Auto-Update: 2024-05-18T04:00:37.537745+00:00

2025-07-11 16:13:34 +00:00 · 2024-05-18 04:03:29 +00:00 · 2024-05-18 04:03:29 +00:00 · 2504b0848a
commit 2504b0848a
parent 5209ca98c6
3 changed files with 64 additions and 17 deletions
--- a/CVE-2024/CVE-2024-48xx/CVE-2024-4865.json
+++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4865.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-4865",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-18T03:15:06.340",
+  "lastModified": "2024-05-18T03:15:06.340",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/skills/widget.php#L359",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3087575/happy-elementor-addons/trunk/widgets/skills/widget.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fdf2020-ad80-44c3-89b6-fc2ba067cd33?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-18T02:00:34.282306+00:00
+2024-05-18T04:00:37.537745+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-18T01:00:01.417000+00:00
+2024-05-18T03:15:06.340000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-250622
+250623
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2024-23554](CVE-2024/CVE-2024-235xx/CVE-2024-23554.json) (`2024-05-18T00:15:07.337`)
- [CVE-2024-23556](CVE-2024/CVE-2024-235xx/CVE-2024-23556.json) (`2024-05-18T00:15:07.563`)
- [CVE-2024-4264](CVE-2024/CVE-2024-42xx/CVE-2024-4264.json) (`2024-05-18T00:15:07.777`)
+- [CVE-2024-4865](CVE-2024/CVE-2024-48xx/CVE-2024-4865.json) (`2024-05-18T03:15:06.340`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `0`

- [CVE-2014-100005](CVE-2014/CVE-2014-1000xx/CVE-2014-100005.json) (`2024-05-18T01:00:01.410`)
- [CVE-2021-40655](CVE-2021/CVE-2021-406xx/CVE-2021-40655.json) (`2024-05-18T01:00:01.417`)
- [CVE-2024-4761](CVE-2024/CVE-2024-47xx/CVE-2024-4761.json) (`2024-05-18T01:00:01.417`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -65431,7 +65431,7 @@ CVE-2014-100001,0,0,5ac276f773561ede81fdf5d78f5f9aec96550401150d51d58f3725c5852f
 CVE-2014-100002,0,0,8921e0f8bddadcffe1058a56b9d3e744ce22ecb885550739968d3ae3c51cfe38,2017-09-08T01:29:00.980000
 CVE-2014-100003,0,0,fd19150946d90a65211a0c3e56d9cdd3436a6b5dcf95d8a323104140efd8ba45,2015-03-24T20:49:10.563000
 CVE-2014-100004,0,0,47c1a0aec06e1b21a7cb780e9ea18dde24556b5d20e8e0d0b4da712f7ab2e01c,2018-10-09T19:42:19.983000
-CVE-2014-100005,0,1,f2fd76379650b095140492816c8f4c0dd92568226aeff0c612742c44dc15b38a,2024-05-18T01:00:01.410000
+CVE-2014-100005,0,0,f2fd76379650b095140492816c8f4c0dd92568226aeff0c612742c44dc15b38a,2024-05-18T01:00:01.410000
 CVE-2014-100006,0,0,c8b6db88beaf665688d6d19030fc701c030ca6de66cda1ec9018d81c419a0db8,2017-09-08T01:29:01.153000
 CVE-2014-100007,0,0,dfe4f8f8310fca4b211c10f514b7d0a299ba5a3528d8529bcef77fd45649b5a1,2017-09-08T01:29:01.197000
 CVE-2014-100008,0,0,972a364c0a9a57b38f917faef549ac217c1aefba5e654f9580a992ab41a4b490,2017-09-08T01:29:01.260000
@ -182308,7 +182308,7 @@ CVE-2021-4065,0,0,d1c2dee1cceec2a47ed46ae13670cb804e448d31b858772090684213a0e3e6
 CVE-2021-40650,0,0,da2cf6be4a7856150d7d6a37a5bd557704b5042eb34774dc1111b9c733840443,2022-06-22T20:28:50.433000
 CVE-2021-40651,0,0,d0d1e150724603ddbc53e71d2e422eb56717bc29db07af2c6c7fd1f081acea31,2021-10-07T15:33:47.493000
 CVE-2021-40654,0,0,dd92544ffa979c86aeb15a276793324b64da9bf8e4fa374d7f3aae66aa3c5021,2022-07-12T17:42:04.277000
-CVE-2021-40655,0,1,0e657042524c277c7b599648eaa319d3a7f3a60842f5b4a96a3c7da501eca9ab,2024-05-18T01:00:01.417000
+CVE-2021-40655,0,0,0e657042524c277c7b599648eaa319d3a7f3a60842f5b4a96a3c7da501eca9ab,2024-05-18T01:00:01.417000
 CVE-2021-40656,0,0,772d17f6c68174c6efe9ea7b2c2c3d0660b5c0daea6c415882fd90faa9cc3920,2022-04-14T17:12:14.893000
 CVE-2021-40658,0,0,1a6cef94fbdf0d4ce12fec2dbc5bfbe2f21db2c8b1a373445d6312fbc728e1d9,2023-08-08T14:21:49.707000
 CVE-2021-4066,0,0,264208dc008eaf0ff726ad3e5039031cfc74c0c015a70d61b6acc58a0317cf26,2023-11-07T03:40:09.250000
@ -243191,8 +243191,8 @@ CVE-2024-2355,0,0,0a51a2a710a186fdb374230411114a8239ce2b1547a2a38ea6a9cb999b7bb2
 CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000
 CVE-2024-23551,0,0,96a25e11351f4649a98a4c5ff5524cf1d9d2fddc8f277b1f892661e041d69491,2024-05-08T13:15:00.690000
 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000
-CVE-2024-23554,1,1,a2313e539d4ca7910138d10623b10f09e81165007674fe32e578b73be3403047,2024-05-18T00:15:07.337000
-CVE-2024-23556,1,1,61ede538d9e5a1d196f34d26f777ef5897c1cb1559c1a7b9c782c44133ca707b,2024-05-18T00:15:07.563000
+CVE-2024-23554,0,0,a2313e539d4ca7910138d10623b10f09e81165007674fe32e578b73be3403047,2024-05-18T00:15:07.337000
+CVE-2024-23556,0,0,61ede538d9e5a1d196f34d26f777ef5897c1cb1559c1a7b9c782c44133ca707b,2024-05-18T00:15:07.563000
 CVE-2024-23557,0,0,c1e3777f7706c5637c3babf0c39f0462f9d51e731fae3bfba6c8c968c64a983b,2024-04-19T13:10:25.637000
 CVE-2024-23558,0,0,0e030b3ddee305097ecf13a5fc93f84821f79454ea82e12098abf6fd591f4cb5,2024-04-16T13:24:07.103000
 CVE-2024-23559,0,0,a67d6aa6c2589ae3d37731867bb9f648e4b5d30ad4eba2e61f15676037d7636b,2024-04-15T19:15:09.577000
@ -250225,7 +250225,7 @@ CVE-2024-4255,0,0,fe667b23218914fa44fee4b4c2a7be125396fae9094659c59aa2ca90b0b1e4
 CVE-2024-4256,0,0,f01b9b3012ce7ea24c9894def6f3f1cef49ac09bb4f57d3ed8f552e5b1070b71,2024-05-17T02:40:21.240000
 CVE-2024-4257,0,0,0f6d2313bd719b89d901deefe2dc2f87463055c189b3c018795a055e61e9ea45,2024-05-17T02:40:21.330000
 CVE-2024-4263,0,0,b1f2b30077721ef2ca6e11fb6bda0f0973b13bae19df9c4c6804c151ec0ef6fb,2024-05-16T13:03:05.353000
-CVE-2024-4264,1,1,aeaea6d2ede7a436848950cf8170ba9e53c9b86a55ee2b7dd36fae834e85655b,2024-05-18T00:15:07.777000
+CVE-2024-4264,0,0,aeaea6d2ede7a436848950cf8170ba9e53c9b86a55ee2b7dd36fae834e85655b,2024-05-18T00:15:07.777000
 CVE-2024-4265,0,0,91d38fbd7b9c4ea0cd26c0f2028b5e1f8ee8c7d7e1c2c632d6b17cd2b7b69603,2024-05-02T18:00:37.360000
 CVE-2024-4275,0,0,78dbf52771ddf59505b9222514d00cf39d2cb883e25965ab29139ce3d748873c,2024-05-14T16:11:39.510000
 CVE-2024-4277,0,0,28c68fbd8fbf742ea35db69404ff5cf06f67a7656a1fd7514e44e23e67f2b3ef,2024-05-14T16:11:39.510000
@ -250479,7 +250479,7 @@ CVE-2024-4737,0,0,6b47106c8e4e467fe93f661d18fd2c8748e996259ee5ebdc2860bb0423c37a
 CVE-2024-4738,0,0,a433a0ababe3a5140e81fb002dd302d144dd5ac39a2822f0f1c34736f879eb89,2024-05-17T02:40:36.380000
 CVE-2024-4747,0,0,a3ae6d00ee8ee4bada1688a80cf3dcc71578205e028aa220fe0d295385244b43,2024-05-14T16:11:39.510000
 CVE-2024-4760,0,0,8b9593f0d88cbd24a061db082c8cd5c20f19b8a61431542d1ce576639ef3bdc0,2024-05-16T15:44:44.683000
-CVE-2024-4761,0,1,9a4fc220aa66aa317056eb3996265d546a683fb5652e07b6fa8ab73d0b9164d3,2024-05-18T01:00:01.417000
+CVE-2024-4761,0,0,9a4fc220aa66aa317056eb3996265d546a683fb5652e07b6fa8ab73d0b9164d3,2024-05-18T01:00:01.417000
 CVE-2024-4764,0,0,1ce71353b9d55abf261ec64b79822c804e2d05038b12e07efb15b19542c85283,2024-05-14T19:17:55.627000
 CVE-2024-4765,0,0,940f5000f62119fc819a1c6e56fca66a58cb674478c2a5875e655065b86df5a1,2024-05-14T19:17:55.627000
 CVE-2024-4766,0,0,6686ced7b91e59ba9ceec56c88909b800d529cd7de526bd774b535ba4cd47e6b,2024-05-14T19:17:55.627000
@ -250541,6 +250541,7 @@ CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a562846
 CVE-2024-4855,0,0,bb7758177ed568c219e106881d12c1be9e05abe80abbc1ed8dc52d386d88e25c,2024-05-14T16:11:39.510000
 CVE-2024-4859,0,0,0e7c5125874f1925896116e914ab4a4e3b887f22c447a3549ca2e9da643585d9,2024-05-14T19:17:55.627000
 CVE-2024-4860,0,0,4e8a6a855a2e6e16dad5d91e17b904b6b709d252c51887af538903d405cd55bc,2024-05-14T19:17:55.627000
+CVE-2024-4865,1,1,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000
 CVE-2024-4871,0,0,8ab16008698c56948c2f0ae8cf729bc698d4cce8f05c254b91a2ba1c9d6200d3,2024-05-14T19:17:55.627000
 CVE-2024-4893,0,0,8ffb453add192bbe3edd5219a0cc1fecef136881814a15b6a6fff19e64221c30,2024-05-15T16:40:19.330000
 CVE-2024-4894,0,0,6ac5cb6e261d69ae931137ad62bda7bde45e9f279ec9c4c45067086e1e08f8a1,2024-05-15T16:40:19.330000