Auto-Update: 2024-10-22T12:00:32.026300+00:00

2025-05-07 19:16:29 +00:00 · 2024-10-22 12:03:35 +00:00 · 2024-10-22 12:03:35 +00:00 · 1ba7a1b5c9
commit 1ba7a1b5c9
parent b77818697a
4 changed files with 149 additions and 22 deletions
--- a/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json
+++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-10189",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-22T10:15:03.610",
+  "lastModified": "2024-10-22T10:15:03.610",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3171752/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/anchor-episodes-index/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json
+++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-9231",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-22T10:15:07.313",
+  "lastModified": "2024-10-22T10:15:07.313",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members-forms.php#L2198",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members.php#L1960",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3172354/wp-members/trunk/includes/class-wp-members-forms.php?contextall=1",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-22T10:00:49.177711+00:00
+2024-10-22T12:00:32.026300+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-22T09:15:03.497000+00:00
+2024-10-22T10:15:07.313000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-266698
+266700
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `9`
+Recently added CVEs: `2`

- [CVE-2023-52918](CVE-2023/CVE-2023-529xx/CVE-2023-52918.json) (`2024-10-22T08:15:02.277`)
- [CVE-2023-52919](CVE-2023/CVE-2023-529xx/CVE-2023-52919.json) (`2024-10-22T08:15:02.623`)
- [CVE-2024-35308](CVE-2024/CVE-2024-353xx/CVE-2024-35308.json) (`2024-10-22T09:15:02.927`)
- [CVE-2024-9541](CVE-2024/CVE-2024-95xx/CVE-2024-9541.json) (`2024-10-22T08:15:02.920`)
- [CVE-2024-9588](CVE-2024/CVE-2024-95xx/CVE-2024-9588.json) (`2024-10-22T08:15:03.563`)
- [CVE-2024-9589](CVE-2024/CVE-2024-95xx/CVE-2024-9589.json) (`2024-10-22T08:15:04.227`)
- [CVE-2024-9590](CVE-2024/CVE-2024-95xx/CVE-2024-9590.json) (`2024-10-22T08:15:04.807`)
- [CVE-2024-9591](CVE-2024/CVE-2024-95xx/CVE-2024-9591.json) (`2024-10-22T08:15:05.273`)
- [CVE-2024-9987](CVE-2024/CVE-2024-99xx/CVE-2024-9987.json) (`2024-10-22T09:15:03.497`)
+- [CVE-2024-10189](CVE-2024/CVE-2024-101xx/CVE-2024-10189.json) (`2024-10-22T10:15:03.610`)
+- [CVE-2024-9231](CVE-2024/CVE-2024-92xx/CVE-2024-9231.json) (`2024-10-22T10:15:07.313`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -239619,8 +239619,8 @@ CVE-2023-52914,0,0,3e2f63e6fcc2429a7a056b2f17033ece733c3917a2a011b1363b92bf8c84e
 CVE-2023-52915,0,0,ce3c89a4bf7cab80e859d29c06c18dc19c9bdeb973ab832dffae6eeb3861fdf4,2024-09-10T17:12:41.607000
 CVE-2023-52916,0,0,bebcac5d0a36cd875bff11f8b42fd7bc5076a3c1c94e9b8c44be74509c12a53b,2024-09-06T12:08:04.550000
 CVE-2023-52917,0,0,fadae4ec5e5aee737480721d0991bf811403c3e8c62826f0e019ee2079cb11e4,2024-10-21T17:09:45.417000
-CVE-2023-52918,1,1,d659d59feafeb4e663972c60df9621c832ce34299a9404f5fef9cd76cfb7071d,2024-10-22T08:15:02.277000
-CVE-2023-52919,1,1,60e8a1561f256e2cef92b76a61a862095f0d8958679923cdce8386ff7530c603,2024-10-22T08:15:02.623000
+CVE-2023-52918,0,0,d659d59feafeb4e663972c60df9621c832ce34299a9404f5fef9cd76cfb7071d,2024-10-22T08:15:02.277000
+CVE-2023-52919,0,0,60e8a1561f256e2cef92b76a61a862095f0d8958679923cdce8386ff7530c603,2024-10-22T08:15:02.623000
 CVE-2023-5292,0,0,214d7ae5654e29ed0e372211abf39e379cdbd830eab553609e162ffb791fd787,2023-11-07T04:23:48.910000
 CVE-2023-5293,0,0,37b5570c94c226fac17bbeba13451e285dd87937cebf55577645a70e3fbcf851,2024-05-17T02:32:58.843000
 CVE-2023-5294,0,0,91871d88408d7e2bcaad4b05fb484ac2315248d3665cd88ba6ae47f2da8d5f16,2024-05-17T02:32:58.950000
@ -242401,6 +242401,7 @@ CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289
 CVE-2024-10171,0,0,6def7c486839e6a93365a9531b31890798e7138f9c8ee651ff23d937de5aea60,2024-10-21T21:33:26.937000
 CVE-2024-10173,0,0,f6c48dfe45f526ea19e91b20ef708b171d9e0a76591dad105e56c584bb12efdc,2024-10-21T17:09:45.417000
 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000
+CVE-2024-10189,1,1,ffc755e96982501f804ab166cd12d0605832a17249527107c82c3cd65a58ebf1,2024-10-22T10:15:03.610000
 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000
 CVE-2024-10191,0,0,ae2a8289213669e84c05751a0ddedb62a99a16d3765a4056a543c78131666882,2024-10-21T17:09:45.417000
 CVE-2024-10192,0,0,a018e9c3521bd9c30ec2d3bd523510e5e2587cb1110ac8cef21439ccf68f8983,2024-10-21T17:09:45.417000
@ -254441,7 +254442,7 @@ CVE-2024-35304,0,0,6034918ad52f93d1da2bc26a38d2a41af1cec6e4b2633afd9a4c11faed3e6
 CVE-2024-35305,0,0,e31f5a2153df0748351b63d3b29145f978c7628ebc2659ea3282a1f078dca5e0,2024-06-10T18:06:22.600000
 CVE-2024-35306,0,0,ad90645c7ad3fc3d00a11af0348fe264fd3520d218ef28c934a8abfa42cbedb9,2024-06-10T18:06:22.600000
 CVE-2024-35307,0,0,b73247d3e5b323866c011ccf7e1f39f41293535811b1ef82260b19c7e0a4c21f,2024-06-10T18:06:22.600000
-CVE-2024-35308,1,1,091d82fba952e9061ef9171e21dda30194affbecc81e785a577b597b40043591,2024-10-22T09:15:02.927000
+CVE-2024-35308,0,0,091d82fba952e9061ef9171e21dda30194affbecc81e785a577b597b40043591,2024-10-22T09:15:02.927000
 CVE-2024-3531,0,0,a342a9958ba8d00c279b1676525284c1cab302a477225f05f9d97b5deb071134,2024-05-17T02:39:59.430000
 CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c503b,2024-05-29T19:50:25.303000
 CVE-2024-35312,0,0,81ee7e5cffa0828718ff42985b5f71e3223019ea36fce71fb3a2d6856e31b3e3,2024-05-20T13:00:34.807000
@ -266334,6 +266335,7 @@ CVE-2024-9222,0,0,aa75daaaa6f167f771e02be32b7ac6d9115eba757cf38ea3ae7fe336f82931
 CVE-2024-9224,0,0,1efb870d30ff5afb9078703fdeff1bc29463ebfa0c91ad435c25d902219ffec9,2024-10-07T19:19:38.157000
 CVE-2024-9225,0,0,d9b0065994459fe38d594a136ae9cff90cf19d12b5b0208b359cee9d6c2409ea,2024-10-07T20:24:41.420000
 CVE-2024-9228,0,0,cb0dad29f14eeb8fed9baf1de8b4ba619c5e35c4fffb0932ef40f0c6748e195d,2024-10-07T19:01:04.960000
+CVE-2024-9231,1,1,43b348cb1f26ce930c938ed6416160a951ca812f14fcaf3d9080322a9cc8b3d0,2024-10-22T10:15:07.313000
 CVE-2024-9232,0,0,a07f526496bb68b184ee001c7d6cd9744d3cb563b91260e8d60bd9b70cac4bda,2024-10-15T12:58:51.050000
 CVE-2024-9234,0,0,304bee6ceb91eca0cdc00d7cdc49b4c339c82fe3a2287348525c06a570d629da,2024-10-15T12:58:51.050000
 CVE-2024-9237,0,0,fb69e6f6fcfba2cfafb660a24001833586540d01b0ed897e2ee22df678729e15,2024-10-16T15:10:08.390000
@ -266499,7 +266501,7 @@ CVE-2024-9537,0,0,452190c6664f6422cc10e3635c7e8aae7087139e3819c6b70da7292d35f00d
 CVE-2024-9538,0,0,11f6571425b77352661bef56e196d840faf334a919cdd5771fb07fb3f313a4e6,2024-10-15T12:58:51.050000
 CVE-2024-9539,0,0,a0cbd26a327675fb40fcaea93c0a3ea911dbc683021df526355995459666c7a0,2024-10-15T12:57:46.880000
 CVE-2024-9540,0,0,155792833f2c3d33a8c6cc679a0bdb6a5ac3f76d67aede19f5592875c2f877b6,2024-10-16T16:38:14.557000
-CVE-2024-9541,1,1,37a497829fb6688726bec25e4ec82df021bfe297c5f02b3adcabd9b0442eb806,2024-10-22T08:15:02.920000
+CVE-2024-9541,0,0,37a497829fb6688726bec25e4ec82df021bfe297c5f02b3adcabd9b0442eb806,2024-10-22T08:15:02.920000
 CVE-2024-9543,0,0,2a7de8e1e43a15761699f58c8b8bbb57c7e560a2fb555c13127ead0f3f3c7fd9,2024-10-15T12:58:51.050000
 CVE-2024-9546,0,0,ea5318b51e997216e9c0b4c2992b7385f781b09c9935f9fcf746ecd59aedacb8,2024-10-17T13:34:27.890000
 CVE-2024-9548,0,0,23f20b2ca80b43ded081582273555d31a6ef11043d80544e9c344a73e21ef886,2024-10-17T13:46:07.997000
@ -266535,10 +266537,10 @@ CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7
 CVE-2024-9582,0,0,6ec198135418f168eaebdeafd2e2fe73c3f44201fb3d949937a7b4e70c974bf6,2024-10-16T16:38:14.557000
 CVE-2024-9586,0,0,a482a25f032ea940edbd74f8dc11272d0d4fecf517c5613466c04b8bd798dc3e,2024-10-15T12:58:51.050000
 CVE-2024-9587,0,0,081ae6ebdba381265a40b327141c3458d6ec1c5b94d7fb86236bf633a93923d3,2024-10-15T12:58:51.050000
-CVE-2024-9588,1,1,6a3f9ab7e270d754b223fcdbf2cacc2d2bdde581661fe0dd749d86129cb2d158,2024-10-22T08:15:03.563000
-CVE-2024-9589,1,1,4b97bb7a7602c59472c74c941766dbe3191eb96927ec363e1555bcd9eeb5971a,2024-10-22T08:15:04.227000
-CVE-2024-9590,1,1,50428524a2f924e57bb2292f9c22e5a61116c4eb6b73a328593eda0dd37b7aaa,2024-10-22T08:15:04.807000
-CVE-2024-9591,1,1,f44a7253ab70ea0f90dc982d8d950abd1e258eda0deecae702437d3d14e87c84,2024-10-22T08:15:05.273000
+CVE-2024-9588,0,0,6a3f9ab7e270d754b223fcdbf2cacc2d2bdde581661fe0dd749d86129cb2d158,2024-10-22T08:15:03.563000
+CVE-2024-9589,0,0,4b97bb7a7602c59472c74c941766dbe3191eb96927ec363e1555bcd9eeb5971a,2024-10-22T08:15:04.227000
+CVE-2024-9590,0,0,50428524a2f924e57bb2292f9c22e5a61116c4eb6b73a328593eda0dd37b7aaa,2024-10-22T08:15:04.807000
+CVE-2024-9591,0,0,f44a7253ab70ea0f90dc982d8d950abd1e258eda0deecae702437d3d14e87c84,2024-10-22T08:15:05.273000
 CVE-2024-9592,0,0,6f7f83fab1eebba9a1f954ec84a1bbaa3c51a5f9b9c0e4a02c7010d63a53fba8,2024-10-15T12:57:46.880000
 CVE-2024-9593,0,0,cce5b3ee491d6630c052fcb33edfbddbd5dba3d44ec1ac1a1bc92ad9d40ee350,2024-10-21T17:10:22.857000
 CVE-2024-9594,0,0,76152af657dea527c4e562a1c5799c4834f4bf18cf4ca885159373bfd78ad4ca,2024-10-16T16:38:14.557000
@ -266696,4 +266698,4 @@ CVE-2024-9983,0,0,05b40e9cfe77e2a0c57e66e13edd76f3cb7232b22c3913645dde67dce84859
 CVE-2024-9984,0,0,8e8b1dff68b77e14ce417f91873fee227d0458654a790688014355062c7539a9,2024-10-16T22:03:23.407000
 CVE-2024-9985,0,0,35f031595deb3bfd21882874fada51cff590c3c6a37f03f4259fa4136f5b9157,2024-10-16T22:02:08.117000
 CVE-2024-9986,0,0,f83b3609bd670a0cfc3a1c687a45465cc896c6d69e9f1c37efb33a43ca882e79,2024-10-21T13:07:47.700000
-CVE-2024-9987,1,1,fd5a09f27e03f79e4a400586884b3c95544fe1d8a5f7708ec6616a1762b8949a,2024-10-22T09:15:03.497000
+CVE-2024-9987,0,0,fd5a09f27e03f79e4a400586884b3c95544fe1d8a5f7708ec6616a1762b8949a,2024-10-22T09:15:03.497000