From 3651cad6708ee859a4e9d2f4e25d7967742bba93 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Thu, 2 May 2024 08:00:35 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2024/3xxx/CVE-2024-3280.json | 75 ++++++++++++++++++++++++++++++++++--
 2024/4xxx/CVE-2024-4408.json | 18 +++++++++
 2024/4xxx/CVE-2024-4409.json | 18 +++++++++
 3 files changed, 107 insertions(+), 4 deletions(-)
 create mode 100644 2024/4xxx/CVE-2024-4408.json
 create mode 100644 2024/4xxx/CVE-2024-4409.json

diff --git a/2024/3xxx/CVE-2024-3280.json b/2024/3xxx/CVE-2024-3280.json
index 9fb1d948805..e9dfa300532 100644
--- a/2024/3xxx/CVE-2024-3280.json
+++ b/2024/3xxx/CVE-2024-3280.json
@@ -1,17 +1,84 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2024-3280",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@wordfence.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "wpsitenet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Follow Us Badges",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "*",
+                                            "version_value": "3.1.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=cve",
+                "refsource": "MISC",
+                "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=cve"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/changeset/3078718/wpsite-follow-us-badges",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/changeset/3078718/wpsite-follow-us-badges"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Lucio S\u00e1"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+                "baseScore": 6.4,
+                "baseSeverity": "MEDIUM"
             }
         ]
     }
diff --git a/2024/4xxx/CVE-2024-4408.json b/2024/4xxx/CVE-2024-4408.json
new file mode 100644
index 00000000000..9c3d08b961e
--- /dev/null
+++ b/2024/4xxx/CVE-2024-4408.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-4408",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2024/4xxx/CVE-2024-4409.json b/2024/4xxx/CVE-2024-4409.json
new file mode 100644
index 00000000000..cc89922e20f
--- /dev/null
+++ b/2024/4xxx/CVE-2024-4409.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-4409",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
\ No newline at end of file