8e/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6a228f6-5c72-4c26-8b02-61158b96bd8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a228f6-5c72-4c26-8b02-61158b96bd8e?source=api-prod","cve":"CVE-2025-48240","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d13d072e-9c9c-4a32-b9f4-7d15dc704b50/cost-of-goods-for-woocommerce","title":"Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d13d072e-9c9c-4a32-b9f4-7d15dc704b50"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=api-prod","cve":"CVE-2024-0821","affectedVersions":"<=3.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee50731f-696f-4e9f-a930-05b2b23752de/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee50731f-696f-4e9f-a930-05b2b23752de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de?source=api-prod","affectedVersions":"<=2.8.6","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2?source=api-prod","cve":"CVE-2023-23868","affectedVersions":"<=2.8.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/aedde7a7-018d-45f9-8f67-f4ea01be894e/cost-of-goods-for-woocommerce","title":"Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 15:52:09","sources":[{"name":"Wordfence","remoteId":"aedde7a7-018d-45f9-8f67-f4ea01be894e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aedde7a7-018d-45f9-8f67-f4ea01be894e?source=api-prod","cve":"CVE-2026-6962","affectedVersions":"<=4.1.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6a228f6-5c72-4c26-8b02-61158b96bd8e/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-05-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6a228f6-5c72-4c26-8b02-61158b96bd8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a228f6-5c72-4c26-8b02-61158b96bd8e?source=api-prod","cve":"CVE-2025-48240","affectedVersions":"<=3.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/d13d072e-9c9c-4a32-b9f4-7d15dc704b50/cost-of-goods-for-woocommerce","title":"Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d13d072e-9c9c-4a32-b9f4-7d15dc704b50"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=api-prod","cve":"CVE-2024-0821","affectedVersions":"<=3.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/ee50731f-696f-4e9f-a930-05b2b23752de/cost-of-goods-for-woocommerce","title":"Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-02-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"ee50731f-696f-4e9f-a930-05b2b23752de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de?source=api-prod","affectedVersions":"<=2.8.6","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_636f7572742d7265736572766174696f6e811c9dc5_gen.json b/internal/data/assets/plugin_636f7572742d7265736572766174696f6e811c9dc5_gen.json index 6c46b1a7..f62d7ddb 100644 --- a/internal/data/assets/plugin_636f7572742d7265736572766174696f6e811c9dc5_gen.json +++ b/internal/data/assets/plugin_636f7572742d7265736572766174696f6e811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/court-reservation","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4afee53-9bce-4534-aa7e-119504cadc8a/court-reservation","title":"Court Reservation <= 1.10.11 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4afee53-9bce-4534-aa7e-119504cadc8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4afee53-9bce-4534-aa7e-119504cadc8a?source=api-prod","cve":"CVE-2026-39675","affectedVersions":"<=1.10.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e/court-reservation","title":"Court Reservation <= 1.10.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e?source=api-prod","cve":"CVE-2025-68852","affectedVersions":"<=1.10.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e8fecebd-c884-4124-96d6-106351e0c7a7/court-reservation","title":"Court Reservation – Manage Your Court Bookings Online < 1.10.9 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8fecebd-c884-4124-96d6-106351e0c7a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8fecebd-c884-4124-96d6-106351e0c7a7?source=api-prod","cve":"CVE-2026-1508","affectedVersions":"<1.10.9","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/court-reservation","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a482f6bb-5277-480b-8ec9-230dd4135f7c/court-reservation","title":"Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 10:05:08","sources":[{"name":"Wordfence","remoteId":"a482f6bb-5277-480b-8ec9-230dd4135f7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a482f6bb-5277-480b-8ec9-230dd4135f7c?source=api-prod","cve":"CVE-2026-1250","affectedVersions":"<=1.10.11","severity":"high"},{"advisoryId":"WPSECADV/WF/a4afee53-9bce-4534-aa7e-119504cadc8a/court-reservation","title":"Court Reservation <= 1.10.11 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4afee53-9bce-4534-aa7e-119504cadc8a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4afee53-9bce-4534-aa7e-119504cadc8a?source=api-prod","cve":"CVE-2026-39675","affectedVersions":"<=1.10.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e/court-reservation","title":"Court Reservation <= 1.10.8 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c08ff0-1f36-4b39-80b1-5b6d7ac9e96e?source=api-prod","cve":"CVE-2025-68852","affectedVersions":"<=1.10.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/e8fecebd-c884-4124-96d6-106351e0c7a7/court-reservation","title":"Court Reservation – Manage Your Court Bookings Online < 1.10.9 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8fecebd-c884-4124-96d6-106351e0c7a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8fecebd-c884-4124-96d6-106351e0c7a7?source=api-prod","cve":"CVE-2026-1508","affectedVersions":"<1.10.9","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_666c75656e74666f726d811c9dc5_gen.json b/internal/data/assets/plugin_666c75656e74666f726d811c9dc5_gen.json index ba0e63cc..d890844c 100644 --- a/internal/data/assets/plugin_666c75656e74666f726d811c9dc5_gen.json +++ b/internal/data/assets/plugin_666c75656e74666f726d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/00192a36-4b75-4dae-9a6e-0afb02ed5bad/fluentform","title":"Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-09 17:19:48","sources":[{"name":"Wordfence","remoteId":"00192a36-4b75-4dae-9a6e-0afb02ed5bad"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00192a36-4b75-4dae-9a6e-0afb02ed5bad?source=api-prod","cve":"CVE-2026-0996","affectedVersions":"<=6.1.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/0101113b-70c2-4db4-b6b1-b2412f6e1214/fluentform","title":"Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-05 17:53:19","sources":[{"name":"Wordfence","remoteId":"0101113b-70c2-4db4-b6b1-b2412f6e1214"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0101113b-70c2-4db4-b6b1-b2412f6e1214?source=api-prod","cve":"CVE-2026-6344","affectedVersions":"<=6.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0348d465-f351-4c52-b293-8b3b058292b9/fluentform","title":"Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"0348d465-f351-4c52-b293-8b3b058292b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=api-prod","cve":"CVE-2024-0618","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/071195d6-3452-4241-a8d3-92efc84e4850/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:43","sources":[{"name":"Wordfence","remoteId":"071195d6-3452-4241-a8d3-92efc84e4850"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=api-prod","cve":"CVE-2024-2771","affectedVersions":"<=5.1.16","severity":"critical"},{"advisoryId":"WPSECADV/WF/0814e7b3-404a-4db5-b564-46c9086ec048/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:45","sources":[{"name":"Wordfence","remoteId":"0814e7b3-404a-4db5-b564-46c9086ec048"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0814e7b3-404a-4db5-b564-46c9086ec048?source=api-prod","cve":"CVE-2024-2782","affectedVersions":"<=5.1.16","severity":"high"},{"advisoryId":"WPSECADV/WF/0a30d35c-9883-4b0f-83a2-494401c45d8e/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:27:30","sources":[{"name":"Wordfence","remoteId":"0a30d35c-9883-4b0f-83a2-494401c45d8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=api-prod","cve":"CVE-2024-6520","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/0b79a851-1212-4a9c-89fe-b5f2d50ec18c/fluentform","title":"FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b79a851-1212-4a9c-89fe-b5f2d50ec18c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b79a851-1212-4a9c-89fe-b5f2d50ec18c?source=api-prod","cve":"CVE-2023-0546","affectedVersions":"<=4.3.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/154fc656-3a33-4783-a941-10bb848244b3/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 00:53:13","sources":[{"name":"Wordfence","remoteId":"154fc656-3a33-4783-a941-10bb848244b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/154fc656-3a33-4783-a941-10bb848244b3?source=api-prod","cve":"CVE-2026-4160","affectedVersions":"=6.1.21","severity":"medium"},{"advisoryId":"WPSECADV/WF/20f31e48-0dbb-498a-a400-681cacea7c9c/fluentform","title":"Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"20f31e48-0dbb-498a-a400-681cacea7c9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c?source=api-prod","cve":"CVE-2023-41952","affectedVersions":"<5.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ccba77c-fb90-4906-b0fe-77607ec5df1f/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:47","sources":[{"name":"Wordfence","remoteId":"2ccba77c-fb90-4906-b0fe-77607ec5df1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ccba77c-fb90-4906-b0fe-77607ec5df1f?source=api-prod","cve":"CVE-2024-2772","affectedVersions":"<=5.1.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f/fluentform","title":"FluentForm <= 6.1.11 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f?source=api-prod","cve":"CVE-2025-69001","affectedVersions":"<=6.1.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 16:24:44","sources":[{"name":"Wordfence","remoteId":"41c2ec31-360d-4145-b0b4-77d4d1d4b8a1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=api-prod","cve":"CVE-2024-10646","affectedVersions":"<=5.2.6","severity":"high"},{"advisoryId":"WPSECADV/WF/4ed4dfee-5f14-47ce-abed-cd226c110665/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ed4dfee-5f14-47ce-abed-cd226c110665"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed4dfee-5f14-47ce-abed-cd226c110665?source=api-prod","cve":"CVE-2024-9528","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a85c367-99f5-4a46-94bc-ed6e6626514b/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.14 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a85c367-99f5-4a46-94bc-ed6e6626514b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a85c367-99f5-4a46-94bc-ed6e6626514b?source=api-prod","cve":"CVE-2026-25313","affectedVersions":"<=6.1.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fe317a6-a391-441a-aac8-c8fa57e73169/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fe317a6-a391-441a-aac8-c8fa57e73169"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe317a6-a391-441a-aac8-c8fa57e73169?source=api-prod","cve":"CVE-2024-4709","affectedVersions":"<=5.1.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:26:31","sources":[{"name":"Wordfence","remoteId":"66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=api-prod","cve":"CVE-2024-6518","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/69dc9236-8079-434f-b2b5-060a0c5eba46/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"69dc9236-8079-434f-b2b5-060a0c5eba46"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69dc9236-8079-434f-b2b5-060a0c5eba46?source=api-prod","cve":"CVE-2024-6703","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/8242e0f0-b9c5-46fe-b691-3275cd0f9a43/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-31 21:37:21","sources":[{"name":"Wordfence","remoteId":"8242e0f0-b9c5-46fe-b691-3275cd0f9a43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8242e0f0-b9c5-46fe-b691-3275cd0f9a43?source=api-prod","cve":"CVE-2024-5053","affectedVersions":"<=5.1.18","severity":"medium"},{"advisoryId":"WPSECADV/WF/8def156a-f2f2-4640-a1c9-c21c74e1f308/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"8def156a-f2f2-4640-a1c9-c21c74e1f308"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8def156a-f2f2-4640-a1c9-c21c74e1f308?source=api-prod","cve":"CVE-2024-4157","affectedVersions":"<=5.1.15","severity":"high"},{"advisoryId":"WPSECADV/WF/8e039295-2ccf-450c-8f2a-d113117b9dce/fluentform","title":"WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8e039295-2ccf-450c-8f2a-d113117b9dce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e039295-2ccf-450c-8f2a-d113117b9dce?source=api-prod","cve":"CVE-2021-34620","affectedVersions":"<3.6.67","severity":"high"},{"advisoryId":"WPSECADV/WF/938e5d6b-1ad6-4021-a148-1d1c9e8a0a83/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-02 10:27:32","sources":[{"name":"Wordfence","remoteId":"938e5d6b-1ad6-4021-a148-1d1c9e8a0a83"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/938e5d6b-1ad6-4021-a148-1d1c9e8a0a83?source=api-prod","cve":"CVE-2025-9260","affectedVersions":">=5.1.16,<=6.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/954e7509-3ebf-429a-8c65-9825ea190d53/fluentform","title":"FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"954e7509-3ebf-429a-8c65-9825ea190d53"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/954e7509-3ebf-429a-8c65-9825ea190d53?source=api-prod","cve":"CVE-2023-24410","affectedVersions":"<=4.3.25","severity":"high"},{"advisoryId":"WPSECADV/WF/9e6a1af3-d53c-4e23-95d2-3b799bc10827/fluentform","title":"Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9e6a1af3-d53c-4e23-95d2-3b799bc10827"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6a1af3-d53c-4e23-95d2-3b799bc10827?source=api-prod","cve":"CVE-2022-3463","affectedVersions":"<=4.3.12","severity":"high"},{"advisoryId":"WPSECADV/WF/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:10:10","sources":[{"name":"Wordfence","remoteId":"be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=api-prod","cve":"CVE-2024-6521","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2aee799-4e4c-4a41-8b76-e2ad576fe2e2/fluentform","title":"Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-05 18:10:08","sources":[{"name":"Wordfence","remoteId":"c2aee799-4e4c-4a41-8b76-e2ad576fe2e2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2aee799-4e4c-4a41-8b76-e2ad576fe2e2?source=api-prod","cve":"CVE-2025-13748","affectedVersions":"<=6.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ca329b94-1d4c-439c-b45a-6b39ccf3d1eb/fluentform","title":"Fluent Forms <= 5.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca329b94-1d4c-439c-b45a-6b39ccf3d1eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca329b94-1d4c-439c-b45a-6b39ccf3d1eb?source=api-prod","cve":"CVE-2024-9651","affectedVersions":"<=5.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/e06fe8e4-e27a-4492-b175-3b0846e4cf10/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 19:39:05","sources":[{"name":"Wordfence","remoteId":"e06fe8e4-e27a-4492-b175-3b0846e4cf10"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e06fe8e4-e27a-4492-b175-3b0846e4cf10?source=api-prod","cve":"CVE-2024-13666","affectedVersions":"<=5.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/f31bd18e-57d4-4c87-8a7c-a168e7e70061/fluentform","title":"Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 19:17:45","sources":[{"name":"Wordfence","remoteId":"f31bd18e-57d4-4c87-8a7c-a168e7e70061"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f31bd18e-57d4-4c87-8a7c-a168e7e70061?source=api-prod","cve":"CVE-2025-3615","affectedVersions":"<=6.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f4050403-6b8c-4023-b170-39f3cb68583e/fluentform","title":"Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"f4050403-6b8c-4023-b170-39f3cb68583e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=api-prod","cve":"CVE-2023-6957","affectedVersions":"<=5.1.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f7dbf179-7099-4dfb-8dad-780f996a7005/fluentform","title":"Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-06 20:40:48","sources":[{"name":"Wordfence","remoteId":"f7dbf179-7099-4dfb-8dad-780f996a7005"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f7dbf179-7099-4dfb-8dad-780f996a7005?source=api-prod","cve":"CVE-2025-13722","affectedVersions":"<=6.1.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/00192a36-4b75-4dae-9a6e-0afb02ed5bad/fluentform","title":"Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-09 17:19:48","sources":[{"name":"Wordfence","remoteId":"00192a36-4b75-4dae-9a6e-0afb02ed5bad"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00192a36-4b75-4dae-9a6e-0afb02ed5bad?source=api-prod","cve":"CVE-2026-0996","affectedVersions":"<=6.1.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/0101113b-70c2-4db4-b6b1-b2412f6e1214/fluentform","title":"Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-05 17:53:19","sources":[{"name":"Wordfence","remoteId":"0101113b-70c2-4db4-b6b1-b2412f6e1214"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0101113b-70c2-4db4-b6b1-b2412f6e1214?source=api-prod","cve":"CVE-2026-6344","affectedVersions":"<=6.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0348d465-f351-4c52-b293-8b3b058292b9/fluentform","title":"Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"0348d465-f351-4c52-b293-8b3b058292b9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=api-prod","cve":"CVE-2024-0618","affectedVersions":"<=5.1.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/071195d6-3452-4241-a8d3-92efc84e4850/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:43","sources":[{"name":"Wordfence","remoteId":"071195d6-3452-4241-a8d3-92efc84e4850"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=api-prod","cve":"CVE-2024-2771","affectedVersions":"<=5.1.16","severity":"critical"},{"advisoryId":"WPSECADV/WF/0814e7b3-404a-4db5-b564-46c9086ec048/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:45","sources":[{"name":"Wordfence","remoteId":"0814e7b3-404a-4db5-b564-46c9086ec048"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0814e7b3-404a-4db5-b564-46c9086ec048?source=api-prod","cve":"CVE-2024-2782","affectedVersions":"<=5.1.16","severity":"high"},{"advisoryId":"WPSECADV/WF/0a30d35c-9883-4b0f-83a2-494401c45d8e/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:27:30","sources":[{"name":"Wordfence","remoteId":"0a30d35c-9883-4b0f-83a2-494401c45d8e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=api-prod","cve":"CVE-2024-6520","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/0b79a851-1212-4a9c-89fe-b5f2d50ec18c/fluentform","title":"FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-03-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"0b79a851-1212-4a9c-89fe-b5f2d50ec18c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b79a851-1212-4a9c-89fe-b5f2d50ec18c?source=api-prod","cve":"CVE-2023-0546","affectedVersions":"<=4.3.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/154fc656-3a33-4783-a941-10bb848244b3/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 00:53:13","sources":[{"name":"Wordfence","remoteId":"154fc656-3a33-4783-a941-10bb848244b3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/154fc656-3a33-4783-a941-10bb848244b3?source=api-prod","cve":"CVE-2026-4160","affectedVersions":"=6.1.21","severity":"medium"},{"advisoryId":"WPSECADV/WF/20f31e48-0dbb-498a-a400-681cacea7c9c/fluentform","title":"Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"20f31e48-0dbb-498a-a400-681cacea7c9c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c?source=api-prod","cve":"CVE-2023-41952","affectedVersions":"<5.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/2ccba77c-fb90-4906-b0fe-77607ec5df1f/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 19:02:47","sources":[{"name":"Wordfence","remoteId":"2ccba77c-fb90-4906-b0fe-77607ec5df1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ccba77c-fb90-4906-b0fe-77607ec5df1f?source=api-prod","cve":"CVE-2024-2772","affectedVersions":"<=5.1.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f/fluentform","title":"FluentForm <= 6.1.11 - Unauthenticated Arbitrary Shortcode Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e5602b2-c1ed-40a5-8186-3ab1b5e32f7f?source=api-prod","cve":"CVE-2025-69001","affectedVersions":"<=6.1.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-12-13 16:24:44","sources":[{"name":"Wordfence","remoteId":"41c2ec31-360d-4145-b0b4-77d4d1d4b8a1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=api-prod","cve":"CVE-2024-10646","affectedVersions":"<=5.2.6","severity":"high"},{"advisoryId":"WPSECADV/WF/4ed4dfee-5f14-47ce-abed-cd226c110665/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"4ed4dfee-5f14-47ce-abed-cd226c110665"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed4dfee-5f14-47ce-abed-cd226c110665?source=api-prod","cve":"CVE-2024-9528","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/5a85c367-99f5-4a46-94bc-ed6e6626514b/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.14 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"5a85c367-99f5-4a46-94bc-ed6e6626514b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a85c367-99f5-4a46-94bc-ed6e6626514b?source=api-prod","cve":"CVE-2026-25313","affectedVersions":"<=6.1.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/5fe317a6-a391-441a-aac8-c8fa57e73169/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fe317a6-a391-441a-aac8-c8fa57e73169"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe317a6-a391-441a-aac8-c8fa57e73169?source=api-prod","cve":"CVE-2024-4709","affectedVersions":"<=5.1.16","severity":"medium"},{"advisoryId":"WPSECADV/WF/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:26:31","sources":[{"name":"Wordfence","remoteId":"66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=api-prod","cve":"CVE-2024-6518","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/69dc9236-8079-434f-b2b5-060a0c5eba46/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"69dc9236-8079-434f-b2b5-060a0c5eba46"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69dc9236-8079-434f-b2b5-060a0c5eba46?source=api-prod","cve":"CVE-2024-6703","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/8242e0f0-b9c5-46fe-b691-3275cd0f9a43/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-31 21:37:21","sources":[{"name":"Wordfence","remoteId":"8242e0f0-b9c5-46fe-b691-3275cd0f9a43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8242e0f0-b9c5-46fe-b691-3275cd0f9a43?source=api-prod","cve":"CVE-2024-5053","affectedVersions":"<=5.1.18","severity":"medium"},{"advisoryId":"WPSECADV/WF/8def156a-f2f2-4640-a1c9-c21c74e1f308/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"8def156a-f2f2-4640-a1c9-c21c74e1f308"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8def156a-f2f2-4640-a1c9-c21c74e1f308?source=api-prod","cve":"CVE-2024-4157","affectedVersions":"<=5.1.15","severity":"high"},{"advisoryId":"WPSECADV/WF/8e039295-2ccf-450c-8f2a-d113117b9dce/fluentform","title":"WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8e039295-2ccf-450c-8f2a-d113117b9dce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e039295-2ccf-450c-8f2a-d113117b9dce?source=api-prod","cve":"CVE-2021-34620","affectedVersions":"<3.6.67","severity":"high"},{"advisoryId":"WPSECADV/WF/938e5d6b-1ad6-4021-a148-1d1c9e8a0a83/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-02 10:27:32","sources":[{"name":"Wordfence","remoteId":"938e5d6b-1ad6-4021-a148-1d1c9e8a0a83"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/938e5d6b-1ad6-4021-a148-1d1c9e8a0a83?source=api-prod","cve":"CVE-2025-9260","affectedVersions":">=5.1.16,<=6.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/954e7509-3ebf-429a-8c65-9825ea190d53/fluentform","title":"FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"954e7509-3ebf-429a-8c65-9825ea190d53"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/954e7509-3ebf-429a-8c65-9825ea190d53?source=api-prod","cve":"CVE-2023-24410","affectedVersions":"<=4.3.25","severity":"high"},{"advisoryId":"WPSECADV/WF/9e6a1af3-d53c-4e23-95d2-3b799bc10827/fluentform","title":"Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-10-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9e6a1af3-d53c-4e23-95d2-3b799bc10827"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6a1af3-d53c-4e23-95d2-3b799bc10827?source=api-prod","cve":"CVE-2022-3463","affectedVersions":"<=4.3.12","severity":"high"},{"advisoryId":"WPSECADV/WF/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7/fluentform","title":"Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-26 23:10:10","sources":[{"name":"Wordfence","remoteId":"be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=api-prod","cve":"CVE-2024-6521","affectedVersions":"<=5.1.19","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2aee799-4e4c-4a41-8b76-e2ad576fe2e2/fluentform","title":"Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-05 18:10:08","sources":[{"name":"Wordfence","remoteId":"c2aee799-4e4c-4a41-8b76-e2ad576fe2e2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2aee799-4e4c-4a41-8b76-e2ad576fe2e2?source=api-prod","cve":"CVE-2025-13748","affectedVersions":"<=6.1.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ca329b94-1d4c-439c-b45a-6b39ccf3d1eb/fluentform","title":"Fluent Forms <= 5.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca329b94-1d4c-439c-b45a-6b39ccf3d1eb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca329b94-1d4c-439c-b45a-6b39ccf3d1eb?source=api-prod","cve":"CVE-2024-9651","affectedVersions":"<=5.2.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ce2d2594-e856-4249-9467-01c0fe1c0c71/fluentform","title":"Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"ce2d2594-e856-4249-9467-01c0fe1c0c71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce2d2594-e856-4249-9467-01c0fe1c0c71?source=api-prod","cve":"CVE-2026-6828","affectedVersions":"<=6.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/e06fe8e4-e27a-4492-b175-3b0846e4cf10/fluentform","title":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-21 19:39:05","sources":[{"name":"Wordfence","remoteId":"e06fe8e4-e27a-4492-b175-3b0846e4cf10"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e06fe8e4-e27a-4492-b175-3b0846e4cf10?source=api-prod","cve":"CVE-2024-13666","affectedVersions":"<=5.2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/f31bd18e-57d4-4c87-8a7c-a168e7e70061/fluentform","title":"Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-16 19:17:45","sources":[{"name":"Wordfence","remoteId":"f31bd18e-57d4-4c87-8a7c-a168e7e70061"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f31bd18e-57d4-4c87-8a7c-a168e7e70061?source=api-prod","cve":"CVE-2025-3615","affectedVersions":"<=6.0.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f4050403-6b8c-4023-b170-39f3cb68583e/fluentform","title":"Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"f4050403-6b8c-4023-b170-39f3cb68583e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=api-prod","cve":"CVE-2023-6957","affectedVersions":"<=5.1.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f7dbf179-7099-4dfb-8dad-780f996a7005/fluentform","title":"Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-06 20:40:48","sources":[{"name":"Wordfence","remoteId":"f7dbf179-7099-4dfb-8dad-780f996a7005"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f7dbf179-7099-4dfb-8dad-780f996a7005?source=api-prod","cve":"CVE-2025-13722","affectedVersions":"<=6.1.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_676f6f676c652d616e616c79746963732d666f722d776f72647072657373811c9dc5_gen.json b/internal/data/assets/plugin_676f6f676c652d616e616c79746963732d666f722d776f72647072657373811c9dc5_gen.json index b83bcb92..95df8e91 100644 --- a/internal/data/assets/plugin_676f6f676c652d616e616c79746963732d666f722d776f72647072657373811c9dc5_gen.json +++ b/internal/data/assets/plugin_676f6f676c652d616e616c79746963732d666f722d776f72647072657373811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/0388853e-4bf8-4627-876a-b842e7016de3/google-analytics-for-wordpress","title":"MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0388853e-4bf8-4627-876a-b842e7016de3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0388853e-4bf8-4627-876a-b842e7016de3?source=api-prod","cve":"CVE-2022-3904","affectedVersions":"<=8.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/247f6b86-767b-479f-90d4-79345699dd59/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 7.1 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"247f6b86-767b-479f-90d4-79345699dd59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/247f6b86-767b-479f-90d4-79345699dd59?source=api-prod","affectedVersions":"<=7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e28daa5-cdbb-464c-99d5-09a924c01b41/google-analytics-for-wordpress","title":"MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e28daa5-cdbb-464c-99d5-09a924c01b41"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e28daa5-cdbb-464c-99d5-09a924c01b41?source=api-prod","cve":"CVE-2023-0081","affectedVersions":"<=8.12.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-11-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5178f7ee-d7e3-4cd1-8cc2-121d217e66fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa?source=api-prod","cve":"CVE-2014-9174","affectedVersions":"<=5.1.2","severity":"low"},{"advisoryId":"WPSECADV/WF/6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e/google-analytics-for-wordpress","title":"MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e?source=api-prod","affectedVersions":"<=5.4.4","severity":"low"},{"advisoryId":"WPSECADV/WF/7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Authenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5?source=api-prod","affectedVersions":"<=5.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81099cdc-bce6-4ee6-b819-c3925acf96a8/google-analytics-for-wordpress","title":"Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"81099cdc-bce6-4ee6-b819-c3925acf96a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81099cdc-bce6-4ee6-b819-c3925acf96a8?source=api-prod","cve":"CVE-2023-52220","affectedVersions":"<=8.21.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9c40773d-3a2f-46b6-861e-608d662250da/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c40773d-3a2f-46b6-861e-608d662250da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c40773d-3a2f-46b6-861e-608d662250da?source=api-prod","affectedVersions":"<=5.3.3","severity":"high"},{"advisoryId":"WPSECADV/WF/a53a1178-7267-4d7f-ad9e-2906c05b8fe0/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a53a1178-7267-4d7f-ad9e-2906c05b8fe0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a53a1178-7267-4d7f-ad9e-2906c05b8fe0?source=api-prod","affectedVersions":"<=5.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/c87a80ad-27bf-404d-8adf-9acc91354515/google-analytics-for-wordpress","title":"Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"c87a80ad-27bf-404d-8adf-9acc91354515"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c87a80ad-27bf-404d-8adf-9acc91354515?source=api-prod","cve":"CVE-2023-23999","affectedVersions":"<=8.14.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/0388853e-4bf8-4627-876a-b842e7016de3/google-analytics-for-wordpress","title":"MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0388853e-4bf8-4627-876a-b842e7016de3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0388853e-4bf8-4627-876a-b842e7016de3?source=api-prod","cve":"CVE-2022-3904","affectedVersions":"<=8.9.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/247f6b86-767b-479f-90d4-79345699dd59/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 7.1 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-09-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"247f6b86-767b-479f-90d4-79345699dd59"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/247f6b86-767b-479f-90d4-79345699dd59?source=api-prod","affectedVersions":"<=7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2e28daa5-cdbb-464c-99d5-09a924c01b41/google-analytics-for-wordpress","title":"MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e28daa5-cdbb-464c-99d5-09a924c01b41"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e28daa5-cdbb-464c-99d5-09a924c01b41?source=api-prod","cve":"CVE-2023-0081","affectedVersions":"<=8.12.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-11-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5178f7ee-d7e3-4cd1-8cc2-121d217e66fa"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa?source=api-prod","cve":"CVE-2014-9174","affectedVersions":"<=5.1.2","severity":"low"},{"advisoryId":"WPSECADV/WF/5d380b66-675e-451d-a7e3-4efe1fbd08b2/google-analytics-for-wordpress","title":"MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 09:45:13","sources":[{"name":"Wordfence","remoteId":"5d380b66-675e-451d-a7e3-4efe1fbd08b2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d380b66-675e-451d-a7e3-4efe1fbd08b2?source=api-prod","cve":"CVE-2026-5371","affectedVersions":"<=10.1.2","severity":"high"},{"advisoryId":"WPSECADV/WF/6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e/google-analytics-for-wordpress","title":"MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e?source=api-prod","affectedVersions":"<=5.4.4","severity":"low"},{"advisoryId":"WPSECADV/WF/7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Authenticated Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5?source=api-prod","affectedVersions":"<=5.3.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/81099cdc-bce6-4ee6-b819-c3925acf96a8/google-analytics-for-wordpress","title":"Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"81099cdc-bce6-4ee6-b819-c3925acf96a8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81099cdc-bce6-4ee6-b819-c3925acf96a8?source=api-prod","cve":"CVE-2023-52220","affectedVersions":"<=8.21.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/9c40773d-3a2f-46b6-861e-608d662250da/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"9c40773d-3a2f-46b6-861e-608d662250da"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c40773d-3a2f-46b6-861e-608d662250da?source=api-prod","affectedVersions":"<=5.3.3","severity":"high"},{"advisoryId":"WPSECADV/WF/a53a1178-7267-4d7f-ad9e-2906c05b8fe0/google-analytics-for-wordpress","title":"MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-03-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"a53a1178-7267-4d7f-ad9e-2906c05b8fe0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a53a1178-7267-4d7f-ad9e-2906c05b8fe0?source=api-prod","affectedVersions":"<=5.3.2","severity":"high"},{"advisoryId":"WPSECADV/WF/c87a80ad-27bf-404d-8adf-9acc91354515/google-analytics-for-wordpress","title":"Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"c87a80ad-27bf-404d-8adf-9acc91354515"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c87a80ad-27bf-404d-8adf-9acc91354515?source=api-prod","cve":"CVE-2023-23999","affectedVersions":"<=8.14.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6a6f6f6d73706f72742d73706f7274732d6c65616775652d726573756c74732d6d616e6167656d656e74811c9dc5_gen.json b/internal/data/assets/plugin_6a6f6f6d73706f72742d73706f7274732d6c65616775652d726573756c74732d6d616e6167656d656e74811c9dc5_gen.json index 99a40971..4fe3b64c 100644 --- a/internal/data/assets/plugin_6a6f6f6d73706f72742d73706f7274732d6c65616775652d726573756c74732d6d616e6167656d656e74811c9dc5_gen.json +++ b/internal/data/assets/plugin_6a6f6f6d73706f72742d73706f7274732d6c65616775652d726573756c74732d6d616e6167656d656e74811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/31ca2de5-d63c-4ff8-9963-b96213d17cd0/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more < 3.4 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"31ca2de5-d63c-4ff8-9963-b96213d17cd0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31ca2de5-d63c-4ff8-9963-b96213d17cd0?source=api-prod","cve":"CVE-2019-14348","affectedVersions":"<3.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/3f202cc3-ab74-4abb-9eed-b4caf9fccb71/joomsport-sports-league-results-management","title":"JoomSport <= 5.2.7 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f202cc3-ab74-4abb-9eed-b4caf9fccb71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f202cc3-ab74-4abb-9eed-b4caf9fccb71?source=api-prod","cve":"CVE-2022-4050","affectedVersions":"<=5.2.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/4f3900c7-2acb-4031-9854-b0b13e172e1f/joomsport-sports-league-results-management","title":"JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-02 22:17:24","sources":[{"name":"Wordfence","remoteId":"4f3900c7-2acb-4031-9854-b0b13e172e1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3900c7-2acb-4031-9854-b0b13e172e1f?source=api-prod","cve":"CVE-2025-7721","affectedVersions":"<=5.7.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=api-prod","cve":"CVE-2022-2717","affectedVersions":"<=5.2.5","severity":"high"},{"advisoryId":"WPSECADV/WF/9eee9bec-609a-468b-8b44-ac4af409df93/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9eee9bec-609a-468b-8b44-ac4af409df93"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9eee9bec-609a-468b-8b44-ac4af409df93?source=api-prod","cve":"CVE-2022-2718","affectedVersions":"<=5.2.5","severity":"high"},{"advisoryId":"WPSECADV/WF/b4503e2c-0d0d-45de-a597-baace44a98a7/joomsport-sports-league-results-management","title":"JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4503e2c-0d0d-45de-a597-baace44a98a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4503e2c-0d0d-45de-a597-baace44a98a7?source=api-prod","cve":"CVE-2024-12633","affectedVersions":"<=5.6.17","severity":"high"},{"advisoryId":"WPSECADV/WF/b96273e8-29a8-4802-8c83-1ce5ab9600b6/joomsport-sports-league-results-management","title":"JoomSport <= 5.3.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b96273e8-29a8-4802-8c83-1ce5ab9600b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b96273e8-29a8-4802-8c83-1ce5ab9600b6?source=api-prod","cve":"CVE-2024-43355","affectedVersions":"<=5.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2b9c6ab-28b4-49c7-9dc2-32bca81300f8/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.7.7 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"c2b9c6ab-28b4-49c7-9dc2-32bca81300f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b9c6ab-28b4-49c7-9dc2-32bca81300f8?source=api-prod","cve":"CVE-2026-42647","affectedVersions":"<=5.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/ca7e7419-5e1f-42f3-8dad-78d536b36888/joomsport-sports-league-results-management","title":"JoomSport <= 5.6.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca7e7419-5e1f-42f3-8dad-78d536b36888"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca7e7419-5e1f-42f3-8dad-78d536b36888?source=api-prod","cve":"CVE-2024-44031","affectedVersions":"<=5.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d5400ec0-383b-4ac5-9b38-44533519e44d/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.1.7 - Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5400ec0-383b-4ac5-9b38-44533519e44d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5400ec0-383b-4ac5-9b38-44533519e44d?source=api-prod","cve":"CVE-2021-24384","affectedVersions":"<5.1.8","severity":"critical"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/28b730b3-4260-414f-8a4a-65ba5509449b/joomsport-sports-league-results-management","title":"JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 17:13:07","sources":[{"name":"Wordfence","remoteId":"28b730b3-4260-414f-8a4a-65ba5509449b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28b730b3-4260-414f-8a4a-65ba5509449b?source=api-prod","cve":"CVE-2026-6929","affectedVersions":"<=5.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/31ca2de5-d63c-4ff8-9963-b96213d17cd0/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more < 3.4 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-07-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"31ca2de5-d63c-4ff8-9963-b96213d17cd0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/31ca2de5-d63c-4ff8-9963-b96213d17cd0?source=api-prod","cve":"CVE-2019-14348","affectedVersions":"<3.4","severity":"critical"},{"advisoryId":"WPSECADV/WF/3f202cc3-ab74-4abb-9eed-b4caf9fccb71/joomsport-sports-league-results-management","title":"JoomSport <= 5.2.7 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-11-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"3f202cc3-ab74-4abb-9eed-b4caf9fccb71"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f202cc3-ab74-4abb-9eed-b4caf9fccb71?source=api-prod","cve":"CVE-2022-4050","affectedVersions":"<=5.2.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/4f3900c7-2acb-4031-9854-b0b13e172e1f/joomsport-sports-league-results-management","title":"JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-02 22:17:24","sources":[{"name":"Wordfence","remoteId":"4f3900c7-2acb-4031-9854-b0b13e172e1f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3900c7-2acb-4031-9854-b0b13e172e1f?source=api-prod","cve":"CVE-2025-7721","affectedVersions":"<=5.7.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=api-prod","cve":"CVE-2022-2717","affectedVersions":"<=5.2.5","severity":"high"},{"advisoryId":"WPSECADV/WF/9eee9bec-609a-468b-8b44-ac4af409df93/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"9eee9bec-609a-468b-8b44-ac4af409df93"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9eee9bec-609a-468b-8b44-ac4af409df93?source=api-prod","cve":"CVE-2022-2718","affectedVersions":"<=5.2.5","severity":"high"},{"advisoryId":"WPSECADV/WF/b4503e2c-0d0d-45de-a597-baace44a98a7/joomsport-sports-league-results-management","title":"JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-01-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"b4503e2c-0d0d-45de-a597-baace44a98a7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4503e2c-0d0d-45de-a597-baace44a98a7?source=api-prod","cve":"CVE-2024-12633","affectedVersions":"<=5.6.17","severity":"high"},{"advisoryId":"WPSECADV/WF/b96273e8-29a8-4802-8c83-1ce5ab9600b6/joomsport-sports-league-results-management","title":"JoomSport <= 5.3.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b96273e8-29a8-4802-8c83-1ce5ab9600b6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b96273e8-29a8-4802-8c83-1ce5ab9600b6?source=api-prod","cve":"CVE-2024-43355","affectedVersions":"<=5.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c2b9c6ab-28b4-49c7-9dc2-32bca81300f8/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.7.7 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"c2b9c6ab-28b4-49c7-9dc2-32bca81300f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b9c6ab-28b4-49c7-9dc2-32bca81300f8?source=api-prod","cve":"CVE-2026-42647","affectedVersions":"<=5.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/ca7e7419-5e1f-42f3-8dad-78d536b36888/joomsport-sports-league-results-management","title":"JoomSport <= 5.6.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"ca7e7419-5e1f-42f3-8dad-78d536b36888"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca7e7419-5e1f-42f3-8dad-78d536b36888?source=api-prod","cve":"CVE-2024-44031","affectedVersions":"<=5.6.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/d5400ec0-383b-4ac5-9b38-44533519e44d/joomsport-sports-league-results-management","title":"JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.1.7 - Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"d5400ec0-383b-4ac5-9b38-44533519e44d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5400ec0-383b-4ac5-9b38-44533519e44d?source=api-prod","cve":"CVE-2021-24384","affectedVersions":"<5.1.8","severity":"critical"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6d616769632d6578706f72742d696d706f7274811c9dc5_gen.json b/internal/data/assets/plugin_6d616769632d6578706f72742d696d706f7274811c9dc5_gen.json new file mode 100644 index 00000000..53cf3f12 --- /dev/null +++ b/internal/data/assets/plugin_6d616769632d6578706f72742d696d706f7274811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/4cee3426-63f4-47c3-9668-64217994752c/magic-export-import","title":"Magic Export & Import <= 1.1.0 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"4cee3426-63f4-47c3-9668-64217994752c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cee3426-63f4-47c3-9668-64217994752c?source=api-prod","cve":"CVE-2026-5335","affectedVersions":"<=1.1.0","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6e656c696f2d61622d74657374696e67811c9dc5_gen.json b/internal/data/assets/plugin_6e656c696f2d61622d74657374696e67811c9dc5_gen.json index e2b23668..6543c4f9 100644 --- a/internal/data/assets/plugin_6e656c696f2d61622d74657374696e67811c9dc5_gen.json +++ b/internal/data/assets/plugin_6e656c696f2d61622d74657374696e67811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/28333161-9c76-4108-9256-9ffa91eaf818/nelio-ab-testing","title":"Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"28333161-9c76-4108-9256-9ffa91eaf818"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28333161-9c76-4108-9256-9ffa91eaf818?source=api-prod","cve":"CVE-2017-18547","affectedVersions":"<4.6.4","severity":"high"},{"advisoryId":"WPSECADV/WF/3b806e11-57ad-4976-9ece-419ad6581cc4/nelio-ab-testing","title":"Nelio AB Testing < 4.5.9 - Server Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"3b806e11-57ad-4976-9ece-419ad6581cc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b806e11-57ad-4976-9ece-419ad6581cc4?source=api-prod","cve":"CVE-2016-10926","affectedVersions":"<=4.5.8","severity":"high"},{"advisoryId":"WPSECADV/WF/558b27a3-548b-4df3-84aa-24331394f2fe/nelio-ab-testing","title":"Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"558b27a3-548b-4df3-84aa-24331394f2fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/558b27a3-548b-4df3-84aa-24331394f2fe?source=api-prod","cve":"CVE-2026-25378","affectedVersions":"<=8.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6077a093-b2ec-4491-a4a7-d70b2858d772/nelio-ab-testing","title":"Nelio AB Testing < 4.5.11 - Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"6077a093-b2ec-4491-a4a7-d70b2858d772"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6077a093-b2ec-4491-a4a7-d70b2858d772?source=api-prod","cve":"CVE-2016-10927","affectedVersions":"<4.5.11","severity":"high"},{"advisoryId":"WPSECADV/WF/a65e820d-afb7-4e1c-b690-5948447af59a/nelio-ab-testing","title":"Nelio AB Testing < 4.5.0 - Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"a65e820d-afb7-4e1c-b690-5948447af59a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a65e820d-afb7-4e1c-b690-5948447af59a?source=api-prod","cve":"CVE-2016-10977","affectedVersions":"<=4.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d09985e9-ee18-41a0-94d0-05dd80a68ed9/nelio-ab-testing","title":"Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d09985e9-ee18-41a0-94d0-05dd80a68ed9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d09985e9-ee18-41a0-94d0-05dd80a68ed9?source=api-prod","cve":"CVE-2025-67944","affectedVersions":"<=8.1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/f96d99dc-df3a-4b01-b276-08a85860720e/nelio-ab-testing","title":"Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f96d99dc-df3a-4b01-b276-08a85860720e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f96d99dc-df3a-4b01-b276-08a85860720e?source=api-prod","cve":"CVE-2026-32573","affectedVersions":"<=8.2.7","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/28333161-9c76-4108-9256-9ffa91eaf818/nelio-ab-testing","title":"Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-05-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"28333161-9c76-4108-9256-9ffa91eaf818"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28333161-9c76-4108-9256-9ffa91eaf818?source=api-prod","cve":"CVE-2017-18547","affectedVersions":"<4.6.4","severity":"high"},{"advisoryId":"WPSECADV/WF/3b806e11-57ad-4976-9ece-419ad6581cc4/nelio-ab-testing","title":"Nelio AB Testing < 4.5.9 - Server Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-08 00:00:00","sources":[{"name":"Wordfence","remoteId":"3b806e11-57ad-4976-9ece-419ad6581cc4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b806e11-57ad-4976-9ece-419ad6581cc4?source=api-prod","cve":"CVE-2016-10926","affectedVersions":"<=4.5.8","severity":"high"},{"advisoryId":"WPSECADV/WF/558b27a3-548b-4df3-84aa-24331394f2fe/nelio-ab-testing","title":"Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"558b27a3-548b-4df3-84aa-24331394f2fe"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/558b27a3-548b-4df3-84aa-24331394f2fe?source=api-prod","cve":"CVE-2026-25378","affectedVersions":"<=8.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/6077a093-b2ec-4491-a4a7-d70b2858d772/nelio-ab-testing","title":"Nelio AB Testing < 4.5.11 - Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-12-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"6077a093-b2ec-4491-a4a7-d70b2858d772"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6077a093-b2ec-4491-a4a7-d70b2858d772?source=api-prod","cve":"CVE-2016-10927","affectedVersions":"<4.5.11","severity":"high"},{"advisoryId":"WPSECADV/WF/a65e820d-afb7-4e1c-b690-5948447af59a/nelio-ab-testing","title":"Nelio AB Testing < 4.5.0 - Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-05-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"a65e820d-afb7-4e1c-b690-5948447af59a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a65e820d-afb7-4e1c-b690-5948447af59a?source=api-prod","cve":"CVE-2016-10977","affectedVersions":"<=4.4.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/d09985e9-ee18-41a0-94d0-05dd80a68ed9/nelio-ab-testing","title":"Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"d09985e9-ee18-41a0-94d0-05dd80a68ed9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d09985e9-ee18-41a0-94d0-05dd80a68ed9?source=api-prod","cve":"CVE-2025-67944","affectedVersions":"<=8.1.8","severity":"high"},{"advisoryId":"WPSECADV/WF/e53ca576-9705-4362-b2b7-338477002ab9/nelio-ab-testing","title":"Nelio AB Testing <= 8.2.8 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"e53ca576-9705-4362-b2b7-338477002ab9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e53ca576-9705-4362-b2b7-338477002ab9?source=api-prod","cve":"CVE-2026-40742","affectedVersions":"<=8.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/f96d99dc-df3a-4b01-b276-08a85860720e/nelio-ab-testing","title":"Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"f96d99dc-df3a-4b01-b276-08a85860720e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f96d99dc-df3a-4b01-b276-08a85860720e?source=api-prod","cve":"CVE-2026-32573","affectedVersions":"<=8.2.7","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json b/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json index 5ccb8144..a8b44b91 100644 --- a/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json +++ b/internal/data/assets/plugin_6e6d656469612d757365722d66696c652d75706c6f61646572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/28a7b2c9-5d8d-4b49-a47c-473e3288b563/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"28a7b2c9-5d8d-4b49-a47c-473e3288b563"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-prod","cve":"CVE-2021-4344","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c1e6298-f243-49a5-b1b7-52bd6a6c8858/nmedia-user-file-uploader","title":"Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c1e6298-f243-49a5-b1b7-52bd6a6c8858"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=api-prod","cve":"CVE-2016-15042","affectedVersions":"<4.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"361e2d5c-4355-4e71-91aa-2c1bc6b6fb78"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-prod","cve":"CVE-2022-3126","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/49150180-9de0-4318-b21b-779daaeb7a52/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"49150180-9de0-4318-b21b-779daaeb7a52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=api-prod","cve":"CVE-2021-4350","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/4cbc0dd4-4dea-4890-95d0-9531a669b95d/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"4cbc0dd4-4dea-4890-95d0-9531a669b95d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cbc0dd4-4dea-4890-95d0-9531a669b95d?source=api-prod","cve":"CVE-2026-0829","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5539aa79-66ad-43fa-967c-2bec877061e0/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5539aa79-66ad-43fa-967c-2bec877061e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-prod","cve":"CVE-2021-4351","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/59b63a01-fd8b-4742-a52f-c0a7b59e9e04/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"59b63a01-fd8b-4742-a52f-c0a7b59e9e04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59b63a01-fd8b-4742-a52f-c0a7b59e9e04?source=api-prod","affectedVersions":"<=21.3","severity":"high"},{"advisoryId":"WPSECADV/WF/628eef73-1725-4290-bb30-07792d1d5b6c/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"628eef73-1725-4290-bb30-07792d1d5b6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-prod","cve":"CVE-2022-3125","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"79e2011c-5e4d-4d02-831f-6b4dcfcaa51e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-prod","cve":"CVE-2021-4356","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/84c61d00-20c1-4176-a74d-ea6ff6220f26/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"84c61d00-20c1-4176-a74d-ea6ff6220f26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-prod","cve":"CVE-2021-4359","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8a11c169-a232-49a9-80be-40d45d0c6dc0/nmedia-user-file-uploader","title":"Frontend File Manager Plugin < 3.6 - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a11c169-a232-49a9-80be-40d45d0c6dc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-prod","cve":"CVE-2014-5324","affectedVersions":"<3.6","severity":"high"},{"advisoryId":"WPSECADV/WF/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a?source=api-prod","cve":"CVE-2026-25005","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ff66981-68ed-489a-b53f-4a1029e7590e/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff66981-68ed-489a-b53f-4a1029e7590e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff66981-68ed-489a-b53f-4a1029e7590e?source=api-prod","cve":"CVE-2025-57921","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9615ef3f-e1e3-4791-a5a5-19260fee6354/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9615ef3f-e1e3-4791-a5a5-19260fee6354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9615ef3f-e1e3-4791-a5a5-19260fee6354?source=api-prod","cve":"CVE-2025-14804","affectedVersions":"<=23.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a9c82154-d390-44ba-a54a-89f4bb69cdce/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9c82154-d390-44ba-a54a-89f4bb69cdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-prod","cve":"CVE-2021-4365","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa8d5feb-2ae9-44b8-90b5-9fc67226855a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 19:15:11","sources":[{"name":"Wordfence","remoteId":"aa8d5feb-2ae9-44b8-90b5-9fc67226855a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8d5feb-2ae9-44b8-90b5-9fc67226855a?source=api-prod","cve":"CVE-2025-13382","affectedVersions":"<=23.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/abf422ce-fa03-4bed-a4ec-b31d36de7633/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"abf422ce-fa03-4bed-a4ec-b31d36de7633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=api-prod","cve":"CVE-2023-7306","affectedVersions":"<=21.5","severity":"high"},{"advisoryId":"WPSECADV/WF/adb1d8b0-b1d6-40df-b591-f1062ee744fb/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"adb1d8b0-b1d6-40df-b591-f1062ee744fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-prod","cve":"CVE-2021-4368","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/b59b5c41-6173-485e-869d-4165dc18e2bd/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"b59b5c41-6173-485e-869d-4165dc18e2bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-prod","cve":"CVE-2023-5105","affectedVersions":"<=22.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/bbade634-cd81-41c0-8976-f5cb251da3f2/nmedia-user-file-uploader","title":"Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"bbade634-cd81-41c0-8976-f5cb251da3f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-prod","cve":"CVE-2024-25903","affectedVersions":"<=22.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c434e6b8-0dd5-4ffe-93b1-1af614c08f85/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c434e6b8-0dd5-4ffe-93b1-1af614c08f85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-prod","cve":"CVE-2021-4369","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c56e5250-7cbd-41f4-9b8c-79a644830708/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c56e5250-7cbd-41f4-9b8c-79a644830708"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-prod","cve":"CVE-2022-3124","affectedVersions":"<=21.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6de5295-cb13-4e53-bcb2-3fc6c95b849a/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6de5295-cb13-4e53-bcb2-3fc6c95b849a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6de5295-cb13-4e53-bcb2-3fc6c95b849a?source=api-prod","cve":"CVE-2025-27358","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e739e7d3-756a-4c93-9ca7-f7b9f9657033/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 21:50:20","sources":[{"name":"Wordfence","remoteId":"e739e7d3-756a-4c93-9ca7-f7b9f9657033"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=api-prod","cve":"CVE-2026-1280","affectedVersions":"<=23.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2ed5e51-8783-4b7f-9177-c116bf0fad44/nmedia-user-file-uploader","title":"Frontend File Manager <= 3.7 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2ed5e51-8783-4b7f-9177-c116bf0fad44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ed5e51-8783-4b7f-9177-c116bf0fad44?source=api-prod","affectedVersions":"<=3.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/f8f372cb-739f-44e2-9074-e91b8c903837/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8f372cb-739f-44e2-9074-e91b8c903837"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f372cb-739f-44e2-9074-e91b8c903837?source=api-prod","cve":"CVE-2025-64265","affectedVersions":"<=23.2","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/28a7b2c9-5d8d-4b49-a47c-473e3288b563/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"28a7b2c9-5d8d-4b49-a47c-473e3288b563"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-prod","cve":"CVE-2021-4344","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a60d27b-dfcc-464e-a927-eb6bb35f9932/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a60d27b-dfcc-464e-a927-eb6bb35f9932"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a60d27b-dfcc-464e-a927-eb6bb35f9932?source=api-prod","cve":"CVE-2026-5337","affectedVersions":"<=23.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/2c1e6298-f243-49a5-b1b7-52bd6a6c8858/nmedia-user-file-uploader","title":"Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"2c1e6298-f243-49a5-b1b7-52bd6a6c8858"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=api-prod","cve":"CVE-2016-15042","affectedVersions":"<4.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"361e2d5c-4355-4e71-91aa-2c1bc6b6fb78"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-prod","cve":"CVE-2022-3126","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/49150180-9de0-4318-b21b-779daaeb7a52/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"49150180-9de0-4318-b21b-779daaeb7a52"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=api-prod","cve":"CVE-2021-4350","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/4cbc0dd4-4dea-4890-95d0-9531a669b95d/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"4cbc0dd4-4dea-4890-95d0-9531a669b95d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cbc0dd4-4dea-4890-95d0-9531a669b95d?source=api-prod","cve":"CVE-2026-0829","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/5539aa79-66ad-43fa-967c-2bec877061e0/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"5539aa79-66ad-43fa-967c-2bec877061e0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-prod","cve":"CVE-2021-4351","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/59b63a01-fd8b-4742-a52f-c0a7b59e9e04/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"59b63a01-fd8b-4742-a52f-c0a7b59e9e04"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59b63a01-fd8b-4742-a52f-c0a7b59e9e04?source=api-prod","affectedVersions":"<=21.3","severity":"high"},{"advisoryId":"WPSECADV/WF/628eef73-1725-4290-bb30-07792d1d5b6c/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"628eef73-1725-4290-bb30-07792d1d5b6c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-prod","cve":"CVE-2022-3125","affectedVersions":"<=21.2","severity":"high"},{"advisoryId":"WPSECADV/WF/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"79e2011c-5e4d-4d02-831f-6b4dcfcaa51e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-prod","cve":"CVE-2021-4356","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/84c61d00-20c1-4176-a74d-ea6ff6220f26/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"84c61d00-20c1-4176-a74d-ea6ff6220f26"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-prod","cve":"CVE-2021-4359","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/8a11c169-a232-49a9-80be-40d45d0c6dc0/nmedia-user-file-uploader","title":"Frontend File Manager Plugin < 3.6 - Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2014-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a11c169-a232-49a9-80be-40d45d0c6dc0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-prod","cve":"CVE-2014-5324","affectedVersions":"<3.6","severity":"high"},{"advisoryId":"WPSECADV/WF/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a64d68b-8a0d-451b-ae2e-3cc583b4ed5a?source=api-prod","cve":"CVE-2026-25005","affectedVersions":"<=23.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/8ff66981-68ed-489a-b53f-4a1029e7590e/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff66981-68ed-489a-b53f-4a1029e7590e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff66981-68ed-489a-b53f-4a1029e7590e?source=api-prod","cve":"CVE-2025-57921","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/9615ef3f-e1e3-4791-a5a5-19260fee6354/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"9615ef3f-e1e3-4791-a5a5-19260fee6354"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9615ef3f-e1e3-4791-a5a5-19260fee6354?source=api-prod","cve":"CVE-2025-14804","affectedVersions":"<=23.4","severity":"high"},{"advisoryId":"WPSECADV/WF/a9c82154-d390-44ba-a54a-89f4bb69cdce/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"a9c82154-d390-44ba-a54a-89f4bb69cdce"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-prod","cve":"CVE-2021-4365","affectedVersions":"<18.3","severity":"high"},{"advisoryId":"WPSECADV/WF/aa8d5feb-2ae9-44b8-90b5-9fc67226855a/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-11-24 19:15:11","sources":[{"name":"Wordfence","remoteId":"aa8d5feb-2ae9-44b8-90b5-9fc67226855a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8d5feb-2ae9-44b8-90b5-9fc67226855a?source=api-prod","cve":"CVE-2025-13382","affectedVersions":"<=23.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/abf422ce-fa03-4bed-a4ec-b31d36de7633/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"abf422ce-fa03-4bed-a4ec-b31d36de7633"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=api-prod","cve":"CVE-2023-7306","affectedVersions":"<=21.5","severity":"high"},{"advisoryId":"WPSECADV/WF/adb1d8b0-b1d6-40df-b591-f1062ee744fb/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"adb1d8b0-b1d6-40df-b591-f1062ee744fb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-prod","cve":"CVE-2021-4368","affectedVersions":"<18.3","severity":"critical"},{"advisoryId":"WPSECADV/WF/b59b5c41-6173-485e-869d-4165dc18e2bd/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-11-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"b59b5c41-6173-485e-869d-4165dc18e2bd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-prod","cve":"CVE-2023-5105","affectedVersions":"<=22.5","severity":"critical"},{"advisoryId":"WPSECADV/WF/bbade634-cd81-41c0-8976-f5cb251da3f2/nmedia-user-file-uploader","title":"Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"bbade634-cd81-41c0-8976-f5cb251da3f2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-prod","cve":"CVE-2024-25903","affectedVersions":"<=22.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c434e6b8-0dd5-4ffe-93b1-1af614c08f85/nmedia-user-file-uploader","title":"Frontend File Manager <= 18.2 - Unauthenticated Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-07-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"c434e6b8-0dd5-4ffe-93b1-1af614c08f85"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-prod","cve":"CVE-2021-4369","affectedVersions":"<18.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/c56e5250-7cbd-41f4-9b8c-79a644830708/nmedia-user-file-uploader","title":"Frontend File Manager <= 21.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c56e5250-7cbd-41f4-9b8c-79a644830708"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-prod","cve":"CVE-2022-3124","affectedVersions":"<=21.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/d6de5295-cb13-4e53-bcb2-3fc6c95b849a/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-07-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6de5295-cb13-4e53-bcb2-3fc6c95b849a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6de5295-cb13-4e53-bcb2-3fc6c95b849a?source=api-prod","cve":"CVE-2025-27358","affectedVersions":"<=23.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/e739e7d3-756a-4c93-9ca7-f7b9f9657033/nmedia-user-file-uploader","title":"Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 21:50:20","sources":[{"name":"Wordfence","remoteId":"e739e7d3-756a-4c93-9ca7-f7b9f9657033"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=api-prod","cve":"CVE-2026-1280","affectedVersions":"<=23.5","severity":"high"},{"advisoryId":"WPSECADV/WF/f2ed5e51-8783-4b7f-9177-c116bf0fad44/nmedia-user-file-uploader","title":"Frontend File Manager <= 3.7 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-06-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"f2ed5e51-8783-4b7f-9177-c116bf0fad44"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ed5e51-8783-4b7f-9177-c116bf0fad44?source=api-prod","affectedVersions":"<=3.7","severity":"critical"},{"advisoryId":"WPSECADV/WF/f8f372cb-739f-44e2-9074-e91b8c903837/nmedia-user-file-uploader","title":"Frontend File Manager <= 23.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8f372cb-739f-44e2-9074-e91b8c903837"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f372cb-739f-44e2-9074-e91b8c903837?source=api-prod","cve":"CVE-2025-64265","affectedVersions":"<=23.2","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_73686172652d746869732d696d616765811c9dc5_gen.json b/internal/data/assets/plugin_73686172652d746869732d696d616765811c9dc5_gen.json index 9401f900..3b513775 100644 --- a/internal/data/assets/plugin_73686172652d746869732d696d616765811c9dc5_gen.json +++ b/internal/data/assets/plugin_73686172652d746869732d696d616765811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1e72d5c7-c601-4775-a825-4786bbd1b5f0/share-this-image","title":"Share This Image <= 2.03 - Open Redirect via link Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-16 19:55:52","sources":[{"name":"Wordfence","remoteId":"1e72d5c7-c601-4775-a825-4786bbd1b5f0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=api-prod","cve":"CVE-2024-8761","affectedVersions":"<=2.03","severity":"high"},{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/share-this-image","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.67","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/share-this-image","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":">=1.47,<=1.80","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf/share-this-image","title":"Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-30 20:12:12","sources":[{"name":"Wordfence","remoteId":"5cb5368f-99b1-43e3-a2e4-67e90c8edfcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=api-prod","cve":"CVE-2024-8108","affectedVersions":"<=2.01","severity":"medium"},{"advisoryId":"WPSECADV/WF/5eeebd5f-6062-4ddd-a7bf-6afbeeed568e/share-this-image","title":"Share This Image <= 2.01 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"5eeebd5f-6062-4ddd-a7bf-6afbeeed568e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5eeebd5f-6062-4ddd-a7bf-6afbeeed568e?source=api-prod","cve":"CVE-2024-47326","affectedVersions":"<=2.01","severity":"medium"},{"advisoryId":"WPSECADV/WF/774776dc-3780-496c-907a-0d1f86a5d0ac/share-this-image","title":"Share This Image <= 1.98 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"774776dc-3780-496c-907a-0d1f86a5d0ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/774776dc-3780-496c-907a-0d1f86a5d0ac?source=api-prod","cve":"CVE-2024-33930","affectedVersions":"<=1.98","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a61ab8b-e41b-44de-aa08-f5d659346a5b/share-this-image","title":"Share This Image <= 2.12 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7a61ab8b-e41b-44de-aa08-f5d659346a5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a61ab8b-e41b-44de-aa08-f5d659346a5b?source=api-prod","cve":"CVE-2026-39563","affectedVersions":"<=2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5a739d5-648f-4d79-ac37-335e89127d90/share-this-image","title":"Share This Image < 1.04 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-12-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5a739d5-648f-4d79-ac37-335e89127d90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a739d5-648f-4d79-ac37-335e89127d90?source=api-prod","cve":"CVE-2017-18015","affectedVersions":"<1.04","severity":"medium"},{"advisoryId":"WPSECADV/WF/d01b6056-a38d-4a60-9cdc-68663aa2aed6/share-this-image","title":"Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-04 20:25:55","sources":[{"name":"Wordfence","remoteId":"d01b6056-a38d-4a60-9cdc-68663aa2aed6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=api-prod","cve":"CVE-2024-8363","affectedVersions":"<=2.02","severity":"medium"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/share-this-image","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=2.07","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc/share-this-image","title":"Share This Image <= 2.09 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc?source=api-prod","cve":"CVE-2026-25010","affectedVersions":"<=2.09","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1e72d5c7-c601-4775-a825-4786bbd1b5f0/share-this-image","title":"Share This Image <= 2.03 - Open Redirect via link Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-16 19:55:52","sources":[{"name":"Wordfence","remoteId":"1e72d5c7-c601-4775-a825-4786bbd1b5f0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=api-prod","cve":"CVE-2024-8761","affectedVersions":"<=2.03","severity":"high"},{"advisoryId":"WPSECADV/WF/25bdc101-ba13-40fa-97af-75777a2f4bf8/share-this-image","title":"Share This Image <= 2.14 - Unauthenticated Server-Side Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-13 00:00:00","sources":[{"name":"Wordfence","remoteId":"25bdc101-ba13-40fa-97af-75777a2f4bf8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25bdc101-ba13-40fa-97af-75777a2f4bf8?source=api-prod","cve":"CVE-2026-42641","affectedVersions":"<=2.14","severity":"high"},{"advisoryId":"WPSECADV/WF/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42/share-this-image","title":"Freemius SDK <= 2.4.2 - Missing Authorization Checks\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-03-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"39fb0499-9ab4-4a2f-b0db-ece86bcf4d42"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod","cve":"CVE-2022-4974","affectedVersions":"<1.67","severity":"medium"},{"advisoryId":"WPSECADV/WF/5253fe2b-040b-417c-b257-0cb59ee5aa6e/share-this-image","title":"Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-07-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"5253fe2b-040b-417c-b257-0cb59ee5aa6e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod","cve":"CVE-2023-33999","affectedVersions":">=1.47,<=1.80","severity":"medium"},{"advisoryId":"WPSECADV/WF/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf/share-this-image","title":"Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-30 20:12:12","sources":[{"name":"Wordfence","remoteId":"5cb5368f-99b1-43e3-a2e4-67e90c8edfcf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=api-prod","cve":"CVE-2024-8108","affectedVersions":"<=2.01","severity":"medium"},{"advisoryId":"WPSECADV/WF/5eeebd5f-6062-4ddd-a7bf-6afbeeed568e/share-this-image","title":"Share This Image <= 2.01 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"5eeebd5f-6062-4ddd-a7bf-6afbeeed568e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5eeebd5f-6062-4ddd-a7bf-6afbeeed568e?source=api-prod","cve":"CVE-2024-47326","affectedVersions":"<=2.01","severity":"medium"},{"advisoryId":"WPSECADV/WF/774776dc-3780-496c-907a-0d1f86a5d0ac/share-this-image","title":"Share This Image <= 1.98 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"774776dc-3780-496c-907a-0d1f86a5d0ac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/774776dc-3780-496c-907a-0d1f86a5d0ac?source=api-prod","cve":"CVE-2024-33930","affectedVersions":"<=1.98","severity":"medium"},{"advisoryId":"WPSECADV/WF/7a61ab8b-e41b-44de-aa08-f5d659346a5b/share-this-image","title":"Share This Image <= 2.12 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"7a61ab8b-e41b-44de-aa08-f5d659346a5b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a61ab8b-e41b-44de-aa08-f5d659346a5b?source=api-prod","cve":"CVE-2026-39563","affectedVersions":"<=2.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/a5a739d5-648f-4d79-ac37-335e89127d90/share-this-image","title":"Share This Image < 1.04 - Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2017-12-18 00:00:00","sources":[{"name":"Wordfence","remoteId":"a5a739d5-648f-4d79-ac37-335e89127d90"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a739d5-648f-4d79-ac37-335e89127d90?source=api-prod","cve":"CVE-2017-18015","affectedVersions":"<1.04","severity":"medium"},{"advisoryId":"WPSECADV/WF/d01b6056-a38d-4a60-9cdc-68663aa2aed6/share-this-image","title":"Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-04 20:25:55","sources":[{"name":"Wordfence","remoteId":"d01b6056-a38d-4a60-9cdc-68663aa2aed6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=api-prod","cve":"CVE-2024-8363","affectedVersions":"<=2.02","severity":"medium"},{"advisoryId":"WPSECADV/WF/d694491c-c0f5-4418-805a-db792ea4f712/share-this-image","title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-30 17:17:30","sources":[{"name":"Wordfence","remoteId":"d694491c-c0f5-4418-805a-db792ea4f712"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=api-prod","cve":"CVE-2024-13362","affectedVersions":"<=2.07","severity":"medium"},{"advisoryId":"WPSECADV/WF/f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc/share-this-image","title":"Share This Image <= 2.09 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3a4fb4a-f466-4dff-8bf5-d03dd6a0b2dc?source=api-prod","cve":"CVE-2026-25010","affectedVersions":"<=2.09","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_736e6f772d6d6f6e6b65792d626c6f636b73811c9dc5_gen.json b/internal/data/assets/plugin_736e6f772d6d6f6e6b65792d626c6f636b73811c9dc5_gen.json new file mode 100644 index 00000000..cf584d0a --- /dev/null +++ b/internal/data/assets/plugin_736e6f772d6d6f6e6b65792d626c6f636b73811c9dc5_gen.json @@ -0,0 +1 @@ +[{"advisoryId":"WPSECADV/WF/d8405ba4-5880-4a9e-8196-722e7f59f9a1/snow-monkey-blocks","title":"Snow Monkey Blocks <= 24.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-slick' Attribute\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"d8405ba4-5880-4a9e-8196-722e7f59f9a1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8405ba4-5880-4a9e-8196-722e7f59f9a1?source=api-prod","cve":"CVE-2026-3004","affectedVersions":"<=24.1.11","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_73756e7368696e652d70686f746f2d63617274811c9dc5_gen.json b/internal/data/assets/plugin_73756e7368696e652d70686f746f2d63617274811c9dc5_gen.json index 1ab8452f..6dc30ecd 100644 --- a/internal/data/assets/plugin_73756e7368696e652d70686f746f2d63617274811c9dc5_gen.json +++ b/internal/data/assets/plugin_73756e7368696e652d70686f746f2d63617274811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/02822b64-7cfb-4cd1-a727-10f61603ece4/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"02822b64-7cfb-4cd1-a727-10f61603ece4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02822b64-7cfb-4cd1-a727-10f61603ece4?source=api-prod","cve":"CVE-2025-68535","affectedVersions":"<=3.5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0879bfe6-0b73-4bdc-9770-f8b2a3da2686/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"0879bfe6-0b73-4bdc-9770-f8b2a3da2686"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0879bfe6-0b73-4bdc-9770-f8b2a3da2686?source=api-prod","cve":"CVE-2024-50463","affectedVersions":"<=3.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/0c594cf6-d5d8-4927-b61e-145a86a318c3/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.7.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c594cf6-d5d8-4927-b61e-145a86a318c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c594cf6-d5d8-4927-b61e-145a86a318c3?source=api-prod","cve":"CVE-2026-24994","affectedVersions":"<=3.5.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/107918e4-fb21-40df-818d-a71b78b26928/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.14 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"107918e4-fb21-40df-818d-a71b78b26928"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/107918e4-fb21-40df-818d-a71b78b26928?source=api-prod","cve":"CVE-2022-4301","affectedVersions":"<=2.9.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/2436ec79-9691-4a1a-a22e-57c5d83b2394/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2436ec79-9691-4a1a-a22e-57c5d83b2394"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2436ec79-9691-4a1a-a22e-57c5d83b2394?source=api-prod","cve":"CVE-2025-62892","affectedVersions":"<=3.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac?source=api-prod","cve":"CVE-2024-30194","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1?source=api-prod","cve":"CVE-2023-41796","affectedVersions":"<=2.9.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/5311b43c-14dd-4bdd-b6d0-d6468b831968/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-03 19:10:16","sources":[{"name":"Wordfence","remoteId":"5311b43c-14dd-4bdd-b6d0-d6468b831968"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=api-prod","cve":"CVE-2025-5482","affectedVersions":"<=3.4.11","severity":"high"},{"advisoryId":"WPSECADV/WF/546f5b08-d4e9-4a19-97d6-2022a0c5c64f/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"546f5b08-d4e9-4a19-97d6-2022a0c5c64f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/546f5b08-d4e9-4a19-97d6-2022a0c5c64f?source=api-prod","cve":"CVE-2024-43136","affectedVersions":"<=3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5b00cf9b-60c3-44a4-98a7-ee0f3e763c87/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5b00cf9b-60c3-44a4-98a7-ee0f3e763c87"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b00cf9b-60c3-44a4-98a7-ee0f3e763c87?source=api-prod","cve":"CVE-2025-31084","affectedVersions":"<=3.4.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/5fb338c2-f458-42bc-b147-d5024875e977/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fb338c2-f458-42bc-b147-d5024875e977"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb338c2-f458-42bc-b147-d5024875e977?source=api-prod","cve":"CVE-2024-44038","affectedVersions":"<=3.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ca0ce12-4759-4182-b69e-665e189b92f7/sunshine-photo-cart","title":"Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ca0ce12-4759-4182-b69e-665e189b92f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca0ce12-4759-4182-b69e-665e189b92f7?source=api-prod","cve":"CVE-2024-30221","affectedVersions":"<=3.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/6eb99654-c0f4-4c75-9b9d-f3075db623fc/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6eb99654-c0f4-4c75-9b9d-f3075db623fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb99654-c0f4-4c75-9b9d-f3075db623fc?source=api-prod","cve":"CVE-2024-43971","affectedVersions":"<=3.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b941db0-9d6d-4b89-8e04-8770499b6a9a/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b941db0-9d6d-4b89-8e04-8770499b6a9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b941db0-9d6d-4b89-8e04-8770499b6a9a?source=api-prod","cve":"CVE-2022-40692","affectedVersions":"<=2.9.13","severity":"high"},{"advisoryId":"WPSECADV/WF/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff2a842-2e46-4267-bbf1-e7d9d4a7e277"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277?source=api-prod","cve":"CVE-2024-47314","affectedVersions":"<=3.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/9fd38e86-6448-47fd-a8a7-f571158e3599/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.13 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"9fd38e86-6448-47fd-a8a7-f571158e3599"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd38e86-6448-47fd-a8a7-f571158e3599?source=api-prod","cve":"CVE-2022-45826","affectedVersions":"<=2.9.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/c043510b-6aeb-4e91-80f0-a62970c01b1d/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"c043510b-6aeb-4e91-80f0-a62970c01b1d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=api-prod","cve":"CVE-2021-4415","affectedVersions":"<=2.8.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/d8a45482-ab07-4088-b078-73a6ba6c802f/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.6.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"d8a45482-ab07-4088-b078-73a6ba6c802f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a45482-ab07-4088-b078-73a6ba6c802f?source=api-prod","cve":"CVE-2025-67973","affectedVersions":"<=3.5.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/da76d034-3e9a-4f3f-a314-48e776028369/sunshine-photo-cart","title":"Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"da76d034-3e9a-4f3f-a314-48e776028369"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=api-prod","cve":"CVE-2024-1294","affectedVersions":"<=3.0.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/eb027f2b-097a-482a-a575-f4bd5881c919/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"eb027f2b-097a-482a-a575-f4bd5881c919"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb027f2b-097a-482a-a575-f4bd5881c919?source=api-prod","cve":"CVE-2024-49697","affectedVersions":"<=3.2.9","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/02822b64-7cfb-4cd1-a727-10f61603ece4/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-12-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"02822b64-7cfb-4cd1-a727-10f61603ece4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02822b64-7cfb-4cd1-a727-10f61603ece4?source=api-prod","cve":"CVE-2025-68535","affectedVersions":"<=3.5.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0879bfe6-0b73-4bdc-9770-f8b2a3da2686/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Open Redirect\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"0879bfe6-0b73-4bdc-9770-f8b2a3da2686"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0879bfe6-0b73-4bdc-9770-f8b2a3da2686?source=api-prod","cve":"CVE-2024-50463","affectedVersions":"<=3.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/0c594cf6-d5d8-4927-b61e-145a86a318c3/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.7.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"0c594cf6-d5d8-4927-b61e-145a86a318c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c594cf6-d5d8-4927-b61e-145a86a318c3?source=api-prod","cve":"CVE-2026-24994","affectedVersions":"<=3.5.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/107918e4-fb21-40df-818d-a71b78b26928/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.14 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"107918e4-fb21-40df-818d-a71b78b26928"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/107918e4-fb21-40df-818d-a71b78b26928?source=api-prod","cve":"CVE-2022-4301","affectedVersions":"<=2.9.14","severity":"medium"},{"advisoryId":"WPSECADV/WF/2436ec79-9691-4a1a-a22e-57c5d83b2394/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-08-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"2436ec79-9691-4a1a-a22e-57c5d83b2394"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2436ec79-9691-4a1a-a22e-57c5d83b2394?source=api-prod","cve":"CVE-2025-62892","affectedVersions":"<=3.5.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac?source=api-prod","cve":"CVE-2024-30194","affectedVersions":"<=3.1.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1?source=api-prod","cve":"CVE-2023-41796","affectedVersions":"<=2.9.25","severity":"medium"},{"advisoryId":"WPSECADV/WF/5311b43c-14dd-4bdd-b6d0-d6468b831968/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-06-03 19:10:16","sources":[{"name":"Wordfence","remoteId":"5311b43c-14dd-4bdd-b6d0-d6468b831968"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=api-prod","cve":"CVE-2025-5482","affectedVersions":"<=3.4.11","severity":"high"},{"advisoryId":"WPSECADV/WF/546f5b08-d4e9-4a19-97d6-2022a0c5c64f/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"546f5b08-d4e9-4a19-97d6-2022a0c5c64f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/546f5b08-d4e9-4a19-97d6-2022a0c5c64f?source=api-prod","cve":"CVE-2024-43136","affectedVersions":"<=3.2.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/5b00cf9b-60c3-44a4-98a7-ee0f3e763c87/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-03-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"5b00cf9b-60c3-44a4-98a7-ee0f3e763c87"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b00cf9b-60c3-44a4-98a7-ee0f3e763c87?source=api-prod","cve":"CVE-2025-31084","affectedVersions":"<=3.4.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/5fb338c2-f458-42bc-b147-d5024875e977/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-23 00:00:00","sources":[{"name":"Wordfence","remoteId":"5fb338c2-f458-42bc-b147-d5024875e977"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb338c2-f458-42bc-b147-d5024875e977?source=api-prod","cve":"CVE-2024-44038","affectedVersions":"<=3.2.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/6ca0ce12-4759-4182-b69e-665e189b92f7/sunshine-photo-cart","title":"Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"6ca0ce12-4759-4182-b69e-665e189b92f7"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca0ce12-4759-4182-b69e-665e189b92f7?source=api-prod","cve":"CVE-2024-30221","affectedVersions":"<=3.1.1","severity":"critical"},{"advisoryId":"WPSECADV/WF/6eb99654-c0f4-4c75-9b9d-f3075db623fc/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"6eb99654-c0f4-4c75-9b9d-f3075db623fc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb99654-c0f4-4c75-9b9d-f3075db623fc?source=api-prod","cve":"CVE-2024-43971","affectedVersions":"<=3.2.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b941db0-9d6d-4b89-8e04-8770499b6a9a/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"7b941db0-9d6d-4b89-8e04-8770499b6a9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b941db0-9d6d-4b89-8e04-8770499b6a9a?source=api-prod","cve":"CVE-2022-40692","affectedVersions":"<=2.9.13","severity":"high"},{"advisoryId":"WPSECADV/WF/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.8 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"8ff2a842-2e46-4267-bbf1-e7d9d4a7e277"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277?source=api-prod","cve":"CVE-2024-47314","affectedVersions":"<=3.2.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/9fd38e86-6448-47fd-a8a7-f571158e3599/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.9.13 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-12-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"9fd38e86-6448-47fd-a8a7-f571158e3599"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd38e86-6448-47fd-a8a7-f571158e3599?source=api-prod","cve":"CVE-2022-45826","affectedVersions":"<=2.9.13","severity":"medium"},{"advisoryId":"WPSECADV/WF/b5c8ffc7-3b32-410f-94df-75279d668220/sunshine-photo-cart","title":"Sunshine Photo Cart < 3.6.2 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"b5c8ffc7-3b32-410f-94df-75279d668220"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c8ffc7-3b32-410f-94df-75279d668220?source=api-prod","cve":"CVE-2026-39564","affectedVersions":"<3.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/c043510b-6aeb-4e91-80f0-a62970c01b1d/sunshine-photo-cart","title":"Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"c043510b-6aeb-4e91-80f0-a62970c01b1d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=api-prod","cve":"CVE-2021-4415","affectedVersions":"<=2.8.28","severity":"medium"},{"advisoryId":"WPSECADV/WF/d8a45482-ab07-4088-b078-73a6ba6c802f/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.5.6.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"d8a45482-ab07-4088-b078-73a6ba6c802f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a45482-ab07-4088-b078-73a6ba6c802f?source=api-prod","cve":"CVE-2025-67973","affectedVersions":"<=3.5.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/da76d034-3e9a-4f3f-a314-48e776028369/sunshine-photo-cart","title":"Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"da76d034-3e9a-4f3f-a314-48e776028369"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=api-prod","cve":"CVE-2024-1294","affectedVersions":"<=3.0.24","severity":"medium"},{"advisoryId":"WPSECADV/WF/eb027f2b-097a-482a-a575-f4bd5881c919/sunshine-photo-cart","title":"Sunshine Photo Cart <= 3.2.9 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-10-21 00:00:00","sources":[{"name":"Wordfence","remoteId":"eb027f2b-097a-482a-a575-f4bd5881c919"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb027f2b-097a-482a-a575-f4bd5881c919?source=api-prod","cve":"CVE-2024-49697","affectedVersions":"<=3.2.9","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7475746f72811c9dc5_gen.json b/internal/data/assets/plugin_7475746f72811c9dc5_gen.json index fb5f25ff..fd421620 100644 --- a/internal/data/assets/plugin_7475746f72811c9dc5_gen.json +++ b/internal/data/assets/plugin_7475746f72811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/007df869-dacb-4b0a-9c98-50586934cdab/tutor","title":"Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-27 18:54:35","sources":[{"name":"Wordfence","remoteId":"007df869-dacb-4b0a-9c98-50586934cdab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/007df869-dacb-4b0a-9c98-50586934cdab?source=api-prod","cve":"CVE-2025-13673","affectedVersions":"<=3.9.6","severity":"high"},{"advisoryId":"WPSECADV/WF/00ec14d4-d97b-40b1-b61b-05e911f49bb0/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"00ec14d4-d97b-40b1-b61b-05e911f49bb0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=api-prod","cve":"CVE-2024-5438","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/050647a8-6743-46e4-b31c-0b5bd4a1007f/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"050647a8-6743-46e4-b31c-0b5bd4a1007f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=api-prod","cve":"CVE-2024-1503","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0830d0c3-99c0-423e-99ab-f0c1cbec52d9/tutor","title":"Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-07 18:46:16","sources":[{"name":"Wordfence","remoteId":"0830d0c3-99c0-423e-99ab-f0c1cbec52d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0830d0c3-99c0-423e-99ab-f0c1cbec52d9?source=api-prod","cve":"CVE-2025-13679","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f/tutor","title":"Tutor LMS <= 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f?source=api-prod","cve":"CVE-2023-4805","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/0c173356-7228-4253-bb28-2c2e11af76fd/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 11:46:32","sources":[{"name":"Wordfence","remoteId":"0c173356-7228-4253-bb28-2c2e11af76fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c173356-7228-4253-bb28-2c2e11af76fd?source=api-prod","cve":"CVE-2026-3358","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e475e02-494a-4ad0-a83c-d027c3a32989/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 01:46:19","sources":[{"name":"Wordfence","remoteId":"0e475e02-494a-4ad0-a83c-d027c3a32989"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e475e02-494a-4ad0-a83c-d027c3a32989?source=api-prod","cve":"CVE-2026-0548","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1b8d88e4-a9dc-4740-b836-99f730beefcb/tutor","title":"Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 17:20:18","sources":[{"name":"Wordfence","remoteId":"1b8d88e4-a9dc-4740-b836-99f730beefcb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8d88e4-a9dc-4740-b836-99f730beefcb?source=api-prod","cve":"CVE-2025-6680","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/1d6c9765-6936-4b22-835e-e899f62c14c9/tutor","title":"Tutor LMS <= 2.2.0 - Missing Authorization via REST API\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"1d6c9765-6936-4b22-835e-e899f62c14c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1d6c9765-6936-4b22-835e-e899f62c14c9?source=api-prod","cve":"CVE-2023-3133","affectedVersions":"<=2.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/22420c2d-788c-4577-ae54-7b48f6063f5d/tutor","title":"Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"22420c2d-788c-4577-ae54-7b48f6063f5d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=api-prod","cve":"CVE-2024-1128","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/234a847b-3ffa-4c5c-9bba-39df227de0bc/tutor","title":"Tutor LMS <= 1.9.12 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-01-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"234a847b-3ffa-4c5c-9bba-39df227de0bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/234a847b-3ffa-4c5c-9bba-39df227de0bc?source=api-prod","affectedVersions":"<=1.9.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/24009534-3a57-4ed3-b841-72e87e2a6925/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"24009534-3a57-4ed3-b841-72e87e2a6925"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24009534-3a57-4ed3-b841-72e87e2a6925?source=api-prod","cve":"CVE-2026-23799","affectedVersions":"<=3.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/26289a93-063b-469a-9d09-c286d76fce0c/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 16:53:49","sources":[{"name":"Wordfence","remoteId":"26289a93-063b-469a-9d09-c286d76fce0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=api-prod","cve":"CVE-2025-11564","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476/tutor","title":"Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476?source=api-prod","cve":"CVE-2023-25800","affectedVersions":"<=2.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2e617d6f-c1cb-4cac-88e2-3142c1ea9fab/tutor","title":"Tutor LMS <= 2.7.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e617d6f-c1cb-4cac-88e2-3142c1ea9fab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e617d6f-c1cb-4cac-88e2-3142c1ea9fab?source=api-prod","cve":"CVE-2024-39645","affectedVersions":"<=2.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/324fc401-04ca-4707-8727-b8c3a66f7fd6/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"324fc401-04ca-4707-8727-b8c3a66f7fd6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/324fc401-04ca-4707-8727-b8c3a66f7fd6?source=api-prod","cve":"CVE-2024-3994","affectedVersions":"<=2.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/45d04643-e43a-4732-91bf-e4af7b622e33/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"45d04643-e43a-4732-91bf-e4af7b622e33"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=api-prod","cve":"CVE-2024-4279","affectedVersions":"<=2.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/46f71f7b-7326-47b6-a23a-68a40f5bb56b/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 19:03:12","sources":[{"name":"Wordfence","remoteId":"46f71f7b-7326-47b6-a23a-68a40f5bb56b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46f71f7b-7326-47b6-a23a-68a40f5bb56b?source=api-prod","cve":"CVE-2025-13628","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4dcb4afc-14e1-43ce-87c4-8f24f1a0d682/tutor","title":"Tutor LMS <= 2.7.3 - Authenticated (Instructor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"4dcb4afc-14e1-43ce-87c4-8f24f1a0d682"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcb4afc-14e1-43ce-87c4-8f24f1a0d682?source=api-prod","cve":"CVE-2024-43231","affectedVersions":"<=2.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4e95b32b-c050-41eb-8fce-461257420eb6/tutor","title":"Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-02 18:41:05","sources":[{"name":"Wordfence","remoteId":"4e95b32b-c050-41eb-8fce-461257420eb6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4e95b32b-c050-41eb-8fce-461257420eb6?source=api-prod","cve":"CVE-2026-1375","affectedVersions":"<=3.9.5","severity":"high"},{"advisoryId":"WPSECADV/WF/5849a9f6-715e-4ac8-a0f7-1cd0814fff58/tutor","title":"Tutor LMS <= 3.9.4 - Authenticated (Instructor+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"5849a9f6-715e-4ac8-a0f7-1cd0814fff58"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5849a9f6-715e-4ac8-a0f7-1cd0814fff58?source=api-prod","cve":"CVE-2025-47555","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5aff79ef-6c96-4386-abf1-b4e6931ef0d2/tutor","title":"Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5aff79ef-6c96-4386-abf1-b4e6931ef0d2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5aff79ef-6c96-4386-abf1-b4e6931ef0d2?source=api-prod","cve":"CVE-2022-2563","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/5de212c9-5c2e-4713-b1ce-022dd84520c3/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 18:43:50","sources":[{"name":"Wordfence","remoteId":"5de212c9-5c2e-4713-b1ce-022dd84520c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5de212c9-5c2e-4713-b1ce-022dd84520c3?source=api-prod","cve":"CVE-2025-13934","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/64bae119-12c3-4b3e-88a7-2eb5a7b1b537/tutor","title":"Tutor LMS – eLearning and online course solution <= 1.7.6 - Unprotected AJAX including Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"64bae119-12c3-4b3e-88a7-2eb5a7b1b537"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64bae119-12c3-4b3e-88a7-2eb5a7b1b537?source=api-prod","cve":"CVE-2021-24184","affectedVersions":"<1.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/65526517-aec5-454b-94c0-973359d840e1/tutor","title":"Tutor LMS <= 1.9.1 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"65526517-aec5-454b-94c0-973359d840e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65526517-aec5-454b-94c0-973359d840e1?source=api-prod","cve":"CVE-2021-24455","affectedVersions":"<=1.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/66130071-668e-4692-afd3-5fcc9039f10f/tutor","title":"Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"66130071-668e-4692-afd3-5fcc9039f10f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/66130071-668e-4692-afd3-5fcc9039f10f?source=api-prod","affectedVersions":"<=1.9.11","severity":"high"},{"advisoryId":"WPSECADV/WF/6625dcea-13cc-4c08-9361-946638bf6678/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"6625dcea-13cc-4c08-9361-946638bf6678"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6625dcea-13cc-4c08-9361-946638bf6678?source=api-prod","cve":"CVE-2026-40740","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/68394503-d989-40d8-b033-24c011294158/tutor","title":"Tutor LMS <= 2.7.2 - Authenticated (Tutor Instructor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"68394503-d989-40d8-b033-24c011294158"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68394503-d989-40d8-b033-24c011294158?source=api-prod","cve":"CVE-2024-37947","affectedVersions":"<=2.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6db9c59e-16bc-4e61-9040-7000b212675f/tutor","title":"Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"6db9c59e-16bc-4e61-9040-7000b212675f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6db9c59e-16bc-4e61-9040-7000b212675f?source=api-prod","cve":"CVE-2021-24740","affectedVersions":"<1.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf/tutor","title":"Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 15:15:35","sources":[{"name":"Wordfence","remoteId":"6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf?source=api-prod","cve":"CVE-2026-6080","affectedVersions":"<=3.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c0d4f8-230d-452a-b39d-cbcb0af0fd72/tutor","title":"Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c0d4f8-230d-452a-b39d-cbcb0af0fd72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c0d4f8-230d-452a-b39d-cbcb0af0fd72?source=api-prod","cve":"CVE-2021-24242","affectedVersions":"<=1.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/76d57372-9fb5-4166-bfa9-835e3ff7b755/tutor","title":"Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"76d57372-9fb5-4166-bfa9-835e3ff7b755"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76d57372-9fb5-4166-bfa9-835e3ff7b755?source=api-prod","cve":"CVE-2021-24873","affectedVersions":"<=1.9.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/79f9632e-cfaf-48bd-aeed-919fc729f2b4/tutor","title":"Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"79f9632e-cfaf-48bd-aeed-919fc729f2b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79f9632e-cfaf-48bd-aeed-919fc729f2b4?source=api-prod","cve":"CVE-2021-24183","affectedVersions":"<=1.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b8b111a-9626-41f4-8a13-51f576af0257/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 18:44:27","sources":[{"name":"Wordfence","remoteId":"7b8b111a-9626-41f4-8a13-51f576af0257"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b8b111a-9626-41f4-8a13-51f576af0257?source=api-prod","cve":"CVE-2025-13935","affectedVersions":"<=3.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7d623512-ee99-4a73-a752-ecbb6ad96b63/tutor","title":"Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"7d623512-ee99-4a73-a752-ecbb6ad96b63"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d623512-ee99-4a73-a752-ecbb6ad96b63?source=api-prod","cve":"CVE-2023-25990","affectedVersions":"<=2.1.10","severity":"high"},{"advisoryId":"WPSECADV/WF/7f365519-dd0a-4f39-880d-7216ce2f7d1e/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 12:40:11","sources":[{"name":"Wordfence","remoteId":"7f365519-dd0a-4f39-880d-7216ce2f7d1e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f365519-dd0a-4f39-880d-7216ce2f7d1e?source=api-prod","cve":"CVE-2026-3360","affectedVersions":"<=3.9.7","severity":"high"},{"advisoryId":"WPSECADV/WF/7f5c5f64-a864-4ce1-9080-19f7c4418307/tutor","title":"Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-02 18:49:17","sources":[{"name":"Wordfence","remoteId":"7f5c5f64-a864-4ce1-9080-19f7c4418307"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5c5f64-a864-4ce1-9080-19f7c4418307?source=api-prod","cve":"CVE-2026-1371","affectedVersions":"<=3.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/834c4ca9-7173-4c84-8287-9916ec72935d/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"834c4ca9-7173-4c84-8287-9916ec72935d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=api-prod","cve":"CVE-2024-1502","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/839b68e6-0462-4f88-ac13-ed4b69887d6b/tutor","title":"Tutor LMS <= 2.7.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"839b68e6-0462-4f88-ac13-ed4b69887d6b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/839b68e6-0462-4f88-ac13-ed4b69887d6b?source=api-prod","cve":"CVE-2024-43282","affectedVersions":"<=2.7.2","severity":"high"},{"advisoryId":"WPSECADV/WF/91ca027c-0483-44de-b19e-243ccb2c7b31/tutor","title":"Tutor LMS <= 3.7.4 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"91ca027c-0483-44de-b19e-243ccb2c7b31"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91ca027c-0483-44de-b19e-243ccb2c7b31?source=api-prod","cve":"CVE-2025-58993","affectedVersions":"<=3.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/992abd72-2a8e-4bda-94c2-4a7f88487906/tutor","title":"Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"992abd72-2a8e-4bda-94c2-4a7f88487906"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/992abd72-2a8e-4bda-94c2-4a7f88487906?source=api-prod","cve":"CVE-2023-2919","affectedVersions":"<=2.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b/tutor","title":"Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=api-prod","cve":"CVE-2024-4318","affectedVersions":"<=2.7.0","severity":"high"},{"advisoryId":"WPSECADV/WF/9dfee325-9001-4483-b3eb-846da0314529/tutor","title":"Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"9dfee325-9001-4483-b3eb-846da0314529"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9dfee325-9001-4483-b3eb-846da0314529?source=api-prod","cve":"CVE-2023-25700","affectedVersions":"<=2.1.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/a0b14d91-f8f9-41df-b2eb-12792fb3a197/tutor","title":"Tutor LMS <= 1.9.5 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0b14d91-f8f9-41df-b2eb-12792fb3a197"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b14d91-f8f9-41df-b2eb-12792fb3a197?source=api-prod","affectedVersions":"<=1.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a6072f47-91b3-4c5d-b16e-61bcd7760604/tutor","title":"Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"a6072f47-91b3-4c5d-b16e-61bcd7760604"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a6072f47-91b3-4c5d-b16e-61bcd7760604?source=api-prod","cve":"CVE-2021-24185","affectedVersions":"<1.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ad7eee97-332a-4f3c-bba1-d108a769599d/tutor","title":"Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad7eee97-332a-4f3c-bba1-d108a769599d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad7eee97-332a-4f3c-bba1-d108a769599d?source=api-prod","cve":"CVE-2021-25017","affectedVersions":"<=1.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6f7c4c8-210f-4bbb-8352-5c2e550e44c3/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6f7c4c8-210f-4bbb-8352-5c2e550e44c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6f7c4c8-210f-4bbb-8352-5c2e550e44c3?source=api-prod","cve":"CVE-2025-32223","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcaf9b92-5e59-47c5-a04e-3ef5c53a2640/tutor","title":"Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcaf9b92-5e59-47c5-a04e-3ef5c53a2640"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaf9b92-5e59-47c5-a04e-3ef5c53a2640?source=api-prod","affectedVersions":">=2.0.0,<=2.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcf37d4e-e94a-4046-9949-c208e4e70197/tutor","title":"Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcf37d4e-e94a-4046-9949-c208e4e70197"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=api-prod","cve":"CVE-2024-10400","affectedVersions":"<=2.7.6","severity":"high"},{"advisoryId":"WPSECADV/WF/bf16617d-cec2-4943-bd20-7ade31878714/tutor","title":"Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf16617d-cec2-4943-bd20-7ade31878714"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf16617d-cec2-4943-bd20-7ade31878714?source=api-prod","cve":"CVE-2023-25799","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/bf8aa169-df51-46db-8c65-f1543d4f75f9/tutor","title":"Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf8aa169-df51-46db-8c65-f1543d4f75f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=api-prod","cve":"CVE-2024-10393","affectedVersions":"<=2.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/c0c293db-5526-4600-838a-6e88586926c4/tutor","title":"Tutor LMS <= 2.7.1 - Authenticated (Admin+) Path Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"c0c293db-5526-4600-838a-6e88586926c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c0c293db-5526-4600-838a-6e88586926c4?source=api-prod","cve":"CVE-2024-37266","affectedVersions":"<=2.7.1","severity":"low"},{"advisoryId":"WPSECADV/WF/c191da68-d531-4c01-a364-2621c822dc80/tutor","title":"Tutor LMS <= 3.4.0 - Authenticated (Subscriber+) HTML Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c191da68-d531-4c01-a364-2621c822dc80"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c191da68-d531-4c01-a364-2621c822dc80?source=api-prod","cve":"CVE-2025-32230","affectedVersions":"<=3.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a/tutor","title":"Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a?source=api-prod","cve":"CVE-2021-24181","affectedVersions":"<1.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c82e24a3-8000-4aa5-953e-11415b94909b/tutor","title":"Tutor LMS <= 2.7.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c82e24a3-8000-4aa5-953e-11415b94909b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c82e24a3-8000-4aa5-953e-11415b94909b?source=api-prod","cve":"CVE-2024-43142","affectedVersions":"<=2.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8/tutor","title":"Tutor LMS <= 2.7.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ce4c4395-6d1a-4d5f-885f-383e5c44c0f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=api-prod","cve":"CVE-2024-4223","affectedVersions":"<=2.7.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d276af21-fa9d-46bd-94e3-03776d4f2238/tutor","title":"Tutor LMS < 1.5.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d276af21-fa9d-46bd-94e3-03776d4f2238"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d276af21-fa9d-46bd-94e3-03776d4f2238?source=api-prod","cve":"CVE-2020-8615","affectedVersions":"<1.5.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d6489214-2155-47f4-83ef-0119b3c26e43/tutor","title":"Tutor LMS <=1.8.2 - SQL Injection via tutor_quiz_builder_get_answers_by_question\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6489214-2155-47f4-83ef-0119b3c26e43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6489214-2155-47f4-83ef-0119b3c26e43?source=api-prod","cve":"CVE-2021-24182","affectedVersions":"<=1.8.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e2b2a90f-7a0a-4150-8a24-14b2ed11663e/tutor","title":"Tutor LMS <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e2b2a90f-7a0a-4150-8a24-14b2ed11663e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b2a90f-7a0a-4150-8a24-14b2ed11663e?source=api-prod","cve":"CVE-2023-49829","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4482f92-024d-402d-9cf3-c4709f23baf0/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4482f92-024d-402d-9cf3-c4709f23baf0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4482f92-024d-402d-9cf3-c4709f23baf0?source=api-prod","cve":"CVE-2026-40743","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/e8a7c04a-1fa0-434d-8161-7a32cefb44c4/tutor","title":"Tutor LMS <= 2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8a7c04a-1fa0-434d-8161-7a32cefb44c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=api-prod","cve":"CVE-2024-1133","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec83bf1f-a2da-4ecf-8d82-9a555c751073/tutor","title":"Tutor LMS <=1.8.2 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec83bf1f-a2da-4ecf-8d82-9a555c751073"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec83bf1f-a2da-4ecf-8d82-9a555c751073?source=api-prod","cve":"CVE-2021-24186","affectedVersions":"<1.8.3","severity":"high"},{"advisoryId":"WPSECADV/WF/ed579468-c998-4bec-b3a5-01d0ff206d35/tutor","title":"Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"ed579468-c998-4bec-b3a5-01d0ff206d35"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed579468-c998-4bec-b3a5-01d0ff206d35?source=api-prod","cve":"CVE-2023-0236","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f00e8169-3b8f-44a0-9af2-e81777a913f8/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 15:55:08","sources":[{"name":"Wordfence","remoteId":"f00e8169-3b8f-44a0-9af2-e81777a913f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=api-prod","cve":"CVE-2024-4902","affectedVersions":"<=2.7.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6/tutor","title":"Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 15:10:34","sources":[{"name":"Wordfence","remoteId":"f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6?source=api-prod","cve":"CVE-2026-5502","affectedVersions":"<=3.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc/tutor","title":"Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=api-prod","cve":"CVE-2024-3553","affectedVersions":"<=2.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9cee379-79f8-4a60-b1bb-ccab1e954512/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9cee379-79f8-4a60-b1bb-ccab1e954512"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=api-prod","cve":"CVE-2024-1751","affectedVersions":"<=2.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f9cf0430-8577-449a-aefe-d7bf606fe2de/tutor","title":"Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 12:00:50","sources":[{"name":"Wordfence","remoteId":"f9cf0430-8577-449a-aefe-d7bf606fe2de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cf0430-8577-449a-aefe-d7bf606fe2de?source=api-prod","cve":"CVE-2026-3371","affectedVersions":"<=3.9.7","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/007df869-dacb-4b0a-9c98-50586934cdab/tutor","title":"Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-27 18:54:35","sources":[{"name":"Wordfence","remoteId":"007df869-dacb-4b0a-9c98-50586934cdab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/007df869-dacb-4b0a-9c98-50586934cdab?source=api-prod","cve":"CVE-2025-13673","affectedVersions":"<=3.9.6","severity":"high"},{"advisoryId":"WPSECADV/WF/00ec14d4-d97b-40b1-b61b-05e911f49bb0/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 00:00:00","sources":[{"name":"Wordfence","remoteId":"00ec14d4-d97b-40b1-b61b-05e911f49bb0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=api-prod","cve":"CVE-2024-5438","affectedVersions":"<=2.7.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/050647a8-6743-46e4-b31c-0b5bd4a1007f/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"050647a8-6743-46e4-b31c-0b5bd4a1007f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=api-prod","cve":"CVE-2024-1503","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/0830d0c3-99c0-423e-99ab-f0c1cbec52d9/tutor","title":"Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-07 18:46:16","sources":[{"name":"Wordfence","remoteId":"0830d0c3-99c0-423e-99ab-f0c1cbec52d9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0830d0c3-99c0-423e-99ab-f0c1cbec52d9?source=api-prod","cve":"CVE-2025-13679","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f/tutor","title":"Tutor LMS <= 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f?source=api-prod","cve":"CVE-2023-4805","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/0c173356-7228-4253-bb28-2c2e11af76fd/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 11:46:32","sources":[{"name":"Wordfence","remoteId":"0c173356-7228-4253-bb28-2c2e11af76fd"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0c173356-7228-4253-bb28-2c2e11af76fd?source=api-prod","cve":"CVE-2026-3358","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/0e475e02-494a-4ad0-a83c-d027c3a32989/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-20 01:46:19","sources":[{"name":"Wordfence","remoteId":"0e475e02-494a-4ad0-a83c-d027c3a32989"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e475e02-494a-4ad0-a83c-d027c3a32989?source=api-prod","cve":"CVE-2026-0548","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/1b8d88e4-a9dc-4740-b836-99f730beefcb/tutor","title":"Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 17:20:18","sources":[{"name":"Wordfence","remoteId":"1b8d88e4-a9dc-4740-b836-99f730beefcb"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8d88e4-a9dc-4740-b836-99f730beefcb?source=api-prod","cve":"CVE-2025-6680","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/1d6c9765-6936-4b22-835e-e899f62c14c9/tutor","title":"Tutor LMS <= 2.2.0 - Missing Authorization via REST API\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-06-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"1d6c9765-6936-4b22-835e-e899f62c14c9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1d6c9765-6936-4b22-835e-e899f62c14c9?source=api-prod","cve":"CVE-2023-3133","affectedVersions":"<=2.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/22420c2d-788c-4577-ae54-7b48f6063f5d/tutor","title":"Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"22420c2d-788c-4577-ae54-7b48f6063f5d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=api-prod","cve":"CVE-2024-1128","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/234a847b-3ffa-4c5c-9bba-39df227de0bc/tutor","title":"Tutor LMS <= 1.9.12 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-01-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"234a847b-3ffa-4c5c-9bba-39df227de0bc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/234a847b-3ffa-4c5c-9bba-39df227de0bc?source=api-prod","affectedVersions":"<=1.9.12","severity":"medium"},{"advisoryId":"WPSECADV/WF/24009534-3a57-4ed3-b841-72e87e2a6925/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.5 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-25 00:00:00","sources":[{"name":"Wordfence","remoteId":"24009534-3a57-4ed3-b841-72e87e2a6925"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24009534-3a57-4ed3-b841-72e87e2a6925?source=api-prod","cve":"CVE-2026-23799","affectedVersions":"<=3.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/26289a93-063b-469a-9d09-c286d76fce0c/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-10-24 16:53:49","sources":[{"name":"Wordfence","remoteId":"26289a93-063b-469a-9d09-c286d76fce0c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=api-prod","cve":"CVE-2025-11564","affectedVersions":"<=3.8.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476/tutor","title":"Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476?source=api-prod","cve":"CVE-2023-25800","affectedVersions":"<=2.2.0","severity":"high"},{"advisoryId":"WPSECADV/WF/2e617d6f-c1cb-4cac-88e2-3142c1ea9fab/tutor","title":"Tutor LMS <= 2.7.2 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-01 00:00:00","sources":[{"name":"Wordfence","remoteId":"2e617d6f-c1cb-4cac-88e2-3142c1ea9fab"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e617d6f-c1cb-4cac-88e2-3142c1ea9fab?source=api-prod","cve":"CVE-2024-39645","affectedVersions":"<=2.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/324fc401-04ca-4707-8727-b8c3a66f7fd6/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"324fc401-04ca-4707-8727-b8c3a66f7fd6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/324fc401-04ca-4707-8727-b8c3a66f7fd6?source=api-prod","cve":"CVE-2024-3994","affectedVersions":"<=2.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/45d04643-e43a-4732-91bf-e4af7b622e33/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"45d04643-e43a-4732-91bf-e4af7b622e33"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=api-prod","cve":"CVE-2024-4279","affectedVersions":"<=2.7.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/46f71f7b-7326-47b6-a23a-68a40f5bb56b/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 19:03:12","sources":[{"name":"Wordfence","remoteId":"46f71f7b-7326-47b6-a23a-68a40f5bb56b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46f71f7b-7326-47b6-a23a-68a40f5bb56b?source=api-prod","cve":"CVE-2025-13628","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4dcb4afc-14e1-43ce-87c4-8f24f1a0d682/tutor","title":"Tutor LMS <= 2.7.3 - Authenticated (Instructor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"4dcb4afc-14e1-43ce-87c4-8f24f1a0d682"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcb4afc-14e1-43ce-87c4-8f24f1a0d682?source=api-prod","cve":"CVE-2024-43231","affectedVersions":"<=2.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/4e95b32b-c050-41eb-8fce-461257420eb6/tutor","title":"Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-02 18:41:05","sources":[{"name":"Wordfence","remoteId":"4e95b32b-c050-41eb-8fce-461257420eb6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4e95b32b-c050-41eb-8fce-461257420eb6?source=api-prod","cve":"CVE-2026-1375","affectedVersions":"<=3.9.5","severity":"high"},{"advisoryId":"WPSECADV/WF/55924ea3-373c-4297-a958-5670def1f6c0/tutor","title":"Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 17:18:06","sources":[{"name":"Wordfence","remoteId":"55924ea3-373c-4297-a958-5670def1f6c0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/55924ea3-373c-4297-a958-5670def1f6c0?source=api-prod","cve":"CVE-2026-6965","affectedVersions":"<=3.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/5849a9f6-715e-4ac8-a0f7-1cd0814fff58/tutor","title":"Tutor LMS <= 3.9.4 - Authenticated (Instructor+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"5849a9f6-715e-4ac8-a0f7-1cd0814fff58"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5849a9f6-715e-4ac8-a0f7-1cd0814fff58?source=api-prod","cve":"CVE-2025-47555","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/5aff79ef-6c96-4386-abf1-b4e6931ef0d2/tutor","title":"Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-09-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"5aff79ef-6c96-4386-abf1-b4e6931ef0d2"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5aff79ef-6c96-4386-abf1-b4e6931ef0d2?source=api-prod","cve":"CVE-2022-2563","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/5de212c9-5c2e-4713-b1ce-022dd84520c3/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 18:43:50","sources":[{"name":"Wordfence","remoteId":"5de212c9-5c2e-4713-b1ce-022dd84520c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5de212c9-5c2e-4713-b1ce-022dd84520c3?source=api-prod","cve":"CVE-2025-13934","affectedVersions":"<=3.9.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/64bae119-12c3-4b3e-88a7-2eb5a7b1b537/tutor","title":"Tutor LMS – eLearning and online course solution <= 1.7.6 - Unprotected AJAX including Privilege Escalation\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"64bae119-12c3-4b3e-88a7-2eb5a7b1b537"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/64bae119-12c3-4b3e-88a7-2eb5a7b1b537?source=api-prod","cve":"CVE-2021-24184","affectedVersions":"<1.7.7","severity":"high"},{"advisoryId":"WPSECADV/WF/65526517-aec5-454b-94c0-973359d840e1/tutor","title":"Tutor LMS <= 1.9.1 - Authenticated Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-06-28 00:00:00","sources":[{"name":"Wordfence","remoteId":"65526517-aec5-454b-94c0-973359d840e1"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65526517-aec5-454b-94c0-973359d840e1?source=api-prod","cve":"CVE-2021-24455","affectedVersions":"<=1.9.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/66130071-668e-4692-afd3-5fcc9039f10f/tutor","title":"Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"66130071-668e-4692-afd3-5fcc9039f10f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/66130071-668e-4692-afd3-5fcc9039f10f?source=api-prod","affectedVersions":"<=1.9.11","severity":"high"},{"advisoryId":"WPSECADV/WF/6625dcea-13cc-4c08-9361-946638bf6678/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"6625dcea-13cc-4c08-9361-946638bf6678"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6625dcea-13cc-4c08-9361-946638bf6678?source=api-prod","cve":"CVE-2026-40740","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/68394503-d989-40d8-b033-24c011294158/tutor","title":"Tutor LMS <= 2.7.2 - Authenticated (Tutor Instructor+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-07-10 00:00:00","sources":[{"name":"Wordfence","remoteId":"68394503-d989-40d8-b033-24c011294158"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68394503-d989-40d8-b033-24c011294158?source=api-prod","cve":"CVE-2024-37947","affectedVersions":"<=2.7.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/6db9c59e-16bc-4e61-9040-7000b212675f/tutor","title":"Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-09-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"6db9c59e-16bc-4e61-9040-7000b212675f"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6db9c59e-16bc-4e61-9040-7000b212675f?source=api-prod","cve":"CVE-2021-24740","affectedVersions":"<1.9.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf/tutor","title":"Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 15:15:35","sources":[{"name":"Wordfence","remoteId":"6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf?source=api-prod","cve":"CVE-2026-6080","affectedVersions":"<=3.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/76c0d4f8-230d-452a-b39d-cbcb0af0fd72/tutor","title":"Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-04-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"76c0d4f8-230d-452a-b39d-cbcb0af0fd72"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76c0d4f8-230d-452a-b39d-cbcb0af0fd72?source=api-prod","cve":"CVE-2021-24242","affectedVersions":"<=1.8.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/76d57372-9fb5-4166-bfa9-835e3ff7b755/tutor","title":"Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-10-19 00:00:00","sources":[{"name":"Wordfence","remoteId":"76d57372-9fb5-4166-bfa9-835e3ff7b755"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/76d57372-9fb5-4166-bfa9-835e3ff7b755?source=api-prod","cve":"CVE-2021-24873","affectedVersions":"<=1.9.10","severity":"medium"},{"advisoryId":"WPSECADV/WF/79f9632e-cfaf-48bd-aeed-919fc729f2b4/tutor","title":"Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"79f9632e-cfaf-48bd-aeed-919fc729f2b4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79f9632e-cfaf-48bd-aeed-919fc729f2b4?source=api-prod","cve":"CVE-2021-24183","affectedVersions":"<=1.8.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7b8b111a-9626-41f4-8a13-51f576af0257/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-08 18:44:27","sources":[{"name":"Wordfence","remoteId":"7b8b111a-9626-41f4-8a13-51f576af0257"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7b8b111a-9626-41f4-8a13-51f576af0257?source=api-prod","cve":"CVE-2025-13935","affectedVersions":"<=3.9.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/7d623512-ee99-4a73-a752-ecbb6ad96b63/tutor","title":"Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"7d623512-ee99-4a73-a752-ecbb6ad96b63"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d623512-ee99-4a73-a752-ecbb6ad96b63?source=api-prod","cve":"CVE-2023-25990","affectedVersions":"<=2.1.10","severity":"high"},{"advisoryId":"WPSECADV/WF/7f365519-dd0a-4f39-880d-7216ce2f7d1e/tutor","title":"Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-09 12:40:11","sources":[{"name":"Wordfence","remoteId":"7f365519-dd0a-4f39-880d-7216ce2f7d1e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f365519-dd0a-4f39-880d-7216ce2f7d1e?source=api-prod","cve":"CVE-2026-3360","affectedVersions":"<=3.9.7","severity":"high"},{"advisoryId":"WPSECADV/WF/7f5c5f64-a864-4ce1-9080-19f7c4418307/tutor","title":"Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-02 18:49:17","sources":[{"name":"Wordfence","remoteId":"7f5c5f64-a864-4ce1-9080-19f7c4418307"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5c5f64-a864-4ce1-9080-19f7c4418307?source=api-prod","cve":"CVE-2026-1371","affectedVersions":"<=3.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/834c4ca9-7173-4c84-8287-9916ec72935d/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"834c4ca9-7173-4c84-8287-9916ec72935d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=api-prod","cve":"CVE-2024-1502","affectedVersions":"<=2.6.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/839b68e6-0462-4f88-ac13-ed4b69887d6b/tutor","title":"Tutor LMS <= 2.7.2 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"839b68e6-0462-4f88-ac13-ed4b69887d6b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/839b68e6-0462-4f88-ac13-ed4b69887d6b?source=api-prod","cve":"CVE-2024-43282","affectedVersions":"<=2.7.2","severity":"high"},{"advisoryId":"WPSECADV/WF/91ca027c-0483-44de-b19e-243ccb2c7b31/tutor","title":"Tutor LMS <= 3.7.4 - Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"91ca027c-0483-44de-b19e-243ccb2c7b31"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91ca027c-0483-44de-b19e-243ccb2c7b31?source=api-prod","cve":"CVE-2025-58993","affectedVersions":"<=3.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/992abd72-2a8e-4bda-94c2-4a7f88487906/tutor","title":"Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-09-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"992abd72-2a8e-4bda-94c2-4a7f88487906"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/992abd72-2a8e-4bda-94c2-4a7f88487906?source=api-prod","cve":"CVE-2023-2919","affectedVersions":"<=2.7.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b/tutor","title":"Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=api-prod","cve":"CVE-2024-4318","affectedVersions":"<=2.7.0","severity":"high"},{"advisoryId":"WPSECADV/WF/9dfee325-9001-4483-b3eb-846da0314529/tutor","title":"Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-30 00:00:00","sources":[{"name":"Wordfence","remoteId":"9dfee325-9001-4483-b3eb-846da0314529"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9dfee325-9001-4483-b3eb-846da0314529?source=api-prod","cve":"CVE-2023-25700","affectedVersions":"<=2.1.10","severity":"critical"},{"advisoryId":"WPSECADV/WF/a0b14d91-f8f9-41df-b2eb-12792fb3a197/tutor","title":"Tutor LMS <= 1.9.5 - Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-08-09 00:00:00","sources":[{"name":"Wordfence","remoteId":"a0b14d91-f8f9-41df-b2eb-12792fb3a197"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b14d91-f8f9-41df-b2eb-12792fb3a197?source=api-prod","affectedVersions":"<=1.9.5","severity":"medium"},{"advisoryId":"WPSECADV/WF/a6072f47-91b3-4c5d-b16e-61bcd7760604/tutor","title":"Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"a6072f47-91b3-4c5d-b16e-61bcd7760604"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a6072f47-91b3-4c5d-b16e-61bcd7760604?source=api-prod","cve":"CVE-2021-24185","affectedVersions":"<1.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/ad7eee97-332a-4f3c-bba1-d108a769599d/tutor","title":"Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-12-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"ad7eee97-332a-4f3c-bba1-d108a769599d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ad7eee97-332a-4f3c-bba1-d108a769599d?source=api-prod","cve":"CVE-2021-25017","affectedVersions":"<=1.9.11","severity":"medium"},{"advisoryId":"WPSECADV/WF/b6f7c4c8-210f-4bbb-8352-5c2e550e44c3/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-03-16 00:00:00","sources":[{"name":"Wordfence","remoteId":"b6f7c4c8-210f-4bbb-8352-5c2e550e44c3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6f7c4c8-210f-4bbb-8352-5c2e550e44c3?source=api-prod","cve":"CVE-2025-32223","affectedVersions":"<=3.9.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcaf9b92-5e59-47c5-a04e-3ef5c53a2640/tutor","title":"Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2022-08-22 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcaf9b92-5e59-47c5-a04e-3ef5c53a2640"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaf9b92-5e59-47c5-a04e-3ef5c53a2640?source=api-prod","affectedVersions":">=2.0.0,<=2.0.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/bcf37d4e-e94a-4046-9949-c208e4e70197/tutor","title":"Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"bcf37d4e-e94a-4046-9949-c208e4e70197"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=api-prod","cve":"CVE-2024-10400","affectedVersions":"<=2.7.6","severity":"high"},{"advisoryId":"WPSECADV/WF/bf16617d-cec2-4943-bd20-7ade31878714/tutor","title":"Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-05-24 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf16617d-cec2-4943-bd20-7ade31878714"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf16617d-cec2-4943-bd20-7ade31878714?source=api-prod","cve":"CVE-2023-25799","affectedVersions":"<=2.1.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/bf8aa169-df51-46db-8c65-f1543d4f75f9/tutor","title":"Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-11-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf8aa169-df51-46db-8c65-f1543d4f75f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=api-prod","cve":"CVE-2024-10393","affectedVersions":"<=2.7.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/c0c293db-5526-4600-838a-6e88586926c4/tutor","title":"Tutor LMS <= 2.7.1 - Authenticated (Admin+) Path Traversal\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-27 00:00:00","sources":[{"name":"Wordfence","remoteId":"c0c293db-5526-4600-838a-6e88586926c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c0c293db-5526-4600-838a-6e88586926c4?source=api-prod","cve":"CVE-2024-37266","affectedVersions":"<=2.7.1","severity":"low"},{"advisoryId":"WPSECADV/WF/c191da68-d531-4c01-a364-2621c822dc80/tutor","title":"Tutor LMS <= 3.4.0 - Authenticated (Subscriber+) HTML Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-04-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c191da68-d531-4c01-a364-2621c822dc80"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c191da68-d531-4c01-a364-2621c822dc80?source=api-prod","cve":"CVE-2025-32230","affectedVersions":"<=3.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a/tutor","title":"Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a?source=api-prod","cve":"CVE-2021-24181","affectedVersions":"<1.7.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/c82e24a3-8000-4aa5-953e-11415b94909b/tutor","title":"Tutor LMS <= 2.7.3 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-08-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"c82e24a3-8000-4aa5-953e-11415b94909b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c82e24a3-8000-4aa5-953e-11415b94909b?source=api-prod","cve":"CVE-2024-43142","affectedVersions":"<=2.7.3","severity":"medium"},{"advisoryId":"WPSECADV/WF/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8/tutor","title":"Tutor LMS <= 2.7.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ce4c4395-6d1a-4d5f-885f-383e5c44c0f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=api-prod","cve":"CVE-2024-4223","affectedVersions":"<=2.7.0","severity":"critical"},{"advisoryId":"WPSECADV/WF/d276af21-fa9d-46bd-94e3-03776d4f2238/tutor","title":"Tutor LMS < 1.5.3 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2020-02-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"d276af21-fa9d-46bd-94e3-03776d4f2238"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d276af21-fa9d-46bd-94e3-03776d4f2238?source=api-prod","cve":"CVE-2020-8615","affectedVersions":"<1.5.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d6489214-2155-47f4-83ef-0119b3c26e43/tutor","title":"Tutor LMS <=1.8.2 - SQL Injection via tutor_quiz_builder_get_answers_by_question\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"d6489214-2155-47f4-83ef-0119b3c26e43"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6489214-2155-47f4-83ef-0119b3c26e43?source=api-prod","cve":"CVE-2021-24182","affectedVersions":"<=1.8.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e2b2a90f-7a0a-4150-8a24-14b2ed11663e/tutor","title":"Tutor LMS <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-12-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"e2b2a90f-7a0a-4150-8a24-14b2ed11663e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b2a90f-7a0a-4150-8a24-14b2ed11663e?source=api-prod","cve":"CVE-2023-49829","affectedVersions":"<=2.2.4","severity":"medium"},{"advisoryId":"WPSECADV/WF/e4482f92-024d-402d-9cf3-c4709f23baf0/tutor","title":"Tutor LMS – eLearning and online course solution <= 3.9.7 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e4482f92-024d-402d-9cf3-c4709f23baf0"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4482f92-024d-402d-9cf3-c4709f23baf0?source=api-prod","cve":"CVE-2026-40743","affectedVersions":"<=3.9.7","severity":"medium"},{"advisoryId":"WPSECADV/WF/e8a7c04a-1fa0-434d-8161-7a32cefb44c4/tutor","title":"Tutor LMS <= 2.6.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-02-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"e8a7c04a-1fa0-434d-8161-7a32cefb44c4"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=api-prod","cve":"CVE-2024-1133","affectedVersions":"<=2.6.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/ec83bf1f-a2da-4ecf-8d82-9a555c751073/tutor","title":"Tutor LMS <=1.8.2 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2021-03-15 00:00:00","sources":[{"name":"Wordfence","remoteId":"ec83bf1f-a2da-4ecf-8d82-9a555c751073"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec83bf1f-a2da-4ecf-8d82-9a555c751073?source=api-prod","cve":"CVE-2021-24186","affectedVersions":"<1.8.3","severity":"high"},{"advisoryId":"WPSECADV/WF/ed579468-c998-4bec-b3a5-01d0ff206d35/tutor","title":"Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-01-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"ed579468-c998-4bec-b3a5-01d0ff206d35"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed579468-c998-4bec-b3a5-01d0ff206d35?source=api-prod","cve":"CVE-2023-0236","affectedVersions":"<=2.0.9","severity":"medium"},{"advisoryId":"WPSECADV/WF/f00e8169-3b8f-44a0-9af2-e81777a913f8/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-06-06 15:55:08","sources":[{"name":"Wordfence","remoteId":"f00e8169-3b8f-44a0-9af2-e81777a913f8"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=api-prod","cve":"CVE-2024-4902","affectedVersions":"<=2.7.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6/tutor","title":"Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-16 15:10:34","sources":[{"name":"Wordfence","remoteId":"f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6?source=api-prod","cve":"CVE-2026-5502","affectedVersions":"<=3.9.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc/tutor","title":"Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-04-26 00:00:00","sources":[{"name":"Wordfence","remoteId":"f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=api-prod","cve":"CVE-2024-3553","affectedVersions":"<=2.6.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/f9cee379-79f8-4a60-b1bb-ccab1e954512/tutor","title":"Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"f9cee379-79f8-4a60-b1bb-ccab1e954512"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=api-prod","cve":"CVE-2024-1751","affectedVersions":"<=2.6.1","severity":"high"},{"advisoryId":"WPSECADV/WF/f9cf0430-8577-449a-aefe-d7bf606fe2de/tutor","title":"Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-04-10 12:00:50","sources":[{"name":"Wordfence","remoteId":"f9cf0430-8577-449a-aefe-d7bf606fe2de"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cf0430-8577-449a-aefe-d7bf606fe2de?source=api-prod","cve":"CVE-2026-3371","affectedVersions":"<=3.9.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_756c696d6174652d636c69656e742d64617368811c9dc5_gen.json b/internal/data/assets/plugin_756c696d6174652d636c69656e742d64617368811c9dc5_gen.json index 6361a097..9fba8b8f 100644 --- a/internal/data/assets/plugin_756c696d6174652d636c69656e742d64617368811c9dc5_gen.json +++ b/internal/data/assets/plugin_756c696d6174652d636c69656e742d64617368811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/19d15d0e-40be-434d-a4c9-d835d4f81230/ulimate-client-dash","title":"Ultimate Client Dash <= 4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"19d15d0e-40be-434d-a4c9-d835d4f81230"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19d15d0e-40be-434d-a4c9-d835d4f81230?source=api-prod","cve":"CVE-2025-58811","affectedVersions":"<=4.6","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/19d15d0e-40be-434d-a4c9-d835d4f81230/ulimate-client-dash","title":"Ultimate Client Dash <= 4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2025-09-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"19d15d0e-40be-434d-a4c9-d835d4f81230"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19d15d0e-40be-434d-a4c9-d835d4f81230?source=api-prod","cve":"CVE-2025-58811","affectedVersions":"<=4.7","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77632d737570706f72742d73797374656d811c9dc5_gen.json b/internal/data/assets/plugin_77632d737570706f72742d73797374656d811c9dc5_gen.json index 3c0d527c..88789e46 100644 --- a/internal/data/assets/plugin_77632d737570706f72742d73797374656d811c9dc5_gen.json +++ b/internal/data/assets/plugin_77632d737570706f72742d73797374656d811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/8004a306-4c8f-40e9-accc-a12d65b5f2f9/wc-support-system","title":"Woocommerce Support System <= 1.2.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"8004a306-4c8f-40e9-accc-a12d65b5f2f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9?source=api-prod","cve":"CVE-2023-41686","affectedVersions":"<=1.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377/wc-support-system","title":"ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 15:05:40","sources":[{"name":"Wordfence","remoteId":"e74fb552-3ef4-47cd-8fe6-8cc1e74b8377"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377?source=api-prod","cve":"CVE-2025-14034","affectedVersions":"<=1.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/efab7ec7-7143-4556-8d68-4a7e34f46e9e/wc-support-system","title":"Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"efab7ec7-7143-4556-8d68-4a7e34f46e9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e?source=api-prod","cve":"CVE-2023-41685","affectedVersions":"<=1.2.1","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/40ceea17-ec60-4775-8495-e2f7643d1b7c/wc-support-system","title":"ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 17:11:52","sources":[{"name":"Wordfence","remoteId":"40ceea17-ec60-4775-8495-e2f7643d1b7c"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40ceea17-ec60-4775-8495-e2f7643d1b7c?source=api-prod","cve":"CVE-2025-14033","affectedVersions":"<=1.3.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/8004a306-4c8f-40e9-accc-a12d65b5f2f9/wc-support-system","title":"Woocommerce Support System <= 1.2.2 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"8004a306-4c8f-40e9-accc-a12d65b5f2f9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9?source=api-prod","cve":"CVE-2023-41686","affectedVersions":"<=1.2.2","severity":"high"},{"advisoryId":"WPSECADV/WF/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377/wc-support-system","title":"ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-05 15:05:40","sources":[{"name":"Wordfence","remoteId":"e74fb552-3ef4-47cd-8fe6-8cc1e74b8377"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377?source=api-prod","cve":"CVE-2025-14034","affectedVersions":"<=1.2.6","severity":"medium"},{"advisoryId":"WPSECADV/WF/efab7ec7-7143-4556-8d68-4a7e34f46e9e/wc-support-system","title":"Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2023-09-04 00:00:00","sources":[{"name":"Wordfence","remoteId":"efab7ec7-7143-4556-8d68-4a7e34f46e9e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e?source=api-prod","cve":"CVE-2023-41685","affectedVersions":"<=1.2.1","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_77702d6a6f622d6d616e61676572811c9dc5_gen.json b/internal/data/assets/plugin_77702d6a6f622d6d616e61676572811c9dc5_gen.json index 1c8cdc7e..da1f58f0 100644 --- a/internal/data/assets/plugin_77702d6a6f622d6d616e61676572811c9dc5_gen.json +++ b/internal/data/assets/plugin_77702d6a6f622d6d616e61676572811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/3099875e-ed6e-4d59-9da2-48fb389112ef/wp-job-manager","title":"Job Manager <= 2.4.1 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-02-17 00:00:00","sources":[{"name":"Wordfence","remoteId":"3099875e-ed6e-4d59-9da2-48fb389112ef"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3099875e-ed6e-4d59-9da2-48fb389112ef?source=api-prod","cve":"CVE-2026-39660","affectedVersions":"<=2.4.1","severity":"medium"},{"advisoryId":"WPSECADV/WF/61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba/wp-job-manager","title":"WP Job Manager <= 1.29.2 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba?source=api-prod","affectedVersions":"<=1.29.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/69430e1a-db2f-4715-84aa-5a1dfd712180/wp-job-manager","title":"WP Job Manager <= 2.0.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"69430e1a-db2f-4715-84aa-5a1dfd712180"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69430e1a-db2f-4715-84aa-5a1dfd712180?source=api-prod","cve":"CVE-2023-52212","affectedVersions":"<=2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/696d5fe3-1344-461b-a26f-e5099a836c33/wp-job-manager","title":"WP Job Manager < 1.23.8 - Multiple Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"696d5fe3-1344-461b-a26f-e5099a836c33"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/696d5fe3-1344-461b-a26f-e5099a836c33?source=api-prod","affectedVersions":"<1.23.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6d53cd00-3d7b-4096-bc25-354fd4020f8b/wp-job-manager","title":"WP Job Manager <= 2.2.2 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d53cd00-3d7b-4096-bc25-354fd4020f8b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d53cd00-3d7b-4096-bc25-354fd4020f8b?source=api-prod","cve":"CVE-2024-34549","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b1af76a-3836-4527-9ea6-8bffa173a84e/wp-job-manager","title":"WP Job Manager <= 2.0.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b1af76a-3836-4527-9ea6-8bffa173a84e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1af76a-3836-4527-9ea6-8bffa173a84e?source=api-prod","cve":"CVE-2023-52211","affectedVersions":"<=2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4f8585b-5d69-4ef9-a49c-70f59a392ef9/wp-job-manager","title":"WP Job Manager <= 2.4.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4f8585b-5d69-4ef9-a49c-70f59a392ef9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8585b-5d69-4ef9-a49c-70f59a392ef9?source=api-prod","cve":"CVE-2026-25404","affectedVersions":"<=2.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b96f40fe-3ffa-4fc5-b51a-ff3771224bd5/wp-job-manager","title":"WP Job Manager <= 1.31.2 - PHP Object Injection via PHAR Deserialization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-01-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b96f40fe-3ffa-4fc5-b51a-ff3771224bd5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b96f40fe-3ffa-4fc5-b51a-ff3771224bd5?source=api-prod","affectedVersions":"<1.31.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d8029737-f3ad-4025-948a-ba0298c0869d/wp-job-manager","title":"WP Job Manager <= 1.26.1 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"d8029737-f3ad-4025-948a-ba0298c0869d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8029737-f3ad-4025-948a-ba0298c0869d?source=api-prod","affectedVersions":"<1.26.2","severity":"high"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba/wp-job-manager","title":"WP Job Manager <= 1.29.2 - PHP Object Injection\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2018-03-02 00:00:00","sources":[{"name":"Wordfence","remoteId":"61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba?source=api-prod","affectedVersions":"<=1.29.2","severity":"critical"},{"advisoryId":"WPSECADV/WF/69430e1a-db2f-4715-84aa-5a1dfd712180/wp-job-manager","title":"WP Job Manager <= 2.0.0 - Cross-Site Request Forgery\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"69430e1a-db2f-4715-84aa-5a1dfd712180"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69430e1a-db2f-4715-84aa-5a1dfd712180?source=api-prod","cve":"CVE-2023-52212","affectedVersions":"<=2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/696d5fe3-1344-461b-a26f-e5099a836c33/wp-job-manager","title":"WP Job Manager < 1.23.8 - Multiple Cross-Site Scripting\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2015-08-20 00:00:00","sources":[{"name":"Wordfence","remoteId":"696d5fe3-1344-461b-a26f-e5099a836c33"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/696d5fe3-1344-461b-a26f-e5099a836c33?source=api-prod","affectedVersions":"<1.23.8","severity":"medium"},{"advisoryId":"WPSECADV/WF/6d53cd00-3d7b-4096-bc25-354fd4020f8b/wp-job-manager","title":"WP Job Manager <= 2.2.2 - Unauthenticated Information Exposure\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-05-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"6d53cd00-3d7b-4096-bc25-354fd4020f8b"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d53cd00-3d7b-4096-bc25-354fd4020f8b?source=api-prod","cve":"CVE-2024-34549","affectedVersions":"<=2.2.2","severity":"medium"},{"advisoryId":"WPSECADV/WF/8b1af76a-3836-4527-9ea6-8bffa173a84e/wp-job-manager","title":"WP Job Manager <= 2.0.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-01-05 00:00:00","sources":[{"name":"Wordfence","remoteId":"8b1af76a-3836-4527-9ea6-8bffa173a84e"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1af76a-3836-4527-9ea6-8bffa173a84e?source=api-prod","cve":"CVE-2023-52211","affectedVersions":"<=2.0.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/a4f8585b-5d69-4ef9-a49c-70f59a392ef9/wp-job-manager","title":"WP Job Manager <= 2.4.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-01-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"a4f8585b-5d69-4ef9-a49c-70f59a392ef9"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8585b-5d69-4ef9-a49c-70f59a392ef9?source=api-prod","cve":"CVE-2026-25404","affectedVersions":"<=2.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/b96f40fe-3ffa-4fc5-b51a-ff3771224bd5/wp-job-manager","title":"WP Job Manager <= 1.31.2 - PHP Object Injection via PHAR Deserialization\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2019-01-07 00:00:00","sources":[{"name":"Wordfence","remoteId":"b96f40fe-3ffa-4fc5-b51a-ff3771224bd5"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b96f40fe-3ffa-4fc5-b51a-ff3771224bd5?source=api-prod","affectedVersions":"<1.31.3","severity":"high"},{"advisoryId":"WPSECADV/WF/d8029737-f3ad-4025-948a-ba0298c0869d/wp-job-manager","title":"WP Job Manager <= 1.26.1 - Arbitrary File Upload\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2016-07-11 00:00:00","sources":[{"name":"Wordfence","remoteId":"d8029737-f3ad-4025-948a-ba0298c0869d"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8029737-f3ad-4025-948a-ba0298c0869d?source=api-prod","affectedVersions":"<1.26.2","severity":"high"}] \ No newline at end of file diff --git a/internal/data/assets/plugin_7770632d62616467652d6d616e6167656d656e74811c9dc5_gen.json b/internal/data/assets/plugin_7770632d62616467652d6d616e6167656d656e74811c9dc5_gen.json index 38007a7f..ef2dc526 100644 --- a/internal/data/assets/plugin_7770632d62616467652d6d616e6167656d656e74811c9dc5_gen.json +++ b/internal/data/assets/plugin_7770632d62616467652d6d616e6167656d656e74811c9dc5_gen.json @@ -1 +1 @@ -[{"advisoryId":"WPSECADV/WF/1db1c415-7c57-47bb-82d9-44168259ae1a/wpc-badge-management","title":"WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"1db1c415-7c57-47bb-82d9-44168259ae1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1db1c415-7c57-47bb-82d9-44168259ae1a?source=api-prod","cve":"CVE-2024-30537","affectedVersions":"<=2.4.0","severity":"medium"}] \ No newline at end of file +[{"advisoryId":"WPSECADV/WF/1db1c415-7c57-47bb-82d9-44168259ae1a/wpc-badge-management","title":"WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2024-03-29 00:00:00","sources":[{"name":"Wordfence","remoteId":"1db1c415-7c57-47bb-82d9-44168259ae1a"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1db1c415-7c57-47bb-82d9-44168259ae1a?source=api-prod","cve":"CVE-2024-30537","affectedVersions":"<=2.4.0","severity":"medium"},{"advisoryId":"WPSECADV/WF/bf02edc9-2bb6-4ceb-b2a1-63f95c8becb3/wpc-badge-management","title":"WPC Badge Management for WooCommerce <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute\n### Copyright 1999-2026 The MITRE Corporation\nCVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.\nhttps://www.cve.org/Legal/TermsOfUse\n### Copyright 2012-2026 Defiant Inc.\nDefiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.\nhttps://www.wordfence.com/wordfence-intelligence-terms-and-conditions/","reportedAt":"2026-05-12 00:00:00","sources":[{"name":"Wordfence","remoteId":"bf02edc9-2bb6-4ceb-b2a1-63f95c8becb3"}],"link":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf02edc9-2bb6-4ceb-b2a1-63f95c8becb3?source=api-prod","cve":"CVE-2025-14767","affectedVersions":"<=3.1.6","severity":"medium"}] \ No newline at end of file diff --git a/internal/data/assets_gen_test.go b/internal/data/assets_gen_test.go index 265a878b..0b065ef5 100644 --- a/internal/data/assets_gen_test.go +++ b/internal/data/assets_gen_test.go @@ -2574,6 +2574,7 @@ func plugins() []string { "comparepress", "comparimager-elementor", "comparison-slider", + "compe-woo-compare-products", "competition-form", "compfight", "complete-gallery-manager", @@ -7068,6 +7069,7 @@ func plugins() []string { "magic-carousel", "magic-conversation-for-gravity-forms", "magic-edge-lite-image-background-remover", + "magic-export-import", "magic-fields", "magic-google-maps", "magic-import-document-extractor", @@ -10964,6 +10966,7 @@ func plugins() []string { "snipe-nginx-cache", "sniplets", "snippy", + "snow-monkey-blocks", "snow-monkey-forms", "snow-storm", "so-audible",