Auto-Update: 2024-07-20T14:00:18.474974+00:00

2025-05-07 03:02:20 +00:00 · 2024-07-20 14:03:12 +00:00 · 2024-07-20 14:03:12 +00:00 · 25a856295a
commit 25a856295a
parent a69c0969a1
3 changed files with 80 additions and 8 deletions
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6848.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6848.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-6848",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T12:15:02.203",
+  "lastModified": "2024-07-20T12:15:02.203",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/BoldGrid/post-and-page-builder/issues/612",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://github.com/BoldGrid/post-and-page-builder/pull/613/commits/64c33a6d0c9dbb0151d3af5fee9e026df6c5a2f6",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/post-and-page-builder/tags/1.26.6/includes/class-boldgrid-editor-ajax.php#L372",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/post-and-page-builder/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-20T12:00:18.636818+00:00
+2024-07-20T14:00:18.474974+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-20T10:15:03.693000+00:00
+2024-07-20T12:15:02.203000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-257602
+257603
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `1`

- [CVE-2024-37561](CVE-2024/CVE-2024-375xx/CVE-2024-37561.json) (`2024-07-20T10:15:02.317`)
- [CVE-2024-37562](CVE-2024/CVE-2024-375xx/CVE-2024-37562.json) (`2024-07-20T10:15:03.693`)
+- [CVE-2024-6848](CVE-2024/CVE-2024-68xx/CVE-2024-6848.json) (`2024-07-20T12:15:02.203`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -254181,8 +254181,8 @@ CVE-2024-37554,0,0,f21873c8cc723d73a5be37e43f70a0cc0c9c1c460efddd02b4e8ae7999da0
 CVE-2024-37555,0,0,1644327e39d431b11dca9e571309a66e1f1bfd16300400fc24b3c08e5496ae7a,2024-07-17T18:11:44.260000
 CVE-2024-3756,0,0,9f6325e6bf8bb208b4e2ee6674c7d5cde657d33007cb72c8f23cf7232b49431b,2024-07-03T02:06:32.530000
 CVE-2024-37560,0,0,6a6c51fd8ffab166572e38f12a64292826710da41d309700e65eba27d6039e12,2024-07-12T16:34:58.687000
-CVE-2024-37561,1,1,0405b7eb3c2a88adb1f9f2422287724c3691f1b5713897cb81a5d6a19c5659cd,2024-07-20T10:15:02.317000
-CVE-2024-37562,1,1,05faa8651779b19e9c3a157be681debeb6c57ef6741b0ef905b5805876281537,2024-07-20T10:15:03.693000
+CVE-2024-37561,0,0,0405b7eb3c2a88adb1f9f2422287724c3691f1b5713897cb81a5d6a19c5659cd,2024-07-20T10:15:02.317000
+CVE-2024-37562,0,0,05faa8651779b19e9c3a157be681debeb6c57ef6741b0ef905b5805876281537,2024-07-20T10:15:03.693000
 CVE-2024-37563,0,0,a7bcd96a6802b29647c5e435ca1284679a741b47b6a577c5570f8fbd48279954,2024-07-20T09:15:03.410000
 CVE-2024-37564,0,0,e7a776936a19636d3a76b462e4343d760a6a25be8bce1ad25bb7880ea2c1908a,2024-07-12T16:34:58.687000
 CVE-2024-37565,0,0,cd29cd59b4dcb71dc162aeacd38887a129251b9b27b2c600691182e5d9abdecb,2024-07-20T09:15:03.780000
@ -257588,6 +257588,7 @@ CVE-2024-6808,0,0,2df5a702fa4af6687f0c8dc8e100812ff9b6b346801edb239f41e0ca638c00
 CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7fb,2024-07-18T12:28:43.707000
 CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a94672,2024-07-18T12:28:43.707000
 CVE-2024-6834,0,0,9b06026f568f95c4c2a4be9208340b1bc5ab27fea601ce9296ee0a0b671ec68d,2024-07-18T12:28:43.707000
+CVE-2024-6848,1,1,922eb113f4cfc11e5ffa9af297f7fb5669e378c5a17e85300d1ded82680e8f73,2024-07-20T12:15:02.203000
 CVE-2024-6895,0,0,0c486e88c5dc57ed2713d59c6e5f599844da09fd6e820a24b10235451464145d,2024-07-19T15:15:10.547000
 CVE-2024-6898,0,0,98dae2dc951da0c9f1ac4e695a7ad38573b2abb15f5508f51642ed9635c194c6,2024-07-19T13:01:44.567000
 CVE-2024-6899,0,0,862a9d8e40eab426823cca194fdd307dafe70d2837c62b14a818c2e38cfb311c,2024-07-19T13:01:44.567000