Auto-Update: 2025-02-20T09:00:40.892867+00:00

CVE-2024/CVE-2024-131xx/CVE-2024-13155.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-13155",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-20T08:15:21.367",
+  "lastModified": "2025-02-20T08:15:21.367",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code base, to apply the patch, the affected widget: Transparent Split Hero must be deleted and reinstalled manually."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://unlimited-elements.com/change-log/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63ba4880-9fbb-42e3-a8db-8115eb832b13?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-02-20T07:00:23.100469+00:00
+2025-02-20T09:00:40.892867+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-02-20T06:15:21.673000+00:00
+2025-02-20T08:15:21.367000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-281868
+281869
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `1`
 
-- [CVE-2024-13445](CVE-2024/CVE-2024-134xx/CVE-2024-13445.json) (`2025-02-20T05:15:14.373`)
+- [CVE-2024-13155](CVE-2024/CVE-2024-131xx/CVE-2024-13155.json) (`2025-02-20T08:15:21.367`)
-- [CVE-2025-26856](CVE-2025/CVE-2025-268xx/CVE-2025-26856.json) (`2025-02-20T06:15:21.673`)
-- [CVE-2025-27218](CVE-2025/CVE-2025-272xx/CVE-2025-27218.json) (`2025-02-20T05:15:15.270`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2025-20617](CVE-2025/CVE-2025-206xx/CVE-2025-20617.json) (`2025-02-20T06:15:20.277`)
 
 
 ## Download and Usage

_state.csv

@@ -246310,6 +246310,7 @@ CVE-2024-1315,0,0,ae67b7f13a317bdc1be64b4fdf580a08492423f203ba37c909a5dc9e35687d
 CVE-2024-13152,0,0,1623718d378ce88a22bbad626a4c6a35c6f57e2c6234ac08eff4555d55063391,2025-02-14T13:15:42.170000
 CVE-2024-13153,0,0,e5372006a19c4f2229d5d82f2f00e097ecc1dd71c1df06bd0280614a58d1fbcf,2025-01-09T09:15:07.243000
 CVE-2024-13154,0,0,8b848cb4ffbbf3d5300b505058bccc136fae4b33341f37a24f40fb8ac9f235ba,2025-01-13T21:15:11.970000
+CVE-2024-13155,1,1,abc846c187ee610be36b9327ce826db0bbe36e3bd8c2ca0e9dc519f899621278,2025-02-20T08:15:21.367000
 CVE-2024-13156,0,0,30f08a5146793529d2149bd8fe28d1d230f7d62ef9b057e2393b31a9d88e81a0,2025-01-14T09:15:20.910000
 CVE-2024-13157,0,0,80e03db47d7aeaaff8ebfe5d3bb0d4e0a672091f1b6d6e0617afb0f75c61e9a3,2025-01-31T09:15:06.617000
 CVE-2024-13158,0,0,d921bcc53f0c4810cb7f77f962be3471977624bd876c8c3eed3db3c6a249539e,2025-01-14T18:15:26.020000
@@ -246577,7 +246578,7 @@ CVE-2024-13440,0,0,5766e7a438a8e4269354aacca2cf4360d814b2b0ba936161bc318042a1e4a
 CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000
 CVE-2024-13443,0,0,5e0554feb4a2f4dbf6619974907598a97160af25d67a3f0cb251733bc39feede,2025-02-19T04:15:10.360000
 CVE-2024-13444,0,0,f559be4a09d3b0d4718253e232ed1d6b01b700beffd4896c1d6f62eac4116d3c,2025-01-21T11:15:09.450000
-CVE-2024-13445,1,1,ca602141b3e6fd986c90924d4149efcdf57ad7ab8a4330bad37a4c1cbfb7a9a5,2025-02-20T05:15:14.373000
+CVE-2024-13445,0,0,ca602141b3e6fd986c90924d4149efcdf57ad7ab8a4330bad37a4c1cbfb7a9a5,2025-02-20T05:15:14.373000
 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000
 CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6b70,2025-01-30T18:01:07.080000
 CVE-2024-13449,0,0,52b88677fd423c43b44e149505ef75bf01f315f780529f08af2d104c0e8e8913,2025-02-04T18:12:53.713000
@@ -279593,7 +279594,7 @@ CVE-2025-20205,0,0,4278aa005556418073946cc1ae2642befa148c4c7c75ec9371531ea83b7f1
 CVE-2025-20207,0,0,537a08241e1e6ea4cdc531e9044478bd507e9b33494cfba735a09875a6c335c1,2025-02-05T17:15:26.410000
 CVE-2025-20211,0,0,ab1049982f8a4ac46b9f050aa2c9e173ce4badc4048d39ecbd7e35ed3dbb8983,2025-02-19T16:15:41.163000
 CVE-2025-20615,0,0,7bf2f14d71ca066d1f71371dd6af37fe50ec1afd8739580fa516ac8ff703a51f,2025-02-13T22:15:11.590000
-CVE-2025-20617,0,1,c8bfdf3a13c0fef33afce1eb72104d7b2280ba78c5b2dced7cd944ea31c0a2c7,2025-02-20T06:15:20.277000
+CVE-2025-20617,0,0,c8bfdf3a13c0fef33afce1eb72104d7b2280ba78c5b2dced7cd944ea31c0a2c7,2025-02-20T06:15:20.277000
 CVE-2025-20620,0,0,3537bfd354e2e5606a7442449870297aadd63b5c6f244c03eb513f3f9ee090eb,2025-01-14T10:15:07.860000
 CVE-2025-20621,0,0,060306fc4f84916fe909badb69a5829b34e2103b61fada341bb3713a68cfaebc,2025-01-16T19:15:29.960000
 CVE-2025-20630,0,0,0cb6d1c0b91807d74fd49faca2a027b3e775f1213907ee8f88e4e58cb3b78a59,2025-01-16T19:15:30.110000
@@ -281859,11 +281860,11 @@ CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c
 CVE-2025-26791,0,0,26890395366e56c551a6ef36e1b66be0cbc180a8be1a68af298b9b716ff6b5e5,2025-02-14T16:15:37.350000
 CVE-2025-26793,0,0,23a8e0213a0ca1b8120177cee0a8b3703ebe8289aad842eda98d1b97dcb6bf7f,2025-02-15T15:15:23.587000
 CVE-2025-26819,0,0,7afd4e7cb03752c52e5526c11c2ec114770ff5f83e4468a7bb7571814f4cc158,2025-02-15T00:15:28.510000
-CVE-2025-26856,1,1,97d830a9ee806f0ef850d5b5eea5c095e7e2e4dee4401ad5b7fd9fb34c2341f7,2025-02-20T06:15:21.673000
+CVE-2025-26856,0,0,97d830a9ee806f0ef850d5b5eea5c095e7e2e4dee4401ad5b7fd9fb34c2341f7,2025-02-20T06:15:21.673000
 CVE-2025-27013,0,0,f948cc3f5edcc63c02fbe1aa3ab5587f3b1659a21b1a5f943b19bb040cbb2d15,2025-02-18T20:15:33.880000
 CVE-2025-27016,0,0,04fa07ed62d9b49f3b31ebda2ac8455c38c6351226a3cae9904a3c1abe91e83f,2025-02-18T20:15:34.013000
 CVE-2025-27089,0,0,e1cd39d7d2d496ca126251592ce334845a8dbaa95837461791aefc38c5c96ee4,2025-02-19T17:15:15.800000
 CVE-2025-27090,0,0,1f7a1f68f44411e4af49caeac1dba85d17f51b5d72f982d15d3cbe07a63e4481,2025-02-19T22:15:24.247000
 CVE-2025-27092,0,0,a2d77f19ec65de3c929cda30f22d3993a6f6513f45b321406307690349bba5d0,2025-02-19T23:15:15.957000
 CVE-2025-27113,0,0,5361e7323e42f3b09824985b5c3b788849d795bb02cd5dec29aec9ac11d6b7a1,2025-02-18T23:15:10.960000
-CVE-2025-27218,1,1,40b16171d941ca5d442e2983417f31e8c5c3dec3980d6c4e3b1b2213673eeb44,2025-02-20T05:15:15.270000
+CVE-2025-27218,0,0,40b16171d941ca5d442e2983417f31e8c5c3dec3980d6c4e3b1b2213673eeb44,2025-02-20T05:15:15.270000