Auto-Update: 2024-04-23T12:00:37.979443+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-23 12:03:27 +00:00 · 2024-04-23 12:03:27 +00:00 · 03d24f08e3
commit 03d24f08e3
parent 65be7a7f0a
6 changed files with 179 additions and 11 deletions
--- a/CVE-2024/CVE-2024-31xx/CVE-2024-3185.json
+++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3185.json
@ -8,6 +8,10 @@
    {
      "lang": "en",
      "value": " A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform.  This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges.  This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent."
+    },
+    {
+      "lang": "es",
+      "value": "Una clave utilizada en logging.json no sigue el principio de privilegio m\u00ednimo de forma predeterminada y est\u00e1 expuesta a los usuarios locales en la plataforma Rapid7. Esto permite que un atacante con acceso local a una m\u00e1quina con el archivo logging.json use esa clave para autenticarse en la plataforma con altos privilegios. Esto se solucion\u00f3 en la plataforma Rapid7 a partir del 3 de abril de 2024 mediante la introducci\u00f3n de una funci\u00f3n restringida y la eliminaci\u00f3n de la generaci\u00f3n autom\u00e1tica de claves API al instalar un agente."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-34xx/CVE-2024-3491.json
+++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3491.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3491",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-23T11:15:45.967",
+  "lastModified": "2024-04-23T11:15:45.967",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \"How To\" and \"FAQ\" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3071620/schema-and-structured-data-for-wp",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e004bba3-d281-4f84-a941-a6c5b64b9dcd?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-36xx/CVE-2024-3665.json
+++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3665.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-3665",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-23T10:15:06.923",
+  "lastModified": "2024-04-23T10:15:06.923",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Rank Math SEO con AI SEO Tools para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets HowTo y FAQ del complemento en todas las versiones hasta la 1.0.216 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.216/includes/modules/schema/blocks/class-block-faq.php#L186",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.216/includes/modules/schema/blocks/class-block-howto.php#L239",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069711%40seo-by-rank-math&new=3069711%40seo-by-rank-math&sfp_email=&sfph_mail=#file6",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069711%40seo-by-rank-math&new=3069711%40seo-by-rank-math&sfp_email=&sfph_mail=#file7",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21341d9c-9f04-4bc6-b9fc-6fa8afd3cf5c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3732.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3732.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-3732",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-23T10:15:07.537",
+  "lastModified": "2024-04-23T10:15:07.537",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory para WordPress, es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'gd_single_tabs' del complemento en todas las versiones hasta la 2.3.48 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071121%40geodirectory&new=3071121%40geodirectory&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a91e786-f570-4c6c-b1c7-0110774cb808?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-23T10:00:38.246099+00:00
+2024-04-23T12:00:37.979443+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-23T09:15:07.023000+00:00
+2024-04-23T11:15:45.967000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-246537
+246540
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

- [CVE-2024-0900](CVE-2024/CVE-2024-09xx/CVE-2024-0900.json) (`2024-04-23T09:15:06.833`)
- [CVE-2024-3185](CVE-2024/CVE-2024-31xx/CVE-2024-3185.json) (`2024-04-23T09:15:07.023`)
- [CVE-2024-3664](CVE-2024/CVE-2024-36xx/CVE-2024-3664.json) (`2024-04-23T08:15:45.177`)
+- [CVE-2024-3491](CVE-2024/CVE-2024-34xx/CVE-2024-3491.json) (`2024-04-23T11:15:45.967`)
+- [CVE-2024-3665](CVE-2024/CVE-2024-36xx/CVE-2024-3665.json) (`2024-04-23T10:15:06.923`)
+- [CVE-2024-3732](CVE-2024/CVE-2024-37xx/CVE-2024-3732.json) (`2024-04-23T10:15:07.537`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2022-25481](CVE-2022/CVE-2022-254xx/CVE-2022-25481.json) (`2024-04-23T08:15:45.060`)
+- [CVE-2024-3185](CVE-2024/CVE-2024-31xx/CVE-2024-3185.json) (`2024-04-23T09:15:07.023`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -193860,7 +193860,7 @@ CVE-2022-25464,0,0,231fd3080576b3684ae82435ee901df2499bdd2b12996f22985cb04f4c481
 CVE-2022-25465,0,0,83ff884fffb03f7448bef58e02010e947d986d6c2e472bc0f3add87f72a5660c,2022-03-11T15:55:36.710000
 CVE-2022-2547,0,0,73d14d5654e374eff01adccf9a7a8251705f6da64d59cea565fd779629f3f010,2022-08-19T01:43:28.157000
 CVE-2022-25471,0,0,3a109f099cb1061a853e5b50f13b9d0fc3efb3654456f758cc15cdf5ad1cc75d,2022-03-09T19:47:15.070000
-CVE-2022-25481,0,1,a4a875f3c30cc7c4d4a435d214cff11d55b4d1e001789a41a9ae5e5d33385ba6,2024-04-23T08:15:45.060000
+CVE-2022-25481,0,0,a4a875f3c30cc7c4d4a435d214cff11d55b4d1e001789a41a9ae5e5d33385ba6,2024-04-23T08:15:45.060000
 CVE-2022-25484,0,0,99a222d35a5c2f1b2db0f90a8390321c73db93867e67f18b2c213513a13e5439,2022-03-28T20:53:05.180000
 CVE-2022-25485,0,0,f943c508b3e38959fea36ca9f014627ff6eee45f93d348f17a276f89be77fc1e,2022-03-23T18:18:46.160000
 CVE-2022-25486,0,0,f49d709b52c7d7fce93d2631d774ac42d59ac75a64d7eb0b86f75b827afbefeb,2022-10-27T19:24:47.267000
@ -239024,7 +239024,7 @@ CVE-2024-0896,0,0,5348557c7ea4ddb4fdb7fdcc9e92238aad12e82aa66cf5c51f44520b0ef95a
 CVE-2024-0897,0,0,54d1bf8163931c80ebde85ab8390c0fecedb390a8355fe15103e3a67a3a29cc9,2024-03-13T18:16:18.563000
 CVE-2024-0898,0,0,8e1a15f2adb6e1251c3b5c487bb49c70d962e45988b99a32b53b9adb0687df3d,2024-03-13T18:16:18.563000
 CVE-2024-0899,0,0,7d5a1ea0e11c81ea4fdf5cc7256f52b0decb0abb96aea80029ec1a81b2559961,2024-04-10T13:24:00.070000
-CVE-2024-0900,1,1,cb433b60adbb648204fa5444a3f480cde06c8792b31caf9d9f1d858e75ae26d9,2024-04-23T09:15:06.833000
+CVE-2024-0900,0,0,cb433b60adbb648204fa5444a3f480cde06c8792b31caf9d9f1d858e75ae26d9,2024-04-23T09:15:06.833000
 CVE-2024-0901,0,0,8395d055c39a2ded7a6676d9f91e364a6c601b11f066a458c7ff4909044d580a,2024-03-26T12:55:05.010000
 CVE-2024-0902,0,0,c022af4b73cd366b52a576af13eecfefbd72fc877962e0376aba015f72537ab5,2024-04-15T13:15:31.997000
 CVE-2024-0903,0,0,4e5a944405938a6def0adf008001af709d311e38e0572265081d65abf85ff9fb,2024-02-22T19:07:27.197000
@ -245845,7 +245845,7 @@ CVE-2024-31841,0,0,de5efd40e0d92babbab87030506b1a212fb4afe9f3f9b49fa0c7d8acedda7
 CVE-2024-31846,0,0,4aa9b2c36e227ec317e3797135e2468ef28cbbea439839bcc511c8ec99315bbc,2024-04-19T16:19:49.043000
 CVE-2024-31848,0,0,2da60f6a287cac48661bc0aa0bb0ac92caa20fc3ae4255bef230dfecf644c92e,2024-04-08T18:49:25.863000
 CVE-2024-31849,0,0,f45798bfe1f17890c1c9f615c3d632efe82fbe29dd84fe4753d6d6beae3b4f6a,2024-04-08T18:49:25.863000
-CVE-2024-3185,1,1,00d394a529ec694786263768aaed709eaea32eeeb5bb724b002c7a8dd50bfb9d,2024-04-23T09:15:07.023000
+CVE-2024-3185,0,1,7d5aee3d07be9ec39704ac3d9974706c9ad0674f1443c2cd3364d807869aabfe,2024-04-23T09:15:07.023000
 CVE-2024-31850,0,0,4dfa9605a049a09744618be099ad889f274ff40fc42a18e168685588a6a44b6d,2024-04-08T18:49:25.863000
 CVE-2024-31851,0,0,0e8250a21123e214b1f09f2b325f0d0e22e98cb6715480d7ac13d673f761eb46,2024-04-08T18:49:25.863000
 CVE-2024-31852,0,0,7a968282e2d23775fda0d6edce03c38caf21ca868b2fca3251339d962c2ec4c6,2024-04-08T18:49:25.863000
@ -246352,6 +246352,7 @@ CVE-2024-3464,0,0,0c53100717f2f28c54c57fbaaef472d29e3cb0ff81ebf61eb104a899922afe
 CVE-2024-3465,0,0,a42aecf57f43969ec60c90b90013ebe0e449783aa33103b39be184486d2b2ca9,2024-04-11T01:26:03.697000
 CVE-2024-3466,0,0,06b3d0b5c629cfcd72994ab03bcc3d914522a60f9b439b6d13775db50704418a,2024-04-11T01:26:03.777000
 CVE-2024-3470,0,0,630f5f35df37b6b978ca7687ce76aaec305cc639bf4ca3fb3b6aed08fe283bb6,2024-04-19T16:19:49.043000
+CVE-2024-3491,1,1,faf3b6d379e6629535a9da007f12e5993e23962b408fdc889f4de5a26877ec61,2024-04-23T11:15:45.967000
 CVE-2024-3493,0,0,63ead7e160b6b2cbd834dd6075f87d345af3361e8d55520f11e81a53e2086aaa,2024-04-16T13:24:07.103000
 CVE-2024-3505,0,0,d46d6b7d35449c168e9ff66f3c93f973f2e1e579109b94b88c63ad7baac2b7b8,2024-04-15T13:15:31.997000
 CVE-2024-3512,0,0,0bde0dc5c2508608f7df2e92075f3b315e69961d5bc617a9cf046c486aab6ef4,2024-04-10T13:23:38.787000
@ -246410,7 +246411,8 @@ CVE-2024-3652,0,0,a467de8b64f8147acdef48edc35752a89afb7d5856e17302ea9c57335ed0f6
 CVE-2024-3654,0,0,7e2b4ab81bb1b43884c0db8e806df093bdf87a3fc5c587d83d67f54180b50daf,2024-04-19T16:19:49.043000
 CVE-2024-3660,0,0,27de83d41a96740d974951cfc0f4ab32e626a768053ae4e7908802eefe823936,2024-04-17T12:48:31.863000
 CVE-2024-3662,0,0,aac492e0cb08799a7f888c46af5bedb595fa2e9ad6dc15c21be50e9dae70066e,2024-04-15T13:15:31.997000
-CVE-2024-3664,1,1,8aa56e3e9a106325054a4f102bf91cc6b5b5e266540265b47d44ed328856fa38,2024-04-23T08:15:45.177000
+CVE-2024-3664,0,0,8aa56e3e9a106325054a4f102bf91cc6b5b5e266540265b47d44ed328856fa38,2024-04-23T08:15:45.177000
+CVE-2024-3665,1,1,84d9a6ae54b89e9f03596e34f3b2e2c9da62b8d2d5ab31800dba00af2f75d21a,2024-04-23T10:15:06.923000
 CVE-2024-3672,0,0,b7de207aaf40bb160711ae23312b83bd4f3d950fbf99cf282ee38b1e3854739f,2024-04-16T13:24:07.103000
 CVE-2024-3684,0,0,693360cd268d4b961448865406a570238e347409fa389434d499b6fc0f790dc0,2024-04-19T16:19:49.043000
 CVE-2024-3685,0,0,2d04d41485feb8a52bd1142022b18bc3f24805efb219d419e0508c4773991260,2024-04-15T13:15:51.577000
@ -246433,6 +246435,7 @@ CVE-2024-3719,0,0,f291ba68ba6e93978bc9c39b527e377db4603f9cf0b58326694ce4a62db069
 CVE-2024-3720,0,0,548129ada226460eeed0bbe63afac7cb948fd16d011c5ffd900fa7625265466b,2024-04-15T13:15:31.997000
 CVE-2024-3721,0,0,e2cd22ce24461bd25c9ec7cb92e927b75c559a9256137266b8480ef946c8e320,2024-04-15T13:15:31.997000
 CVE-2024-3731,0,0,bdcc8f677627b7b108ec8e839a01e7cc6ba34354d6004394dff79046d7838f40,2024-04-19T13:10:25.637000
+CVE-2024-3732,1,1,0cd92d835ab1d877a1b01b9882d820039573565a8ca882f0a6286949b787f6dc,2024-04-23T10:15:07.537000
 CVE-2024-3735,0,0,9300dd852c0feb2e50ee641119a226f214818e2f2843b357387d0b439146ec2c,2024-04-15T13:15:31.997000
 CVE-2024-3736,0,0,8e1e49a70c099a42d25fc2ef350c0eb9767073e2fa96b7ffe6bc4d265c3f8c23,2024-04-15T13:15:31.997000
 CVE-2024-3737,0,0,1990edd10a050a438850658c5a42b3f737afd31a7356a3decab691dfe1bc7cad,2024-04-15T13:15:31.997000