diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7065.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7065.json new file mode 100644 index 00000000000..95d52669953 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7065.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-7065", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-04T08:15:06.550", + "lastModified": "2024-05-04T08:15:06.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080581%40stop-spammer-registrations-plugin&new=3080581%40stop-spammer-registrations-plugin&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1050.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1050.json new file mode 100644 index 00000000000..baf7b4c4e3b --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1050.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1050", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-04T08:15:06.840", + "lastModified": "2024-05-04T08:15:06.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/force-reset-password.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3077276%40import-users-from-csv-with-meta&new=3077276%40import-users-from-csv-with-meta&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 04638de8700..c7fff29feea 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-04T06:00:29.778697+00:00 +2024-05-04T10:00:37.429866+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-04T05:15:06.600000+00:00 +2024-05-04T08:15:06.840000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -248591 +248593 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-3237](CVE-2024/CVE-2024-32xx/CVE-2024-3237.json) (`2024-05-04T04:15:08.690`) -- [CVE-2024-3240](CVE-2024/CVE-2024-32xx/CVE-2024-3240.json) (`2024-05-04T04:15:08.970`) -- [CVE-2024-34460](CVE-2024/CVE-2024-344xx/CVE-2024-34460.json) (`2024-05-04T05:15:06.497`) -- [CVE-2024-34461](CVE-2024/CVE-2024-344xx/CVE-2024-34461.json) (`2024-05-04T05:15:06.600`) +- [CVE-2023-7065](CVE-2023/CVE-2023-70xx/CVE-2023-7065.json) (`2024-05-04T08:15:06.550`) +- [CVE-2024-1050](CVE-2024/CVE-2024-10xx/CVE-2024-1050.json) (`2024-05-04T08:15:06.840`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 920c0544a71..5e37300abfe 100644 --- a/_state.csv +++ b/_state.csv @@ -239099,6 +239099,7 @@ CVE-2023-7059,0,0,b6a0dfdf81e1ca56ef4b0edf4432ab50e1975e98e831e1cf3171374b75dbda CVE-2023-7060,0,0,870c4c6f56986f33349af68dd953c9d20d9666a23a3fcc4c635253c7bfdfd579,2024-03-17T22:38:29.433000 CVE-2023-7063,0,0,b4ea8b21168c95c8af14241fc9e5a2534b49b7e49280bde929827672bda636ed,2024-01-30T23:02:10.287000 CVE-2023-7064,0,0,8841b451446bda90f5d1b860898f9f16106d5b125599e60a20a774054b7927b1,2024-05-02T18:00:37.360000 +CVE-2023-7065,1,1,49371ee15ae23d9fc7a3cbc55a4ca7d9b0d767ca711e2847b3cb900797332252,2024-05-04T08:15:06.550000 CVE-2023-7067,0,0,a350dd31186102716b3efb773999c9f71f57b3259c75b00fd6977a38349b2a64,2024-05-02T18:00:37.360000 CVE-2023-7068,0,0,ef1408f6c6fd79c5af19d0633c8238c454cea54fd087b8b89da5773f13dad91a,2024-01-09T20:19:48.597000 CVE-2023-7069,0,0,76accaf19ff7061689b623859471b6167bfd5be5c4040f161f8f881f1093dc5f,2024-02-07T16:28:40.250000 @@ -240103,6 +240104,7 @@ CVE-2024-1046,0,0,04593d809e4dc181ec893504bde5771d15890d7d13ac640142c747dade4cf5 CVE-2024-1047,0,0,e96e7a026577614e85a9cd48b2c7dde028c96bb69e07a747ad9c4e24f36cb0c3,2024-02-08T14:20:23.387000 CVE-2024-1048,0,0,495c8467c0a7d4a693fb459e641fac11f8ccad823f21cf005924b6f372488011,2024-04-30T14:15:14.463000 CVE-2024-1049,0,0,702f1183a27878b714f97a3e0cfdf1563c3306eb8a17f785c7b1a1586e029403,2024-03-25T01:51:01.223000 +CVE-2024-1050,1,1,c2e5358ea8345aa777934986ebe1975868e8e6909986c16ffdffd23593ca3b93,2024-05-04T08:15:06.840000 CVE-2024-1051,0,0,9345c0a6e775599660e2c0fec1004a4350e5763beb3848cc0939db67ee25aa7d,2024-04-01T01:12:59.077000 CVE-2024-1052,0,0,cf5f5c6bda7a4876cbb6b2b3fc9e6319f0131320e8b68a9cc322eb9aae681763,2024-02-15T18:49:40.180000 CVE-2024-1053,0,0,47a983161efc38cb28d2682fa08d2baacc5d0ed2824df2057fa217999f12681f,2024-02-22T19:07:27.197000 @@ -247483,12 +247485,12 @@ CVE-2024-3235,0,0,87b194ac57d76e3164f790cf262b7f15e5577bfab72d12fd067ebb5070eb75 CVE-2024-32358,0,0,4361acd373c6387e4e9f8c587956d55ed79588179fa5465dd154715a342d96e5,2024-04-25T17:24:59.967000 CVE-2024-32359,0,0,403b699a663b5e4769b06b0d18b27b2d1fbe863256efbe1946cb823a1f907308,2024-05-02T18:00:37.360000 CVE-2024-32368,0,0,e5f9ac1f5e4b7deacae1b8adfb72b39f31c0e06e3a2c110e19b743f4b05d773c,2024-04-22T19:24:12.920000 -CVE-2024-3237,1,1,2ae890d4a2b6b9b9cb87768df331798519234a6fa0e59c936b314949a7c5ccb2,2024-05-04T04:15:08.690000 +CVE-2024-3237,0,0,2ae890d4a2b6b9b9cb87768df331798519234a6fa0e59c936b314949a7c5ccb2,2024-05-04T04:15:08.690000 CVE-2024-32391,0,0,b9d2ada2509e9e002fcf7fc50c30e5fa24f6bd077b7f0fab83dbe519d76755ce,2024-04-22T13:28:50.310000 CVE-2024-32392,0,0,e9dc77721f231608117a79f151c9f1e6be5cd7530989658bd3dd67ce41889ce5,2024-04-22T13:28:50.310000 CVE-2024-32394,0,0,5f3cc70e4b86c8028147d2489cef40fa6c9285878a28bdb0855878990e97443a,2024-04-23T12:52:26.253000 CVE-2024-32399,0,0,881ee2dd975bc6f828957c741f38d2e9a20065eb3fba67ea84e4e0b7e3e06627,2024-04-23T12:52:30.940000 -CVE-2024-3240,1,1,6c645e642a61c38bcb792ba5b970f32e0b1d60f01bde86dc6fa7e5e52ad91c44,2024-05-04T04:15:08.970000 +CVE-2024-3240,0,0,6c645e642a61c38bcb792ba5b970f32e0b1d60f01bde86dc6fa7e5e52ad91c44,2024-05-04T04:15:08.970000 CVE-2024-32404,0,0,dd51daa738e86af5cb3559b49847af8b161e8c694a948fb4fd3bf01830c7a4e1,2024-04-26T12:58:17.720000 CVE-2024-32405,0,0,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000 CVE-2024-32406,0,0,02ca7a177d496abc3e50a6810f02b9048e8ddb45b883c530d6fb401e9dec18da,2024-04-26T12:58:17.720000 @@ -248169,8 +248171,8 @@ CVE-2024-3445,0,0,c9628f9221624aa27cf7f5ca164e4ed34c93be648ba2ac6a84e0908c02d87f CVE-2024-34453,0,0,0e8f149f031d5217568b6c07c56f71b3a1f4f221694525d2a7b6d78ac8d129f1,2024-05-03T18:15:10.160000 CVE-2024-34455,0,0,1d2aa3de083f43cd70ae96f0d7b0627d4e6a4c2b20f0d2da6ad87efb50de0248,2024-05-03T19:15:07.950000 CVE-2024-3446,0,0,d41b6ff09ba21a5a975268b5a0441447c6b2bcfd6bedfe0914b9c96867cd290f,2024-04-18T08:15:38.340000 -CVE-2024-34460,1,1,f55c45997cadc3bb62864286d65492b162b99f8e24b8566151735b6e6a70cd2a,2024-05-04T05:15:06.497000 -CVE-2024-34461,1,1,a0ee1d1552fd6ae841473d1f66c127474e4be19544b272b8a13d4a1183e5c33b,2024-05-04T05:15:06.600000 +CVE-2024-34460,0,0,f55c45997cadc3bb62864286d65492b162b99f8e24b8566151735b6e6a70cd2a,2024-05-04T05:15:06.497000 +CVE-2024-34461,0,0,a0ee1d1552fd6ae841473d1f66c127474e4be19544b272b8a13d4a1183e5c33b,2024-05-04T05:15:06.600000 CVE-2024-3448,0,0,38511310080ef6cbfb33c1721e41ad41c6df0877e6ffcdbf14f478fa1ea7a673,2024-04-10T19:49:51.183000 CVE-2024-3455,0,0,18e948f1ff2182718852b2ba697f0fa9a8598811bb1c2e87509c3bd543b90a57,2024-04-11T01:26:03.233000 CVE-2024-3456,0,0,944b33373fddc7621692e3fce6708723c7abc962139d88da65ad0c4ce610f104,2024-04-11T01:26:03.310000