From 1ba7a1b5c96fe42d1704575f5359c84cc4509899 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 22 Oct 2024 12:03:35 +0000 Subject: [PATCH] Auto-Update: 2024-10-22T12:00:32.026300+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10189.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-92xx/CVE-2024-9231.json | 68 +++++++++++++++++++++ README.md | 19 ++---- _state.csv | 20 +++--- 4 files changed, 149 insertions(+), 22 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10189.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9231.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json new file mode 100644 index 00000000000..2a12c2884f9 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10189", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-22T10:15:03.610", + "lastModified": "2024-10-22T10:15:03.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3171752/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/anchor-episodes-index/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json new file mode 100644 index 00000000000..7cf81280431 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9231", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-22T10:15:07.313", + "lastModified": "2024-10-22T10:15:07.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members-forms.php#L2198", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members.php#L1960", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3172354/wp-members/trunk/includes/class-wp-members-forms.php?contextall=1", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 81c494d2282..a7deae40fdb 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-22T10:00:49.177711+00:00 +2024-10-22T12:00:32.026300+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-22T09:15:03.497000+00:00 +2024-10-22T10:15:07.313000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266698 +266700 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `2` -- [CVE-2023-52918](CVE-2023/CVE-2023-529xx/CVE-2023-52918.json) (`2024-10-22T08:15:02.277`) -- [CVE-2023-52919](CVE-2023/CVE-2023-529xx/CVE-2023-52919.json) (`2024-10-22T08:15:02.623`) -- [CVE-2024-35308](CVE-2024/CVE-2024-353xx/CVE-2024-35308.json) (`2024-10-22T09:15:02.927`) -- [CVE-2024-9541](CVE-2024/CVE-2024-95xx/CVE-2024-9541.json) (`2024-10-22T08:15:02.920`) -- [CVE-2024-9588](CVE-2024/CVE-2024-95xx/CVE-2024-9588.json) (`2024-10-22T08:15:03.563`) -- [CVE-2024-9589](CVE-2024/CVE-2024-95xx/CVE-2024-9589.json) (`2024-10-22T08:15:04.227`) -- [CVE-2024-9590](CVE-2024/CVE-2024-95xx/CVE-2024-9590.json) (`2024-10-22T08:15:04.807`) -- [CVE-2024-9591](CVE-2024/CVE-2024-95xx/CVE-2024-9591.json) (`2024-10-22T08:15:05.273`) -- [CVE-2024-9987](CVE-2024/CVE-2024-99xx/CVE-2024-9987.json) (`2024-10-22T09:15:03.497`) +- [CVE-2024-10189](CVE-2024/CVE-2024-101xx/CVE-2024-10189.json) (`2024-10-22T10:15:03.610`) +- [CVE-2024-9231](CVE-2024/CVE-2024-92xx/CVE-2024-9231.json) (`2024-10-22T10:15:07.313`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4a413768219..3fecacc5e14 100644 --- a/_state.csv +++ b/_state.csv @@ -239619,8 +239619,8 @@ CVE-2023-52914,0,0,3e2f63e6fcc2429a7a056b2f17033ece733c3917a2a011b1363b92bf8c84e CVE-2023-52915,0,0,ce3c89a4bf7cab80e859d29c06c18dc19c9bdeb973ab832dffae6eeb3861fdf4,2024-09-10T17:12:41.607000 CVE-2023-52916,0,0,bebcac5d0a36cd875bff11f8b42fd7bc5076a3c1c94e9b8c44be74509c12a53b,2024-09-06T12:08:04.550000 CVE-2023-52917,0,0,fadae4ec5e5aee737480721d0991bf811403c3e8c62826f0e019ee2079cb11e4,2024-10-21T17:09:45.417000 -CVE-2023-52918,1,1,d659d59feafeb4e663972c60df9621c832ce34299a9404f5fef9cd76cfb7071d,2024-10-22T08:15:02.277000 -CVE-2023-52919,1,1,60e8a1561f256e2cef92b76a61a862095f0d8958679923cdce8386ff7530c603,2024-10-22T08:15:02.623000 +CVE-2023-52918,0,0,d659d59feafeb4e663972c60df9621c832ce34299a9404f5fef9cd76cfb7071d,2024-10-22T08:15:02.277000 +CVE-2023-52919,0,0,60e8a1561f256e2cef92b76a61a862095f0d8958679923cdce8386ff7530c603,2024-10-22T08:15:02.623000 CVE-2023-5292,0,0,214d7ae5654e29ed0e372211abf39e379cdbd830eab553609e162ffb791fd787,2023-11-07T04:23:48.910000 CVE-2023-5293,0,0,37b5570c94c226fac17bbeba13451e285dd87937cebf55577645a70e3fbcf851,2024-05-17T02:32:58.843000 CVE-2023-5294,0,0,91871d88408d7e2bcaad4b05fb484ac2315248d3665cd88ba6ae47f2da8d5f16,2024-05-17T02:32:58.950000 @@ -242401,6 +242401,7 @@ CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289 CVE-2024-10171,0,0,6def7c486839e6a93365a9531b31890798e7138f9c8ee651ff23d937de5aea60,2024-10-21T21:33:26.937000 CVE-2024-10173,0,0,f6c48dfe45f526ea19e91b20ef708b171d9e0a76591dad105e56c584bb12efdc,2024-10-21T17:09:45.417000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 +CVE-2024-10189,1,1,ffc755e96982501f804ab166cd12d0605832a17249527107c82c3cd65a58ebf1,2024-10-22T10:15:03.610000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 CVE-2024-10191,0,0,ae2a8289213669e84c05751a0ddedb62a99a16d3765a4056a543c78131666882,2024-10-21T17:09:45.417000 CVE-2024-10192,0,0,a018e9c3521bd9c30ec2d3bd523510e5e2587cb1110ac8cef21439ccf68f8983,2024-10-21T17:09:45.417000 @@ -254441,7 +254442,7 @@ CVE-2024-35304,0,0,6034918ad52f93d1da2bc26a38d2a41af1cec6e4b2633afd9a4c11faed3e6 CVE-2024-35305,0,0,e31f5a2153df0748351b63d3b29145f978c7628ebc2659ea3282a1f078dca5e0,2024-06-10T18:06:22.600000 CVE-2024-35306,0,0,ad90645c7ad3fc3d00a11af0348fe264fd3520d218ef28c934a8abfa42cbedb9,2024-06-10T18:06:22.600000 CVE-2024-35307,0,0,b73247d3e5b323866c011ccf7e1f39f41293535811b1ef82260b19c7e0a4c21f,2024-06-10T18:06:22.600000 -CVE-2024-35308,1,1,091d82fba952e9061ef9171e21dda30194affbecc81e785a577b597b40043591,2024-10-22T09:15:02.927000 +CVE-2024-35308,0,0,091d82fba952e9061ef9171e21dda30194affbecc81e785a577b597b40043591,2024-10-22T09:15:02.927000 CVE-2024-3531,0,0,a342a9958ba8d00c279b1676525284c1cab302a477225f05f9d97b5deb071134,2024-05-17T02:39:59.430000 CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c503b,2024-05-29T19:50:25.303000 CVE-2024-35312,0,0,81ee7e5cffa0828718ff42985b5f71e3223019ea36fce71fb3a2d6856e31b3e3,2024-05-20T13:00:34.807000 @@ -266334,6 +266335,7 @@ CVE-2024-9222,0,0,aa75daaaa6f167f771e02be32b7ac6d9115eba757cf38ea3ae7fe336f82931 CVE-2024-9224,0,0,1efb870d30ff5afb9078703fdeff1bc29463ebfa0c91ad435c25d902219ffec9,2024-10-07T19:19:38.157000 CVE-2024-9225,0,0,d9b0065994459fe38d594a136ae9cff90cf19d12b5b0208b359cee9d6c2409ea,2024-10-07T20:24:41.420000 CVE-2024-9228,0,0,cb0dad29f14eeb8fed9baf1de8b4ba619c5e35c4fffb0932ef40f0c6748e195d,2024-10-07T19:01:04.960000 +CVE-2024-9231,1,1,43b348cb1f26ce930c938ed6416160a951ca812f14fcaf3d9080322a9cc8b3d0,2024-10-22T10:15:07.313000 CVE-2024-9232,0,0,a07f526496bb68b184ee001c7d6cd9744d3cb563b91260e8d60bd9b70cac4bda,2024-10-15T12:58:51.050000 CVE-2024-9234,0,0,304bee6ceb91eca0cdc00d7cdc49b4c339c82fe3a2287348525c06a570d629da,2024-10-15T12:58:51.050000 CVE-2024-9237,0,0,fb69e6f6fcfba2cfafb660a24001833586540d01b0ed897e2ee22df678729e15,2024-10-16T15:10:08.390000 @@ -266499,7 +266501,7 @@ CVE-2024-9537,0,0,452190c6664f6422cc10e3635c7e8aae7087139e3819c6b70da7292d35f00d CVE-2024-9538,0,0,11f6571425b77352661bef56e196d840faf334a919cdd5771fb07fb3f313a4e6,2024-10-15T12:58:51.050000 CVE-2024-9539,0,0,a0cbd26a327675fb40fcaea93c0a3ea911dbc683021df526355995459666c7a0,2024-10-15T12:57:46.880000 CVE-2024-9540,0,0,155792833f2c3d33a8c6cc679a0bdb6a5ac3f76d67aede19f5592875c2f877b6,2024-10-16T16:38:14.557000 -CVE-2024-9541,1,1,37a497829fb6688726bec25e4ec82df021bfe297c5f02b3adcabd9b0442eb806,2024-10-22T08:15:02.920000 +CVE-2024-9541,0,0,37a497829fb6688726bec25e4ec82df021bfe297c5f02b3adcabd9b0442eb806,2024-10-22T08:15:02.920000 CVE-2024-9543,0,0,2a7de8e1e43a15761699f58c8b8bbb57c7e560a2fb555c13127ead0f3f3c7fd9,2024-10-15T12:58:51.050000 CVE-2024-9546,0,0,ea5318b51e997216e9c0b4c2992b7385f781b09c9935f9fcf746ecd59aedacb8,2024-10-17T13:34:27.890000 CVE-2024-9548,0,0,23f20b2ca80b43ded081582273555d31a6ef11043d80544e9c344a73e21ef886,2024-10-17T13:46:07.997000 @@ -266535,10 +266537,10 @@ CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7 CVE-2024-9582,0,0,6ec198135418f168eaebdeafd2e2fe73c3f44201fb3d949937a7b4e70c974bf6,2024-10-16T16:38:14.557000 CVE-2024-9586,0,0,a482a25f032ea940edbd74f8dc11272d0d4fecf517c5613466c04b8bd798dc3e,2024-10-15T12:58:51.050000 CVE-2024-9587,0,0,081ae6ebdba381265a40b327141c3458d6ec1c5b94d7fb86236bf633a93923d3,2024-10-15T12:58:51.050000 -CVE-2024-9588,1,1,6a3f9ab7e270d754b223fcdbf2cacc2d2bdde581661fe0dd749d86129cb2d158,2024-10-22T08:15:03.563000 -CVE-2024-9589,1,1,4b97bb7a7602c59472c74c941766dbe3191eb96927ec363e1555bcd9eeb5971a,2024-10-22T08:15:04.227000 -CVE-2024-9590,1,1,50428524a2f924e57bb2292f9c22e5a61116c4eb6b73a328593eda0dd37b7aaa,2024-10-22T08:15:04.807000 -CVE-2024-9591,1,1,f44a7253ab70ea0f90dc982d8d950abd1e258eda0deecae702437d3d14e87c84,2024-10-22T08:15:05.273000 +CVE-2024-9588,0,0,6a3f9ab7e270d754b223fcdbf2cacc2d2bdde581661fe0dd749d86129cb2d158,2024-10-22T08:15:03.563000 +CVE-2024-9589,0,0,4b97bb7a7602c59472c74c941766dbe3191eb96927ec363e1555bcd9eeb5971a,2024-10-22T08:15:04.227000 +CVE-2024-9590,0,0,50428524a2f924e57bb2292f9c22e5a61116c4eb6b73a328593eda0dd37b7aaa,2024-10-22T08:15:04.807000 +CVE-2024-9591,0,0,f44a7253ab70ea0f90dc982d8d950abd1e258eda0deecae702437d3d14e87c84,2024-10-22T08:15:05.273000 CVE-2024-9592,0,0,6f7f83fab1eebba9a1f954ec84a1bbaa3c51a5f9b9c0e4a02c7010d63a53fba8,2024-10-15T12:57:46.880000 CVE-2024-9593,0,0,cce5b3ee491d6630c052fcb33edfbddbd5dba3d44ec1ac1a1bc92ad9d40ee350,2024-10-21T17:10:22.857000 CVE-2024-9594,0,0,76152af657dea527c4e562a1c5799c4834f4bf18cf4ca885159373bfd78ad4ca,2024-10-16T16:38:14.557000 @@ -266696,4 +266698,4 @@ CVE-2024-9983,0,0,05b40e9cfe77e2a0c57e66e13edd76f3cb7232b22c3913645dde67dce84859 CVE-2024-9984,0,0,8e8b1dff68b77e14ce417f91873fee227d0458654a790688014355062c7539a9,2024-10-16T22:03:23.407000 CVE-2024-9985,0,0,35f031595deb3bfd21882874fada51cff590c3c6a37f03f4259fa4136f5b9157,2024-10-16T22:02:08.117000 CVE-2024-9986,0,0,f83b3609bd670a0cfc3a1c687a45465cc896c6d69e9f1c37efb33a43ca882e79,2024-10-21T13:07:47.700000 -CVE-2024-9987,1,1,fd5a09f27e03f79e4a400586884b3c95544fe1d8a5f7708ec6616a1762b8949a,2024-10-22T09:15:03.497000 +CVE-2024-9987,0,0,fd5a09f27e03f79e4a400586884b3c95544fe1d8a5f7708ec6616a1762b8949a,2024-10-22T09:15:03.497000