diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2253.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2253.json new file mode 100644 index 00000000000..8096c0c5b8a --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2253.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2253", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T04:15:09.793", + "lastModified": "2024-05-30T04:15:09.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/widgets/testimonials-carousel/class-testimonialscarousel-employees.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d559b862-ee07-4207-8c64-81961516a046?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3063.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3063.json new file mode 100644 index 00000000000..f0535940596 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3063.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3063", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T04:15:10.140", + "lastModified": "2024-05-30T04:15:10.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3088737%40wpb-elementor-addons&new=3088737%40wpb-elementor-addons&sfp_email=&sfph_mail=#file44", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a832e2b-a900-4057-96fc-1bd6899e3950?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3190.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3190.json new file mode 100644 index 00000000000..50cee9db2a2 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3190.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3190", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T04:15:10.417", + "lastModified": "2024-05-30T04:15:10.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this vulnerability is different in that the issue stems from an external template. It appears that older version may also be patched due to this, however, we are choosing 1.5.108 as the patched version since that is the most recent version containing as known patch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3090199%40unlimited-elements-for-elementor&new=3090199%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78d8ddc9-69ad-4d69-ac23-5a31dfeafd54?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3269.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3269.json new file mode 100644 index 00000000000..201070a87f6 --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3269.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3269", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T04:15:10.697", + "lastModified": "2024-05-30T04:15:10.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3092928/download-monitor/trunk?contextall=1&old=3070504&old_path=%2Fdownload-monitor%2Ftrunk", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c454a958-91c4-4847-91f6-dedebf857964?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3277.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3277.json new file mode 100644 index 00000000000..0c2bbf7b763 --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3277.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3277", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:55.073", + "lastModified": "2024-05-30T05:15:55.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/trunk/yumpu.php#L259", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed507ac7-6732-4315-99dd-0a8636cc9cc3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3943.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3943.json new file mode 100644 index 00000000000..f7c7a909242 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3943.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3943", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:55.373", + "lastModified": "2024-05-30T05:15:55.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L225", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/406f6bd7-f57f-4725-a36f-9846ac04f945?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3945.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3945.json new file mode 100644 index 00000000000..b373084a7f4 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3945.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3945", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:55.590", + "lastModified": "2024-05-30T05:15:55.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L273", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69475bec-1f27-4793-8697-1132ac701c62?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3946.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3946.json new file mode 100644 index 00000000000..3bf99657ba1 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3946.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3946", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:55.800", + "lastModified": "2024-05-30T05:15:55.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L304", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de648bea-35c5-4611-aa2f-79e37a0299bb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3947.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3947.json new file mode 100644 index 00000000000..bb5ab34d030 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3947.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3947", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:55.993", + "lastModified": "2024-05-30T05:15:55.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L304", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c132cfc1-03b3-4616-9a66-871e88c857cb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4218.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4218.json new file mode 100644 index 00000000000..d81992107bc --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4218.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4218", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:56.183", + "lastModified": "2024-05-30T05:15:56.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.7. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/affieasy/tags/1.1.6", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/095a2262-1da2-4f79-896c-6d48eb079a7b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4356.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4356.json new file mode 100644 index 00000000000..06419ae874c --- /dev/null +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4356.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4356", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T05:15:56.540", + "lastModified": "2024-05-30T05:15:56.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/list-categories/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e24306a-b741-4840-b238-e37138425bf8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5223.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5223.json new file mode 100644 index 00000000000..c195294e5e9 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5223.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-5223", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T04:15:10.963", + "lastModified": "2024-05-30T04:15:10.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.0.4/addons/custom_font/Custom_Font.php#L13", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3093051/ultimate-post/trunk/addons/custom_font/Custom_Font.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7234d4b9-a575-428a-9d08-2dc62ba41c30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 327f4ecdf15..39e616f2a5e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-30T04:00:40.989461+00:00 +2024-05-30T06:00:38.769395+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-30T03:15:08.467000+00:00 +2024-05-30T05:15:56.540000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -252081 +252093 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `12` -- [CVE-2024-3726](CVE-2024/CVE-2024-37xx/CVE-2024-3726.json) (`2024-05-30T03:15:08.237`) -- [CVE-2024-5514](CVE-2024/CVE-2024-55xx/CVE-2024-5514.json) (`2024-05-30T03:15:08.467`) +- [CVE-2024-2253](CVE-2024/CVE-2024-22xx/CVE-2024-2253.json) (`2024-05-30T04:15:09.793`) +- [CVE-2024-3063](CVE-2024/CVE-2024-30xx/CVE-2024-3063.json) (`2024-05-30T04:15:10.140`) +- [CVE-2024-3190](CVE-2024/CVE-2024-31xx/CVE-2024-3190.json) (`2024-05-30T04:15:10.417`) +- [CVE-2024-3269](CVE-2024/CVE-2024-32xx/CVE-2024-3269.json) (`2024-05-30T04:15:10.697`) +- [CVE-2024-3277](CVE-2024/CVE-2024-32xx/CVE-2024-3277.json) (`2024-05-30T05:15:55.073`) +- [CVE-2024-3943](CVE-2024/CVE-2024-39xx/CVE-2024-3943.json) (`2024-05-30T05:15:55.373`) +- [CVE-2024-3945](CVE-2024/CVE-2024-39xx/CVE-2024-3945.json) (`2024-05-30T05:15:55.590`) +- [CVE-2024-3946](CVE-2024/CVE-2024-39xx/CVE-2024-3946.json) (`2024-05-30T05:15:55.800`) +- [CVE-2024-3947](CVE-2024/CVE-2024-39xx/CVE-2024-3947.json) (`2024-05-30T05:15:55.993`) +- [CVE-2024-4218](CVE-2024/CVE-2024-42xx/CVE-2024-4218.json) (`2024-05-30T05:15:56.183`) +- [CVE-2024-4356](CVE-2024/CVE-2024-43xx/CVE-2024-4356.json) (`2024-05-30T05:15:56.540`) +- [CVE-2024-5223](CVE-2024/CVE-2024-52xx/CVE-2024-5223.json) (`2024-05-30T04:15:10.963`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -- [CVE-2024-4436](CVE-2024/CVE-2024-44xx/CVE-2024-4436.json) (`2024-05-30T02:15:47.300`) -- [CVE-2024-4437](CVE-2024/CVE-2024-44xx/CVE-2024-4437.json) (`2024-05-30T02:15:47.433`) -- [CVE-2024-4438](CVE-2024/CVE-2024-44xx/CVE-2024-4438.json) (`2024-05-30T02:15:47.537`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e65593eca18..28f698929db 100644 --- a/_state.csv +++ b/_state.csv @@ -243333,6 +243333,7 @@ CVE-2024-22520,0,0,9b6223a53e180c3295f59e3aa1be5500dd113bead8df3efd63052e10ac314 CVE-2024-22523,0,0,c46fa576c9efc04bfa68e9b9b048feb02140ef1745b4ca662893a1dcd1fc7e20,2024-02-05T18:45:22.323000 CVE-2024-22526,0,0,75ace6c927ced5f7ea482234fce681438e4968b2221e8e0044ae8bc44e2d2849,2024-04-12T12:43:46.210000 CVE-2024-22529,0,0,f41d09d708d73657afdb982e616544d0858f64a9413ba7f1cfbd6a4f36b177fc,2024-01-31T18:42:44.573000 +CVE-2024-2253,1,1,df4c554be86698eb39eee9cf06e3eda86d2d89b582ab8c1a1f8cd2700a16feeb,2024-05-30T04:15:09.793000 CVE-2024-22532,0,0,6fad183b739b464d3003075e09f3da32b728992a253a18db27cbf8640f312c28,2024-02-29T13:49:47.277000 CVE-2024-22533,0,0,84ada03ee37935d281b6ef02f8758f6d805bf66c7cac8fad1d52934fdf1b61ec,2024-02-10T04:09:13.303000 CVE-2024-22543,0,0,4bbc43f5b3e2685d1c9696fcc6499264d266d040456549b4c4eb8710fde430af,2024-02-27T14:20:06.637000 @@ -248272,6 +248273,7 @@ CVE-2024-30626,0,0,dd61e51a8ba5f6151ec2012c267de9a8f4363b4511aa2015e23176fa696a1 CVE-2024-30627,0,0,24e44b422d8dfb4f461acd1e40ed917b1185c728791e5ef89a24408fed2d5d20,2024-03-29T13:28:22.880000 CVE-2024-30628,0,0,c1cfcec997f2b440177dbb4bb1c457eafabcb3c3a8d68d5d2db04b4e94344284,2024-03-29T13:28:22.880000 CVE-2024-30629,0,0,7117658aa143fa0c45ef2d66dbdbe5496577b3ed8e4e0a0ce7de2a66765ffd4a,2024-03-29T13:28:22.880000 +CVE-2024-3063,1,1,d23297bd0d8ddb2e558677f2ee2e38122d2f7e72c29e7063ab1ce233afc0b67c,2024-05-30T04:15:10.140000 CVE-2024-30630,0,0,a78dc6e5837056dc63e94f8b90ccdcfb900ec6350574c1ab0600191f9de26eb6,2024-03-29T13:28:22.880000 CVE-2024-30631,0,0,428fc47458d23d355f563629d61eef5861a5f604ce69860222a6765139b17b6a,2024-03-29T13:28:22.880000 CVE-2024-30632,0,0,a817d09d9ada60d9737215466a32bcc347282a2f0fd24eb4b23a6745cca6615e,2024-03-29T13:28:22.880000 @@ -248894,6 +248896,7 @@ CVE-2024-3189,0,0,1214acc8d4ffdbc5da1a7913ab352a27b53d04d94b5a178d0c09d285be9bf4 CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000 CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000 CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000 +CVE-2024-3190,1,1,09d4d21d853bdb5ff73ac7c6548b793584785b7dca93ba5fbe15daa6506cb897,2024-05-30T04:15:10.417000 CVE-2024-31904,0,0,f581f8d898f5db4b0367557c06fa4b666380cc23610e816c03e35138e889ca3c,2024-05-24T01:15:30.977000 CVE-2024-3191,0,0,8cf962bd9b56831bd79ade84a34de9b023bb925809cd58e4b9fc80c44fe6835a,2024-05-17T02:39:45.973000 CVE-2024-3192,0,0,e3aebeb6cd86739531dd732871b7a29e3a45f5c2393a43be256648b47f7f7a36,2024-05-17T02:39:46.077000 @@ -249419,6 +249422,7 @@ CVE-2024-32686,0,0,852c454a1d3bbf27e69c45ac3a82e5061f231ff76a794447de0366c288490 CVE-2024-32687,0,0,a086d5b324c1fb3e15319d9ade5180576e51b429460cf8b16542df9ee987dffc,2024-04-22T13:28:34.007000 CVE-2024-32688,0,0,7f41951b1eb13319bfb8b893fa89901a983c98497ebd74b7a49d01c4670e5fb3,2024-04-22T13:28:34.007000 CVE-2024-32689,0,0,16874a71c9e632f769995766bf2f4ed6e183b5fc555d1d7f129ab5a8c673df33,2024-04-18T13:04:28.900000 +CVE-2024-3269,1,1,08f07170e761faa11ef1843c2c2f7880f1510deeacbc594f95cdb5748f9f5911,2024-05-30T04:15:10.697000 CVE-2024-32690,0,0,a5c3efbe443cf42b8bcd8044eca65a720a8f83179f73ad11a935d5b1da69e0fc,2024-04-22T13:28:43.747000 CVE-2024-32691,0,0,6bf77f40ecd5cf4c30ab2ae6de9b94e9df1ad90bb17dd1fa390b1b8ff8545003,2024-04-22T13:28:34.007000 CVE-2024-32692,0,0,21de28715efe09392228fa104a5dd680f47fa0b3c5f64f2e6c643d84e747cf6b,2024-05-17T18:35:35.070000 @@ -249474,6 +249478,7 @@ CVE-2024-32760,0,0,79cdaca9f99e33e6636cdff5c81a457807cc422bf4e494e3ee57e4eb5dee5 CVE-2024-32761,0,0,ce6e18957362490cfabf91767930741349195476d374863f1eaf0c6108afcfd0,2024-05-08T17:05:24.083000 CVE-2024-32764,0,0,bc3d072b957e003e653de0b420ab306da82665736b4d7b512b364e6134049d7c,2024-04-26T15:32:22.523000 CVE-2024-32766,0,0,7119553a94fda386a48677f0171c3a85e12acf48042d943380d9db048f166a25,2024-04-26T15:32:22.523000 +CVE-2024-3277,1,1,37c84dfbe734af63638a00f5cd275238f8b1b8fc6bb014855278df04b310999c,2024-05-30T05:15:55.073000 CVE-2024-32772,0,0,2d4fb680b13b3176b160b34c5ead370c8635624f7414f557ffce882457014cd9,2024-04-24T13:39:42.883000 CVE-2024-32773,0,0,cdf6d9113130bad9f64f16e6cbf7c73f3f39d2ec19b8de9aad6ed1b2402687f3,2024-04-24T17:16:50.397000 CVE-2024-32774,0,0,8dbbf5bd24cbc04a82b5688823250c2b5b1e045ea3a252123fcfbb63193a0806,2024-05-17T18:35:35.070000 @@ -251078,7 +251083,7 @@ CVE-2024-3721,0,0,ec8dc4b0ad5d1d9ba11acb18015142f7d1715fd653f7ca2987e266e9c9e8ef CVE-2024-3722,0,0,7c1b4fae7e86bf4c1bc76a0d39819ffc592a7b598c7675ac0628daa278671c4c,2024-05-14T16:11:39.510000 CVE-2024-3724,0,0,a2f08bb0a2e36a5c374b862fb3e4beff315b3d6672953c5eeabe10290b435e2c,2024-05-02T18:00:37.360000 CVE-2024-3725,0,0,dd194c190207038aca40dcc17eaac7bd7c6f9f34e04d00c016e0de6cd9837da0,2024-05-02T18:00:37.360000 -CVE-2024-3726,1,1,52ab96872537730ad4a95fccb9723048ecd0492f295049d03407875a584b342b,2024-05-30T03:15:08.237000 +CVE-2024-3726,0,0,52ab96872537730ad4a95fccb9723048ecd0492f295049d03407875a584b342b,2024-05-30T03:15:08.237000 CVE-2024-3727,0,0,6b54e6f77ad932a1228e2f32eb0944c54a5e699b6a62b1576b90d56350efe669,2024-05-14T16:11:39.510000 CVE-2024-3728,0,0,43844043222c66b8f700e8c46db9fa69a4e80d2868161363811005c77777bc69,2024-05-02T18:00:37.360000 CVE-2024-3729,0,0,fe9208be005903b27f9e982914c8adbe6ffd46f8d19d93e705d785ecc61de3fc,2024-05-02T18:00:37.360000 @@ -251249,6 +251254,10 @@ CVE-2024-3939,0,0,8db4cbfcc78e197894431199cdad6af4ac1ac13ee2f1028e231ba1f9079317 CVE-2024-3940,0,0,52f7bf6d70193ddf6b45db8d32585f84af1f44b7487d20897766e34b437b8581,2024-05-14T16:11:39.510000 CVE-2024-3941,0,0,3315566f834adaa65bc779c72609390662785ebcc4aac50a6cb30731cb96d90c,2024-05-14T16:11:39.510000 CVE-2024-3942,0,0,e822d69f7c80cdc7914f6c6d228f749a2878411b19bb34f624a4ef0b72687edf,2024-05-02T18:00:37.360000 +CVE-2024-3943,1,1,5376aed73b535466effd58d9ba9a171e2bfa8b84e688c4f6429b0da950ea585b,2024-05-30T05:15:55.373000 +CVE-2024-3945,1,1,e228b0d7ca5bac4bb5fb249f739fdecdf15d09e710cf5233a43711b697e010d9,2024-05-30T05:15:55.590000 +CVE-2024-3946,1,1,743497247ee1d58560c3514e0a4bb75f36e68e51865022cb8ac1a80c8f1f9303,2024-05-30T05:15:55.800000 +CVE-2024-3947,1,1,265159863051d3de6dbcb092f0fc64fb0c3f5f11f56a705efdd63f83c154c9d7,2024-05-30T05:15:55.993000 CVE-2024-3948,0,0,376ea8906f03fda3c144927b149cbacf34b84dec1b654121329bc158cfe1d518,2024-05-17T02:40:12.107000 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000 @@ -251400,6 +251409,7 @@ CVE-2024-4213,0,0,42ea90224045d73e2b0e3583ac57d426d05abb547b5044b93cb751055084fa CVE-2024-4214,0,0,20486a6e70da9590b0bf48d308272f5e2303dba1772619a1d43b68b5a571b06a,2024-05-17T18:35:35.070000 CVE-2024-4215,0,0,0d7dbfaf8275e9ff6c32259712a00cedd32b92104e92991d7893f67c59faf7d0,2024-05-03T12:50:34.250000 CVE-2024-4216,0,0,80b76898bbc4459141293c47297450a985b668060a3a6e72db0d9ef898a4d417,2024-05-03T12:50:34.250000 +CVE-2024-4218,1,1,2a0ba4a491eb1981ee1f36d2adb27b7e6b3925de58a975c4d7a3e3e2331a44c9,2024-05-30T05:15:56.183000 CVE-2024-4222,0,0,baaf2be5207361c5cdba494834d7fd0e14922c0bb0c21401ff4dac917c12e3a7,2024-05-16T13:03:05.353000 CVE-2024-4223,0,0,7874da25b7633a9d0c04e6bbae5b506aa967cf75a9b041fe171571206fd80286,2024-05-16T13:03:05.353000 CVE-2024-4225,0,0,ac71ef092dab43c080586d967efe31f36fc3673c6a3103eaf0a29ff9fdbbfa8b,2024-04-30T13:11:16.690000 @@ -251491,6 +251501,7 @@ CVE-2024-4348,0,0,22aaa400d6ceaa55fdbf2a61503102f340b638c070cbc3ffa22198dc497008 CVE-2024-4349,0,0,d7cb391ad6a3595c020e400bfefef3bf14b6d8b75d9701c79688eb2693bdea7a,2024-05-17T02:40:23.273000 CVE-2024-4351,0,0,84a993fcb461a8c61255d21736701361dc3f453bf42043de26320f65ada00121,2024-05-16T13:03:05.353000 CVE-2024-4352,0,0,ec2049b13794d7b7eea90d377463d8f5c3179de2c6e69d57554c5eced6269751,2024-05-16T13:03:05.353000 +CVE-2024-4356,1,1,665552b3e35c87b19e637f12854b443eebf7cafcbb889598a1c642b7847de2a5,2024-05-30T05:15:56.540000 CVE-2024-4357,0,0,15f39a23a70c5acc3d08c2f81b16ef69b06f28ee37422807405e1ad546411072,2024-05-15T18:35:11.453000 CVE-2024-4358,0,0,c8f40930fe3c6733bdba3289823c127651958d0def91c99c5ae0c8d826a9824a,2024-05-29T15:18:26.427000 CVE-2024-4361,0,0,133909e17de135792173cf72624f64f1510a4ce9cc19a57a2e3a0686665955c8,2024-05-21T12:37:59.687000 @@ -251536,9 +251547,9 @@ CVE-2024-4432,0,0,ae3cdd5c46c6797d426ba6ccc06dc149de7a2ef61b0f773df459dcbe1872dd CVE-2024-4433,0,0,a671ce2518271e49fdeb5cf5eaca489e751e352fe28902a9e3a1500395ee9006,2024-05-02T18:00:37.360000 CVE-2024-4434,0,0,cde9fa120977e75c0573204952d5b71ccbd57bef4f0e70a5b7f5a93b9a0c5d06,2024-05-14T16:11:39.510000 CVE-2024-4435,0,0,00fbe56a3162edeae001d58c5c5c4a8e71f65051db3777fe986060ffca8e632a,2024-05-21T12:37:59.687000 -CVE-2024-4436,0,1,a91428e5a2aa192fb6a697af879af6f14e366dc50cc143a39f5a3fcca97b187b,2024-05-30T02:15:47.300000 -CVE-2024-4437,0,1,61054b22af09e3b0d98a92aa8a0ef52dee86769ebfd9b1f0507b757c8842e26d,2024-05-30T02:15:47.433000 -CVE-2024-4438,0,1,b2a3938b595847aabcc899f73eb7efe44f6e3d720b2c42aa84e0abfa35309b7f,2024-05-30T02:15:47.537000 +CVE-2024-4436,0,0,a91428e5a2aa192fb6a697af879af6f14e366dc50cc143a39f5a3fcca97b187b,2024-05-30T02:15:47.300000 +CVE-2024-4437,0,0,61054b22af09e3b0d98a92aa8a0ef52dee86769ebfd9b1f0507b757c8842e26d,2024-05-30T02:15:47.433000 +CVE-2024-4438,0,0,b2a3938b595847aabcc899f73eb7efe44f6e3d720b2c42aa84e0abfa35309b7f,2024-05-30T02:15:47.537000 CVE-2024-4439,0,0,d4904ab7f03492cebfcab113d16c9db0e8589fc24c413d994223fa5d5b94f71f,2024-05-03T12:48:41.067000 CVE-2024-4440,0,0,51dabd0ed14011a33ac13484b9ff25988940854e7446055f86986b74eaffda88,2024-05-14T19:17:55.627000 CVE-2024-4441,0,0,21bddaae6271b56b94db02a08e641400bfc943be91594296c54fd13926b71ef2,2024-05-14T16:11:39.510000 @@ -251972,6 +251983,7 @@ CVE-2024-5204,0,0,f5f46d30f5f5fcefc4a351787eb0bfde8706d10be20e1d771d5abcd1008399 CVE-2024-5205,0,0,cb36ec671fed104039900e6835467ad487e54c052bb39844cd3bc6979a6fc551,2024-05-24T13:03:11.993000 CVE-2024-5218,0,0,928b5f8d4e08afc285c0cf6e370373ec87899b716b1cb4db68027907b01d2a82,2024-05-28T12:39:42.673000 CVE-2024-5220,0,0,f61a4e43424028e9a9336f6f6ed766295c86a8a5421f6ff87daa2be13ac80d02,2024-05-28T12:39:42.673000 +CVE-2024-5223,1,1,0164c70f6539c9e33a94fcc48bc789cc2a7c554ed40320875d77a0c8873b0ae3,2024-05-30T04:15:10.963000 CVE-2024-5227,0,0,9d34b575e4c4193bf3b7e2c70f772c52e473e90eee580d6cd20ca38df9886e09,2024-05-24T01:15:30.977000 CVE-2024-5228,0,0,0a0ae3d586a473bc70cb0721078887f2918e42e82919d39880ecf7432c31100c,2024-05-24T01:15:30.977000 CVE-2024-5229,0,0,5591fcb6917655cbf3944dcd6615ff3ff9ee2f54b68a25aab97dceee478c25ea,2024-05-28T12:39:42.673000 @@ -252079,4 +252091,4 @@ CVE-2024-5428,0,0,48df461aef64d2744feebfecb3948a4ed7b72d467be8b3109a057cc13cad6e CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000 CVE-2024-5437,0,0,557d2d92d351d0b9c718cc97d7a9d4fae40afc0a93c4cab84fee8196b51766e4,2024-05-29T13:02:09.280000 -CVE-2024-5514,1,1,6a150ba2c86045e5579446c550726902e275536a6c8563a4c173f99d92dc8289,2024-05-30T03:15:08.467000 +CVE-2024-5514,0,0,6a150ba2c86045e5579446c550726902e275536a6c8563a4c173f99d92dc8289,2024-05-30T03:15:08.467000