diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13155.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13155.json new file mode 100644 index 00000000000..3fb9320ecb1 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13155.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13155", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-20T08:15:21.367", + "lastModified": "2025-02-20T08:15:21.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code base, to apply the patch, the affected widget: Transparent Split Hero must be deleted and reinstalled manually." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://unlimited-elements.com/change-log/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63ba4880-9fbb-42e3-a8db-8115eb832b13?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6b31833de75..13c94a4a83f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-20T07:00:23.100469+00:00 +2025-02-20T09:00:40.892867+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-20T06:15:21.673000+00:00 +2025-02-20T08:15:21.367000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281868 +281869 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2024-13445](CVE-2024/CVE-2024-134xx/CVE-2024-13445.json) (`2025-02-20T05:15:14.373`) -- [CVE-2025-26856](CVE-2025/CVE-2025-268xx/CVE-2025-26856.json) (`2025-02-20T06:15:21.673`) -- [CVE-2025-27218](CVE-2025/CVE-2025-272xx/CVE-2025-27218.json) (`2025-02-20T05:15:15.270`) +- [CVE-2024-13155](CVE-2024/CVE-2024-131xx/CVE-2024-13155.json) (`2025-02-20T08:15:21.367`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-20617](CVE-2025/CVE-2025-206xx/CVE-2025-20617.json) (`2025-02-20T06:15:20.277`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 73b5c61fdb0..d77a68902d0 100644 --- a/_state.csv +++ b/_state.csv @@ -246310,6 +246310,7 @@ CVE-2024-1315,0,0,ae67b7f13a317bdc1be64b4fdf580a08492423f203ba37c909a5dc9e35687d CVE-2024-13152,0,0,1623718d378ce88a22bbad626a4c6a35c6f57e2c6234ac08eff4555d55063391,2025-02-14T13:15:42.170000 CVE-2024-13153,0,0,e5372006a19c4f2229d5d82f2f00e097ecc1dd71c1df06bd0280614a58d1fbcf,2025-01-09T09:15:07.243000 CVE-2024-13154,0,0,8b848cb4ffbbf3d5300b505058bccc136fae4b33341f37a24f40fb8ac9f235ba,2025-01-13T21:15:11.970000 +CVE-2024-13155,1,1,abc846c187ee610be36b9327ce826db0bbe36e3bd8c2ca0e9dc519f899621278,2025-02-20T08:15:21.367000 CVE-2024-13156,0,0,30f08a5146793529d2149bd8fe28d1d230f7d62ef9b057e2393b31a9d88e81a0,2025-01-14T09:15:20.910000 CVE-2024-13157,0,0,80e03db47d7aeaaff8ebfe5d3bb0d4e0a672091f1b6d6e0617afb0f75c61e9a3,2025-01-31T09:15:06.617000 CVE-2024-13158,0,0,d921bcc53f0c4810cb7f77f962be3471977624bd876c8c3eed3db3c6a249539e,2025-01-14T18:15:26.020000 @@ -246577,7 +246578,7 @@ CVE-2024-13440,0,0,5766e7a438a8e4269354aacca2cf4360d814b2b0ba936161bc318042a1e4a CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000 CVE-2024-13443,0,0,5e0554feb4a2f4dbf6619974907598a97160af25d67a3f0cb251733bc39feede,2025-02-19T04:15:10.360000 CVE-2024-13444,0,0,f559be4a09d3b0d4718253e232ed1d6b01b700beffd4896c1d6f62eac4116d3c,2025-01-21T11:15:09.450000 -CVE-2024-13445,1,1,ca602141b3e6fd986c90924d4149efcdf57ad7ab8a4330bad37a4c1cbfb7a9a5,2025-02-20T05:15:14.373000 +CVE-2024-13445,0,0,ca602141b3e6fd986c90924d4149efcdf57ad7ab8a4330bad37a4c1cbfb7a9a5,2025-02-20T05:15:14.373000 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000 CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6b70,2025-01-30T18:01:07.080000 CVE-2024-13449,0,0,52b88677fd423c43b44e149505ef75bf01f315f780529f08af2d104c0e8e8913,2025-02-04T18:12:53.713000 @@ -279593,7 +279594,7 @@ CVE-2025-20205,0,0,4278aa005556418073946cc1ae2642befa148c4c7c75ec9371531ea83b7f1 CVE-2025-20207,0,0,537a08241e1e6ea4cdc531e9044478bd507e9b33494cfba735a09875a6c335c1,2025-02-05T17:15:26.410000 CVE-2025-20211,0,0,ab1049982f8a4ac46b9f050aa2c9e173ce4badc4048d39ecbd7e35ed3dbb8983,2025-02-19T16:15:41.163000 CVE-2025-20615,0,0,7bf2f14d71ca066d1f71371dd6af37fe50ec1afd8739580fa516ac8ff703a51f,2025-02-13T22:15:11.590000 -CVE-2025-20617,0,1,c8bfdf3a13c0fef33afce1eb72104d7b2280ba78c5b2dced7cd944ea31c0a2c7,2025-02-20T06:15:20.277000 +CVE-2025-20617,0,0,c8bfdf3a13c0fef33afce1eb72104d7b2280ba78c5b2dced7cd944ea31c0a2c7,2025-02-20T06:15:20.277000 CVE-2025-20620,0,0,3537bfd354e2e5606a7442449870297aadd63b5c6f244c03eb513f3f9ee090eb,2025-01-14T10:15:07.860000 CVE-2025-20621,0,0,060306fc4f84916fe909badb69a5829b34e2103b61fada341bb3713a68cfaebc,2025-01-16T19:15:29.960000 CVE-2025-20630,0,0,0cb6d1c0b91807d74fd49faca2a027b3e775f1213907ee8f88e4e58cb3b78a59,2025-01-16T19:15:30.110000 @@ -281859,11 +281860,11 @@ CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c CVE-2025-26791,0,0,26890395366e56c551a6ef36e1b66be0cbc180a8be1a68af298b9b716ff6b5e5,2025-02-14T16:15:37.350000 CVE-2025-26793,0,0,23a8e0213a0ca1b8120177cee0a8b3703ebe8289aad842eda98d1b97dcb6bf7f,2025-02-15T15:15:23.587000 CVE-2025-26819,0,0,7afd4e7cb03752c52e5526c11c2ec114770ff5f83e4468a7bb7571814f4cc158,2025-02-15T00:15:28.510000 -CVE-2025-26856,1,1,97d830a9ee806f0ef850d5b5eea5c095e7e2e4dee4401ad5b7fd9fb34c2341f7,2025-02-20T06:15:21.673000 +CVE-2025-26856,0,0,97d830a9ee806f0ef850d5b5eea5c095e7e2e4dee4401ad5b7fd9fb34c2341f7,2025-02-20T06:15:21.673000 CVE-2025-27013,0,0,f948cc3f5edcc63c02fbe1aa3ab5587f3b1659a21b1a5f943b19bb040cbb2d15,2025-02-18T20:15:33.880000 CVE-2025-27016,0,0,04fa07ed62d9b49f3b31ebda2ac8455c38c6351226a3cae9904a3c1abe91e83f,2025-02-18T20:15:34.013000 CVE-2025-27089,0,0,e1cd39d7d2d496ca126251592ce334845a8dbaa95837461791aefc38c5c96ee4,2025-02-19T17:15:15.800000 CVE-2025-27090,0,0,1f7a1f68f44411e4af49caeac1dba85d17f51b5d72f982d15d3cbe07a63e4481,2025-02-19T22:15:24.247000 CVE-2025-27092,0,0,a2d77f19ec65de3c929cda30f22d3993a6f6513f45b321406307690349bba5d0,2025-02-19T23:15:15.957000 CVE-2025-27113,0,0,5361e7323e42f3b09824985b5c3b788849d795bb02cd5dec29aec9ac11d6b7a1,2025-02-18T23:15:10.960000 -CVE-2025-27218,1,1,40b16171d941ca5d442e2983417f31e8c5c3dec3980d6c4e3b1b2213673eeb44,2025-02-20T05:15:15.270000 +CVE-2025-27218,0,0,40b16171d941ca5d442e2983417f31e8c5c3dec3980d6c4e3b1b2213673eeb44,2025-02-20T05:15:15.270000