Auto-Update: 2024-02-23T13:16:34.601185+00:00

2025-05-08 03:27:17 +00:00 · 2024-02-23 13:16:38 +00:00 · 2024-02-23 13:16:38 +00:00 · 20a7681377
commit 20a7681377
parent 9c6b1ab491
8 changed files with 347 additions and 24 deletions
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24416.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24416.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-24416",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-02-23T12:15:45.990",
+  "lastModified": "2024-02-23T12:15:45.990",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en Arne Franken All In One Favicon. Este problema afecta a All In One Favicon: desde n/a hasta 4.7."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/all-in-one-favicon/wordpress-all-in-one-favicon-plugin-4-7-arbitrary-file-deletion-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json
+++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-50270",
  "sourceIdentifier": "security@apache.org",
  "published": "2024-02-20T10:15:08.140",
-  "lastModified": "2024-02-20T19:50:53.960",
+  "lastModified": "2024-02-23T11:15:07.823",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -28,10 +28,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://www.openwall.com/lists/oss-security/2024/02/20/3",
-      "source": "security@apache.org"
-    },
    {
      "url": "https://github.com/apache/dolphinscheduler/pull/15219",
      "source": "security@apache.org"
@ -43,6 +39,10 @@
    {
      "url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r",
      "source": "security@apache.org"
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2024/02/20/3",
+      "source": "security@apache.org"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json
+++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1360",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T11:15:08.310",
+  "lastModified": "2024-02-23T11:15:08.310",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    },
+    {
+      "lang": "es",
+      "value": "El tema Colibri WP para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.94 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n colibriwp_install_plugin(). Esto hace posible que atacantes no autenticados instalen complementos recomendados a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://themes.trac.wordpress.org/changeset/218308/colibri-wp/1.0.101/inc/src/PluginsManager.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-13xx/CVE-2024-1361.json
+++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1361.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1361",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T11:15:08.567",
+  "lastModified": "2024-02-23T11:15:08.567",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Colibri Page Builder para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.253 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n apiCall(). Esto hace posible que atacantes no autenticados llamen a un conjunto limitado de funciones que pueden usarse para importar im\u00e1genes, eliminar publicaciones o guardar datos de temas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/extend-builder/api/api.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-13xx/CVE-2024-1362.json
+++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1362.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1362",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-23T11:15:08.750",
+  "lastModified": "2024-02-23T11:15:08.750",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Colibri Page Builder para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.253 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n cp_shortcode_refresh(). Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/src/PageBuilder.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25915.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25915.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-25915",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-02-23T12:15:46.263",
+  "lastModified": "2024-02-23T12:15:46.263",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Raaj Trambadia Pexels: Free Stock Photos. Este problema afecta a Pexels: Free Stock Photos: desde n/a hasta 1.2.2."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/wp-pexels-free-stock-photos/wordpress-pexels-free-stock-photos-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-25928",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-02-23T12:15:46.467",
+  "lastModified": "2024-02-23T12:15:46.467",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Sitepact. Este problema afecta a Sitepact: desde n/a hasta 1.0.5."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-23T11:01:07.133481+00:00
+2024-02-23T13:16:34.601185+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-23T10:15:07.943000+00:00
+2024-02-23T12:15:46.467000+00:00
 ```

 ### Last Data Feed Release
@ -29,33 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-239283
+239289
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `6`

-* [CVE-2023-4826](CVE-2023/CVE-2023-48xx/CVE-2023-4826.json) (`2024-02-23T10:15:07.680`)
-* [CVE-2024-0563](CVE-2024/CVE-2024-05xx/CVE-2024-0563.json) (`2024-02-23T09:15:22.263`)
-* [CVE-2024-1590](CVE-2024/CVE-2024-15xx/CVE-2024-1590.json) (`2024-02-23T10:15:07.757`)
-* [CVE-2024-26593](CVE-2024/CVE-2024-265xx/CVE-2024-26593.json) (`2024-02-23T10:15:07.943`)
+* [CVE-2023-24416](CVE-2023/CVE-2023-244xx/CVE-2023-24416.json) (`2024-02-23T12:15:45.990`)
+* [CVE-2024-1360](CVE-2024/CVE-2024-13xx/CVE-2024-1360.json) (`2024-02-23T11:15:08.310`)
+* [CVE-2024-1361](CVE-2024/CVE-2024-13xx/CVE-2024-1361.json) (`2024-02-23T11:15:08.567`)
+* [CVE-2024-1362](CVE-2024/CVE-2024-13xx/CVE-2024-1362.json) (`2024-02-23T11:15:08.750`)
+* [CVE-2024-25915](CVE-2024/CVE-2024-259xx/CVE-2024-25915.json) (`2024-02-23T12:15:46.263`)
+* [CVE-2024-25928](CVE-2024/CVE-2024-259xx/CVE-2024-25928.json) (`2024-02-23T12:15:46.467`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `10`
+Recently modified CVEs: `1`

-* [CVE-2023-52071](CVE-2023/CVE-2023-520xx/CVE-2023-52071.json) (`2024-02-23T09:15:21.867`)
-* [CVE-2023-52434](CVE-2023/CVE-2023-524xx/CVE-2023-52434.json) (`2024-02-23T09:15:22.130`)
-* [CVE-2023-52435](CVE-2023/CVE-2023-524xx/CVE-2023-52435.json) (`2024-02-23T09:15:22.190`)
-* [CVE-2024-26581](CVE-2024/CVE-2024-265xx/CVE-2024-26581.json) (`2024-02-23T09:15:22.563`)
-* [CVE-2024-26582](CVE-2024/CVE-2024-265xx/CVE-2024-26582.json) (`2024-02-23T09:15:22.617`)
-* [CVE-2024-26583](CVE-2024/CVE-2024-265xx/CVE-2024-26583.json) (`2024-02-23T09:15:22.670`)
-* [CVE-2024-26584](CVE-2024/CVE-2024-265xx/CVE-2024-26584.json) (`2024-02-23T09:15:22.720`)
-* [CVE-2024-26585](CVE-2024/CVE-2024-265xx/CVE-2024-26585.json) (`2024-02-23T09:15:22.770`)
-* [CVE-2024-26586](CVE-2024/CVE-2024-265xx/CVE-2024-26586.json) (`2024-02-23T09:15:22.820`)
-* [CVE-2024-26592](CVE-2024/CVE-2024-265xx/CVE-2024-26592.json) (`2024-02-23T09:15:22.877`)
+* [CVE-2023-50270](CVE-2023/CVE-2023-502xx/CVE-2023-50270.json) (`2024-02-23T11:15:07.823`)


 ## Download and Usage