Auto-Update: 2025-02-22T05:00:22.411123+00:00

2025-05-08 19:47:09 +00:00 · 2025-02-22 05:03:48 +00:00 · 2025-02-22 05:03:48 +00:00 · 1d110ed56b
commit 1d110ed56b
parent 82769345a3
7 changed files with 274 additions and 11 deletions
--- a/CVE-2023/CVE-2023-42xx/CVE-2023-4261.json
+++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4261.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2023-4261",
+  "sourceIdentifier": "vulnerabilities@zephyrproject.org",
+  "published": "2025-02-22T03:15:22.000",
+  "lastModified": "2025-02-22T03:15:22.000",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID is Rejected because the issue was not a vulnerability. The data field reported is not attacker controlled."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-138xx/CVE-2024-13873.json
+++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13873.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13873",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-22T04:15:09.567",
+  "lastModified": "2025-02-22T04:15:09.567",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3242653/wp-job-portal/tags/2.2.9/includes/classes/uploads.php?old=3238353&old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-138xx/CVE-2024-13899.json
+++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13899.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13899",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-22T04:15:09.720",
+  "lastModified": "2025-02-22T04:15:09.720",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/mambo-joomla-importer/trunk/mamboImporter.php#L45",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d448c2-5acc-47f8-8e86-9ef10fa01513?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-15xx/CVE-2025-1509.json
+++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1509.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-1509",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-22T04:15:09.883",
+  "lastModified": "2025-02-22T04:15:09.883",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/show-me-the-cookies/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65d15ceb-ab39-4088-a289-7244063aedf8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-15xx/CVE-2025-1510.json
+++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1510.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-1510",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-22T04:15:10.040",
+  "lastModified": "2025-02-22T04:15:10.040",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/custom-post-type-date-archives/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/996ade9c-2531-4f43-87f6-eddb2ce98a12?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-22T03:00:23.203094+00:00
+2025-02-22T05:00:22.411123+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-22T02:00:01.727000+00:00
+2025-02-22T04:15:10.040000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-282054
+282059
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `5`

- [CVE-2024-22341](CVE-2024/CVE-2024-223xx/CVE-2024-22341.json) (`2025-02-22T01:15:10.507`)
+- [CVE-2023-4261](CVE-2023/CVE-2023-42xx/CVE-2023-4261.json) (`2025-02-22T03:15:22.000`)
+- [CVE-2024-13873](CVE-2024/CVE-2024-138xx/CVE-2024-13873.json) (`2025-02-22T04:15:09.567`)
+- [CVE-2024-13899](CVE-2024/CVE-2024-138xx/CVE-2024-13899.json) (`2025-02-22T04:15:09.720`)
+- [CVE-2025-1509](CVE-2025/CVE-2025-15xx/CVE-2025-1509.json) (`2025-02-22T04:15:09.883`)
+- [CVE-2025-1510](CVE-2025/CVE-2025-15xx/CVE-2025-1510.json) (`2025-02-22T04:15:10.040`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2025-24989](CVE-2025/CVE-2025-249xx/CVE-2025-24989.json) (`2025-02-22T02:00:01.727`)
- [CVE-2025-26794](CVE-2025/CVE-2025-267xx/CVE-2025-26794.json) (`2025-02-22T01:15:10.670`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -233213,6 +233213,7 @@ CVE-2023-42580,0,0,2b1df44a8de07b8684cc66fbc45b5752f9c6297d81ffba9b3b9a82aca4daa
 CVE-2023-42581,0,0,3baa3dc47c75a9975b238f4b231fe77ebed97b105fa08c1bece33c6bedaf6c62,2024-11-21T08:22:50.090000
 CVE-2023-4259,0,0,d29c36fef2a1ffb5f8778f69e7d6c3002ada02ebce679146dcdc997e534d0877,2024-11-21T08:34:44.833000
 CVE-2023-4260,0,0,a47ab2bf1b0f10b7120b64cf4ed4964f4eb454b55d58862541561b2ccd903868,2025-02-13T17:17:17.123000
+CVE-2023-4261,1,1,049573b8b62ef94f8a7873e89a03940a141a465d86ed649fd852f8fbffd3c146,2025-02-22T03:15:22
 CVE-2023-4262,0,0,96c5e685e0ea51dcabf79db9f0bdc769da7bbc4411b11be6252f295df8d63962,2024-08-01T00:15:02.090000
 CVE-2023-42627,0,0,727ecec2f62b05936945fc2044b3a0d69c627f417e6adff8c92ab3aa9ec38ec7,2024-11-21T08:22:50.247000
 CVE-2023-42628,0,0,113b7c4766c05566ca66f2587e91148f4fb3f1c43a3af3b1f12f828e15a92990,2024-11-21T08:22:50.390000
@ -246913,11 +246914,13 @@ CVE-2024-13855,0,0,87ff80a4a4bcadf924c0b68cea8cd371d8a19ee5f045d490959e15e51f021
 CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c824b,2024-11-21T08:50:28.063000
 CVE-2024-13867,0,0,d1ccd3c88095b1998a7fe8f4f64aebb963278c8b08e66fe2014f445cd5f48e2a,2025-02-18T18:41:21.660000
 CVE-2024-1387,0,0,8e6bcbdaec79085616e17d0cff8f7e9074033b4370339ebb2fb375231d6ccb3f,2025-01-07T18:19:26.400000
+CVE-2024-13873,1,1,ddf058f4c75682e8cf7335d38f43094b08f172b8fcc2d656f2cc5238777fc340,2025-02-22T04:15:09.567000
 CVE-2024-13879,0,0,9feaa77a4a107496b778129b23b28c9a020cd8ce5e3b7bb155fa8c6898d38c2d,2025-02-17T16:15:15.950000
 CVE-2024-1388,0,0,4055ac29f5fc98e5c697dde8e9fd854a4a3e80aad935e1d1af922e2721330e53,2025-01-16T15:18:18.140000
 CVE-2024-13883,0,0,dddb8b479d8345e49ddd8f724d4ab3348652441913a63435d046cdd13b4c874c,2025-02-21T04:15:10.160000
 CVE-2024-13888,0,0,c87839d2bca683e4e01b4f16bf4650844bb0d5c14b76b96fd45e3c4854b6fe97,2025-02-20T09:15:09.577000
 CVE-2024-1389,0,0,44c915b89d8f24815db27dcf9521c10fcca5d968291afb2cbd201094aadb9d12,2025-01-27T17:15:51.567000
+CVE-2024-13899,1,1,d4e618d3301d89b67b6787c524f771ae072ae7da4c1f68069e64d4f4683b0db8,2025-02-22T04:15:09.720000
 CVE-2024-1390,0,0,ffdeb8cc4a3b1077717739c1e237f842eedff68b0ec02858887f3acd549f9f88,2025-01-22T16:49:11.553000
 CVE-2024-13900,0,0,e38dcc4fcfc78cce76d078c209401822bf3093a6d9e71c0ee76ba272c5fbfa29,2025-02-21T12:15:30.320000
 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000
@ -249607,7 +249610,7 @@ CVE-2024-22337,0,0,176b2bb99f38a37cc5c4bceef64e53e66f0257dfccc9a4bf213596d99f663
 CVE-2024-22338,0,0,2f5d103b20e176fcbbf750834003442156af5ed8589bffd33826dcce94cd2d4d,2024-11-21T08:56:05.150000
 CVE-2024-22339,0,0,f84cb1f36ac458831eefd9cd784c894dbf751b04ff3bdf01cd3577255e1fd032,2025-01-29T21:27:46.043000
 CVE-2024-2234,0,0,2580af67855545545b0dbe2146fd22b02b33bca58d42a33b34f8d1d966926c31,2024-11-21T09:09:18.983000
-CVE-2024-22341,1,1,752993c6dd85a6878d2c1794f029fb64c987fb6b8e4f8534deb86f522e5a061e,2025-02-22T01:15:10.507000
+CVE-2024-22341,0,0,752993c6dd85a6878d2c1794f029fb64c987fb6b8e4f8534deb86f522e5a061e,2025-02-22T01:15:10.507000
 CVE-2024-22343,0,0,a3ffc2e94274da5793eb1457be21bec9aa8bc9334ca3ffb82f0713c176cb924d,2025-01-14T21:09:37.513000
 CVE-2024-22344,0,0,175ecdaf0188d9abe716b262cfd96bf9fb3ed5588248fdac15f91aea57c0f76b,2025-01-14T21:11:47.730000
 CVE-2024-22345,0,0,38a8ed093a2d89ebacfbdf5199dd9676ac3e38e552270797158ff7cc8e59254b,2025-01-14T21:19:31.517000
@ -279662,6 +279665,8 @@ CVE-2025-1471,0,0,5f2308ef243e2997d93c627b7cee213af79efe1fdd8602f268a3ff3acb063c
 CVE-2025-1483,0,0,76cafe28555a10dbbf45546d6f75e89aec9e95ad54aaa4bc0e47714c7e682b94,2025-02-20T10:15:12.537000
 CVE-2025-1489,0,0,33b499615f5a9d47836021ac5ca54335451238d68926a899e34dbf51c4c427a7,2025-02-21T12:15:30.740000
 CVE-2025-1492,0,0,4cf0d4c2a3031b043d71ffc226830ce9ea797081b5a3ae5a1323a931931fb733,2025-02-20T02:15:38.553000
+CVE-2025-1509,1,1,23e6d59505826ac4948dc80673c03ff2b0aed485111f57186985eb2e5cb2ebc3,2025-02-22T04:15:09.883000
+CVE-2025-1510,1,1,9b376c589154983b1ec02250f9735f4521be8d5584c35e34e9235c478622092f,2025-02-22T04:15:10.040000
 CVE-2025-1535,0,0,c8067c833343598442009f0c070dbd08eddedc896cdd41576fc32acd051fac52,2025-02-21T12:15:30.877000
 CVE-2025-1536,0,0,10f03af38479b02a7f4a530d7c1cc2f1541bce31ead11e490c0a23f9eb3125a3,2025-02-21T15:15:12.270000
 CVE-2025-1537,0,0,f2adfd985c6cb9647b8158d323777cef6f7e47a1a971653763a33752159d0490,2025-02-21T15:15:12.460000
@ -281683,7 +281688,7 @@ CVE-2025-24976,0,0,edf3d8769237d54851dd3a3135d0c605355b9e2500561e211400c75569bec
 CVE-2025-24980,0,0,93f5736ad811fe47d31660fba8d04da062656820cb9c23ad70329bc04caee348,2025-02-07T22:15:14.617000
 CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000
 CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000
-CVE-2025-24989,0,1,e1849e8b3f546849182e37fcf94016f5a84a4f37971480509d065ec521156655,2025-02-22T02:00:01.727000
+CVE-2025-24989,0,0,e1849e8b3f546849182e37fcf94016f5a84a4f37971480509d065ec521156655,2025-02-22T02:00:01.727000
 CVE-2025-25039,0,0,2c724cd99b172314f0551d5e25be43761b6ee80f3cb5f750659e6bd374aa7b28,2025-02-04T19:15:33.977000
 CVE-2025-25054,0,0,bdc6a9739f43c6ee9f7dd792b2a86b688f134fb79a9c00222c307f085f96633f,2025-02-19T06:15:22.010000
 CVE-2025-25055,0,0,7bdf77ab21026e12270a24a96ec203744f408d808d0439c316497fbe0f801ffc,2025-02-18T00:15:21.277000
@ -282032,7 +282037,7 @@ CVE-2025-26788,0,0,1ba864f8ac81a56163abfb386c84050b425d8eb039d7783af9b48ca3d178b
 CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c39a,2025-02-14T08:15:31.357000
 CVE-2025-26791,0,0,26890395366e56c551a6ef36e1b66be0cbc180a8be1a68af298b9b716ff6b5e5,2025-02-14T16:15:37.350000
 CVE-2025-26793,0,0,23a8e0213a0ca1b8120177cee0a8b3703ebe8289aad842eda98d1b97dcb6bf7f,2025-02-15T15:15:23.587000
-CVE-2025-26794,0,1,fe65001567301b62f9f70becffce46b16ab4f6e8292d604a049482502e1fc499,2025-02-22T01:15:10.670000
+CVE-2025-26794,0,0,fe65001567301b62f9f70becffce46b16ab4f6e8292d604a049482502e1fc499,2025-02-22T01:15:10.670000
 CVE-2025-26819,0,0,7afd4e7cb03752c52e5526c11c2ec114770ff5f83e4468a7bb7571814f4cc158,2025-02-15T00:15:28.510000
 CVE-2025-26856,0,0,97d830a9ee806f0ef850d5b5eea5c095e7e2e4dee4401ad5b7fd9fb34c2341f7,2025-02-20T06:15:21.673000
 CVE-2025-27013,0,0,f948cc3f5edcc63c02fbe1aa3ab5587f3b1659a21b1a5f943b19bb040cbb2d15,2025-02-18T20:15:33.880000