Auto-Update: 2024-01-17T07:00:24.295150+00:00

CVE-2024/CVE-2024-04xx/CVE-2024-0405.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-0405",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-17T05:15:08.913",
+  "lastModified": "2024-01-17T05:15:08.913",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-17T05:00:24.589392+00:00
+2024-01-17T07:00:24.295150+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-17T04:15:07.880000+00:00
+2024-01-17T05:15:08.913000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,24 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236177
+236178
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `1`
 
-* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-17T03:15:07.743`)
-* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-17T03:15:07.947`)
-* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-17T03:15:07.997`)
-* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-17T03:15:08.043`)
+* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T05:15:08.913`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-* [CVE-2023-32726](CVE-2023/CVE-2023-327xx/CVE-2023-32726.json) (`2024-01-17T04:15:07.880`)
 
 
 ## Download and Usage