Auto-Update: 2024-09-11T10:00:17.543475+00:00

CVE-2019/CVE-2019-252xx/CVE-2019-25212.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2019-25212",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-11T09:15:01.887",
+  "lastModified": "2024-09-11T09:15:01.887",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-responsive-video-gallery-with-lightbox/tags/1.0.6&new_path=/wp-responsive-video-gallery-with-lightbox/tags/1.0.7&sfp_email=&sfph_mail=#file41",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/wp-responsive-video-gallery-with-lightbox",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-76xx/CVE-2024-7626.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-7626",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-11T08:15:01.950",
+  "lastModified": "2024-09-11T08:15:01.950",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-73"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L260",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L355",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3148996/delicious-recipes/trunk/src/dashboard/class-delicious-recipes-form-handler.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-80xx/CVE-2024-8045.json

@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2024-8045",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-11T08:15:02.170",
+  "lastModified": "2024-09-11T08:15:02.170",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018imageTag\u2019 parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-backgrounds/trunk/assets/admin/gutenberg/block.json#L69",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-backgrounds/trunk/assets/admin/gutenberg/index.min.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-backgrounds/trunk/classes/class-gutenberg.php#L146",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3147938/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/advanced-backgrounds/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78e49869-5e7e-45f2-8239-4df18b28db53?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-82xx/CVE-2024-8277.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8277",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-11T09:15:02.680",
+  "lastModified": "2024-09-11T09:15:02.680",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/woocommerce-photo-reviews/21245349",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-09-11T08:00:19.698308+00:00
+2024-09-11T10:00:17.543475+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-09-11T07:15:04.420000+00:00
+2024-09-11T09:15:02.680000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-262507
+262511
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `4`
 
-- [CVE-2024-3899](CVE-2024/CVE-2024-38xx/CVE-2024-3899.json) (`2024-09-11T06:15:01.870`)
-- [CVE-2024-7716](CVE-2024/CVE-2024-77xx/CVE-2024-7716.json) (`2024-09-11T06:15:02.690`)
-- [CVE-2024-8440](CVE-2024/CVE-2024-84xx/CVE-2024-8440.json) (`2024-09-11T07:15:04.420`)
+- [CVE-2019-25212](CVE-2019/CVE-2019-252xx/CVE-2019-25212.json) (`2024-09-11T09:15:01.887`)
+- [CVE-2024-7626](CVE-2024/CVE-2024-76xx/CVE-2024-7626.json) (`2024-09-11T08:15:01.950`)
+- [CVE-2024-8045](CVE-2024/CVE-2024-80xx/CVE-2024-8045.json) (`2024-09-11T08:15:02.170`)
+- [CVE-2024-8277](CVE-2024/CVE-2024-82xx/CVE-2024-8277.json) (`2024-09-11T09:15:02.680`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -138392,6 +138392,7 @@ CVE-2019-2520,0,0,59ba4c21fd930851ef6ffbb2330129d4dbfa7416d73fe480e781c4f52ef721
 CVE-2019-2521,0,0,557cd7afc62b8b0d5545a61da2b67008378b171f216bd58bad5399af2682286d,2020-08-24T17:37:01.140000
 CVE-2019-25210,0,0,266aa4bd7522d806fa5da076db229c2449a919075778b85ff023cb6f7676cfb1,2024-09-04T18:35:00.600000
 CVE-2019-25211,0,0,469c1561e074b807caf6701e40210358657a37dbe70bde81f85c8d68a4456e96,2024-08-01T13:41:57.540000
+CVE-2019-25212,1,1,b58bd1d81a8a722ec2a2377c20293f4ae1b4a4e5a5fd94029445004268a9c45f,2024-09-11T09:15:01.887000
 CVE-2019-2522,0,0,438e5228ba492857a388b8016b2219394ce3508b8a36f1f8aede8ea3eeec2072,2020-08-24T17:37:01.140000
 CVE-2019-2523,0,0,4a0e4915f05e6fa4b1849fafb208e6fb024214d6840b1c8202b1873b064ed383,2020-08-24T17:37:01.140000
 CVE-2019-2524,0,0,bee2c79f8df3b71e86ab52db9d5dee51c63979ccd70534be30c64d8fa54a9384,2020-08-24T17:37:01.140000
@@ -256238,7 +256239,7 @@ CVE-2024-38984,0,0,7c3f7dcbb9d8db747f3ca9e598aad133b9cb813297db2b8c281b7b8ebe0e4
 CVE-2024-38986,0,0,f88f428c38525ddbc968d1794b1779fbac2144427d1465f154ce6924362299d1,2024-08-08T14:18:47.127000
 CVE-2024-38987,0,0,0c71f898711274c7ac1489fe714f2d31dbe2fc7f130139d062fe917d9ea47c74,2024-07-11T15:06:05.027000
 CVE-2024-38989,0,0,7001f996e8750f893c91dddad8450a9cd0a74e958414e4c24caf0d467ae89875,2024-08-13T14:35:23.670000
-CVE-2024-3899,1,1,7259293fb80e158a31989b7c37a6116b92456fa6eb966e5daa814491e7415907,2024-09-11T06:15:01.870000
+CVE-2024-3899,0,0,7259293fb80e158a31989b7c37a6116b92456fa6eb966e5daa814491e7415907,2024-09-11T06:15:01.870000
 CVE-2024-38990,0,0,501931c40b72ca4a3b10df5757210e9290217859750e859ab66984c960fc5bf4,2024-07-03T02:05:27.837000
 CVE-2024-38991,0,0,94e3c94b29575f02c48116cf5f4eea434bedd332518d74450337fdc7b51e049b,2024-07-03T02:05:28.670000
 CVE-2024-38992,0,0,b7cf9f54a7f4c2067eaf3603c2993c981c393feec4a45aee69ee69a0c7bda224,2024-07-03T02:05:29.473000
@@ -261972,6 +261973,7 @@ CVE-2024-7621,0,0,07161284faa2eb0637370b6ff462e631787a37850cefb6ac5fa6750545dd70
 CVE-2024-7622,0,0,41080b8f1642847053c248a2e34bb5df066f530f68fb68bf2bfb90777306d338,2024-09-06T16:46:26.830000
 CVE-2024-7624,0,0,c87cdcd90fb34d1c79e4bedcfe521cd45a7c97d88fc176665ac59544b2fffb63,2024-08-15T13:01:10.150000
 CVE-2024-7625,0,0,cf7951ec684c41cac7f2f6e12b1507a1eac20d5a4914135abea68670c2031228,2024-08-15T13:01:10.150000
+CVE-2024-7626,1,1,beb44f2e649a132498f80eaf3ea57543e9afe7eae5a6f20393d2b13c7c81d668,2024-09-11T08:15:01.950000
 CVE-2024-7627,0,0,af96392fc36e867c15605b6e1dc599aeac0b5c5d59eb872427406ab6bc591879,2024-09-05T12:53:21.110000
 CVE-2024-7628,0,0,13c6e75993fc4e0ea638854e2c037e11703f2e05b1bb0a7d2173b121da5472cd,2024-08-15T13:01:10.150000
 CVE-2024-7629,0,0,45eb45459388d6798e88edee38a7dd2ceac912098ce5cc3a42af5f252bb2fbc1,2024-08-21T12:30:33.697000
@@ -262043,7 +262045,7 @@ CVE-2024-7709,0,0,4ea4e71ad8cd2325399b6f32c817fafe76ecfe7c20ad1838061c8bb44a136e
 CVE-2024-7711,0,0,d162b2aa52f460525a4de3c665dffbe11ff5ad157026981df71b9201129fde70,2024-08-21T12:30:33.697000
 CVE-2024-7712,0,0,0b5a8e9c5ba36af8bef340cc5ae017c9fa1ba3b9186fddf3fda3dcc554ec2462,2024-08-30T16:15:11.050000
 CVE-2024-7715,0,0,cce2a99e52ea07f4f42d2501434c3e0483cd57d931341a557261d628f3236d39,2024-08-15T15:15:22.690000
-CVE-2024-7716,1,1,c95bb604f481fe4692658870a0ab65c62394686f8eb0e706fff0fd9f65fee64b,2024-09-11T06:15:02.690000
+CVE-2024-7716,0,0,c95bb604f481fe4692658870a0ab65c62394686f8eb0e706fff0fd9f65fee64b,2024-09-11T06:15:02.690000
 CVE-2024-7717,0,0,f37fc224ac1ab42d2f828caf93198cd6646f26bd1e976379d7595c5ee2d24865,2024-09-03T12:59:02.453000
 CVE-2024-7720,0,0,71f1c1973f29e2c7c1373dd24daaa52398594a70072a570fc445a13cbea904ba,2024-09-06T22:33:30.767000
 CVE-2024-7721,0,0,736a0354e0ff2c8662b742b8e226621e68d9c82d2526ed26715f8e47a677c78f,2024-09-11T05:15:03.180000
@@ -262235,6 +262237,7 @@ CVE-2024-8034,0,0,990fb53670bf6f787a3d54c0392722fc0a67a939e8056c22142bc6f2bee92a
 CVE-2024-8035,0,0,e11fe8c378f080395f404658baee2e1c5cd70ef826bdf0b13fe46f85c653ad4a,2024-08-22T17:33:37.407000
 CVE-2024-8041,0,0,6cc075dd4dd503d7a64ec1eb36d717de84b169042dbabd262ae9b25dfe6faf7c,2024-08-23T16:18:28.547000
 CVE-2024-8042,0,0,fe11fe06852bd8872b8038bbdb1b59f9abf17559f4fd0139db22bc4b00f3a1bd,2024-09-09T18:30:12.050000
+CVE-2024-8045,1,1,50ed9204773960db5bbb0ed7ee7c40977ef3e955eb5c5d37322386940ddcb649,2024-09-11T08:15:02.170000
 CVE-2024-8046,0,0,b737fce0801d82db74076beb4b2a2085f8323b47e71780060f37f6f5c3050f1a,2024-08-27T13:01:37.913000
 CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000
 CVE-2024-8071,0,0,ac7c2c7e7df896f6bfe7f17a6e74f8de236e5ec843865384cdf53fde1e533098,2024-08-23T15:34:53.913000
@@ -262357,6 +262360,7 @@ CVE-2024-8260,0,0,812d2a62f9a14f293d2814006504d857c705848c99804aae9066abfa5d1408
 CVE-2024-8268,0,0,ceeeab380c4c185371d3b97780ec883236427fb28d279219c56301bfbb794609,2024-09-10T12:09:50.377000
 CVE-2024-8274,0,0,81f15088246893eaf3249a3304ee5d5199071263c8883a7f9f22c293a16a376a,2024-09-03T14:28:06.853000
 CVE-2024-8276,0,0,33cf21b53b41316bc2e568f752afa4e96bbe73b4ee966f9832ffdb8137ffcc10,2024-09-03T12:59:02.453000
+CVE-2024-8277,1,1,27dc30ad4604983b0ce55b16a1b14e02c318a944ebc49cb001dadd98383a2dc4,2024-09-11T09:15:02.680000
 CVE-2024-8285,0,0,44d06284adb5d71c65e8f3277866d5d546f57dcd495152060c7216923cd6bd07,2024-09-03T12:59:02.453000
 CVE-2024-8289,0,0,900bfbd861154484ed59254bdbec992d28a9742381ab830cf631e50b7fa985ab,2024-09-05T17:41:58.350000
 CVE-2024-8292,0,0,27ea852dc3661b1a76e4e5c3ea5100bde241ea5a5c464db16708c938d4cf0c30,2024-09-06T12:08:04.550000
@@ -262439,7 +262443,7 @@ CVE-2024-8418,0,0,f7342b1aaf36f471815aa50c659bed6ce97deba1a8dc8297ac025dec31c9e4
 CVE-2024-8427,0,0,1d0d7daf1e8474e50325418d52e79c4545246c244dd6a29747e6934be9944c58,2024-09-06T12:08:04.550000
 CVE-2024-8428,0,0,32f99662d2ff0a82eac2c387b5879cdce3b74766786e4d561b16e1b245df448a,2024-09-06T16:46:26.830000
 CVE-2024-8439,0,0,b4eacb6a11dc14d7212cfdbe9629a765b4f24ad00bc9c4fc2289184c4fdae508,2024-09-06T22:15:02.320000
-CVE-2024-8440,1,1,2813db90a2bd9d917cf763410fbca65100265076dacf1d4a3ac57618771c79b2,2024-09-11T07:15:04.420000
+CVE-2024-8440,0,0,2813db90a2bd9d917cf763410fbca65100265076dacf1d4a3ac57618771c79b2,2024-09-11T07:15:04.420000
 CVE-2024-8441,0,0,aedbc8a66ddb38b5f71cfe5675419cb4b6e877a83ac45ee35ca64b7c476af2ed,2024-09-10T21:15:15.613000
 CVE-2024-8443,0,0,621bd25e7d9546c644348ac90f0deeaf8d46e336b2b394eb76981445962692b5,2024-09-10T15:50:57.713000
 CVE-2024-8445,0,0,27d6183cbf221ef18e3639e3533cc8ca212a51b0f7239a93c253eea652cb910f,2024-09-05T17:44:56.007000