Auto-Update: 2024-05-04T10:00:37.429866+00:00

CVE-2023/CVE-2023-70xx/CVE-2023-7065.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-7065",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-04T08:15:06.550",
+  "lastModified": "2024-05-04T08:15:06.550",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080581%40stop-spammer-registrations-plugin&new=3080581%40stop-spammer-registrations-plugin&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-10xx/CVE-2024-1050.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1050",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-04T08:15:06.840",
+  "lastModified": "2024-05-04T08:15:06.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/force-reset-password.php#L64",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3077276%40import-users-from-csv-with-meta&new=3077276%40import-users-from-csv-with-meta&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-05-04T06:00:29.778697+00:00
+2024-05-04T10:00:37.429866+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-05-04T05:15:06.600000+00:00
+2024-05-04T08:15:06.840000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-248591
+248593
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `2`
 
-- [CVE-2024-3237](CVE-2024/CVE-2024-32xx/CVE-2024-3237.json) (`2024-05-04T04:15:08.690`)
-- [CVE-2024-3240](CVE-2024/CVE-2024-32xx/CVE-2024-3240.json) (`2024-05-04T04:15:08.970`)
-- [CVE-2024-34460](CVE-2024/CVE-2024-344xx/CVE-2024-34460.json) (`2024-05-04T05:15:06.497`)
-- [CVE-2024-34461](CVE-2024/CVE-2024-344xx/CVE-2024-34461.json) (`2024-05-04T05:15:06.600`)
+- [CVE-2023-7065](CVE-2023/CVE-2023-70xx/CVE-2023-7065.json) (`2024-05-04T08:15:06.550`)
+- [CVE-2024-1050](CVE-2024/CVE-2024-10xx/CVE-2024-1050.json) (`2024-05-04T08:15:06.840`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -239099,6 +239099,7 @@ CVE-2023-7059,0,0,b6a0dfdf81e1ca56ef4b0edf4432ab50e1975e98e831e1cf3171374b75dbda
 CVE-2023-7060,0,0,870c4c6f56986f33349af68dd953c9d20d9666a23a3fcc4c635253c7bfdfd579,2024-03-17T22:38:29.433000
 CVE-2023-7063,0,0,b4ea8b21168c95c8af14241fc9e5a2534b49b7e49280bde929827672bda636ed,2024-01-30T23:02:10.287000
 CVE-2023-7064,0,0,8841b451446bda90f5d1b860898f9f16106d5b125599e60a20a774054b7927b1,2024-05-02T18:00:37.360000
+CVE-2023-7065,1,1,49371ee15ae23d9fc7a3cbc55a4ca7d9b0d767ca711e2847b3cb900797332252,2024-05-04T08:15:06.550000
 CVE-2023-7067,0,0,a350dd31186102716b3efb773999c9f71f57b3259c75b00fd6977a38349b2a64,2024-05-02T18:00:37.360000
 CVE-2023-7068,0,0,ef1408f6c6fd79c5af19d0633c8238c454cea54fd087b8b89da5773f13dad91a,2024-01-09T20:19:48.597000
 CVE-2023-7069,0,0,76accaf19ff7061689b623859471b6167bfd5be5c4040f161f8f881f1093dc5f,2024-02-07T16:28:40.250000
@@ -240103,6 +240104,7 @@ CVE-2024-1046,0,0,04593d809e4dc181ec893504bde5771d15890d7d13ac640142c747dade4cf5
 CVE-2024-1047,0,0,e96e7a026577614e85a9cd48b2c7dde028c96bb69e07a747ad9c4e24f36cb0c3,2024-02-08T14:20:23.387000
 CVE-2024-1048,0,0,495c8467c0a7d4a693fb459e641fac11f8ccad823f21cf005924b6f372488011,2024-04-30T14:15:14.463000
 CVE-2024-1049,0,0,702f1183a27878b714f97a3e0cfdf1563c3306eb8a17f785c7b1a1586e029403,2024-03-25T01:51:01.223000
+CVE-2024-1050,1,1,c2e5358ea8345aa777934986ebe1975868e8e6909986c16ffdffd23593ca3b93,2024-05-04T08:15:06.840000
 CVE-2024-1051,0,0,9345c0a6e775599660e2c0fec1004a4350e5763beb3848cc0939db67ee25aa7d,2024-04-01T01:12:59.077000
 CVE-2024-1052,0,0,cf5f5c6bda7a4876cbb6b2b3fc9e6319f0131320e8b68a9cc322eb9aae681763,2024-02-15T18:49:40.180000
 CVE-2024-1053,0,0,47a983161efc38cb28d2682fa08d2baacc5d0ed2824df2057fa217999f12681f,2024-02-22T19:07:27.197000
@@ -247483,12 +247485,12 @@ CVE-2024-3235,0,0,87b194ac57d76e3164f790cf262b7f15e5577bfab72d12fd067ebb5070eb75
 CVE-2024-32358,0,0,4361acd373c6387e4e9f8c587956d55ed79588179fa5465dd154715a342d96e5,2024-04-25T17:24:59.967000
 CVE-2024-32359,0,0,403b699a663b5e4769b06b0d18b27b2d1fbe863256efbe1946cb823a1f907308,2024-05-02T18:00:37.360000
 CVE-2024-32368,0,0,e5f9ac1f5e4b7deacae1b8adfb72b39f31c0e06e3a2c110e19b743f4b05d773c,2024-04-22T19:24:12.920000
-CVE-2024-3237,1,1,2ae890d4a2b6b9b9cb87768df331798519234a6fa0e59c936b314949a7c5ccb2,2024-05-04T04:15:08.690000
+CVE-2024-3237,0,0,2ae890d4a2b6b9b9cb87768df331798519234a6fa0e59c936b314949a7c5ccb2,2024-05-04T04:15:08.690000
 CVE-2024-32391,0,0,b9d2ada2509e9e002fcf7fc50c30e5fa24f6bd077b7f0fab83dbe519d76755ce,2024-04-22T13:28:50.310000
 CVE-2024-32392,0,0,e9dc77721f231608117a79f151c9f1e6be5cd7530989658bd3dd67ce41889ce5,2024-04-22T13:28:50.310000
 CVE-2024-32394,0,0,5f3cc70e4b86c8028147d2489cef40fa6c9285878a28bdb0855878990e97443a,2024-04-23T12:52:26.253000
 CVE-2024-32399,0,0,881ee2dd975bc6f828957c741f38d2e9a20065eb3fba67ea84e4e0b7e3e06627,2024-04-23T12:52:30.940000
-CVE-2024-3240,1,1,6c645e642a61c38bcb792ba5b970f32e0b1d60f01bde86dc6fa7e5e52ad91c44,2024-05-04T04:15:08.970000
+CVE-2024-3240,0,0,6c645e642a61c38bcb792ba5b970f32e0b1d60f01bde86dc6fa7e5e52ad91c44,2024-05-04T04:15:08.970000
 CVE-2024-32404,0,0,dd51daa738e86af5cb3559b49847af8b161e8c694a948fb4fd3bf01830c7a4e1,2024-04-26T12:58:17.720000
 CVE-2024-32405,0,0,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000
 CVE-2024-32406,0,0,02ca7a177d496abc3e50a6810f02b9048e8ddb45b883c530d6fb401e9dec18da,2024-04-26T12:58:17.720000
@@ -248169,8 +248171,8 @@ CVE-2024-3445,0,0,c9628f9221624aa27cf7f5ca164e4ed34c93be648ba2ac6a84e0908c02d87f
 CVE-2024-34453,0,0,0e8f149f031d5217568b6c07c56f71b3a1f4f221694525d2a7b6d78ac8d129f1,2024-05-03T18:15:10.160000
 CVE-2024-34455,0,0,1d2aa3de083f43cd70ae96f0d7b0627d4e6a4c2b20f0d2da6ad87efb50de0248,2024-05-03T19:15:07.950000
 CVE-2024-3446,0,0,d41b6ff09ba21a5a975268b5a0441447c6b2bcfd6bedfe0914b9c96867cd290f,2024-04-18T08:15:38.340000
-CVE-2024-34460,1,1,f55c45997cadc3bb62864286d65492b162b99f8e24b8566151735b6e6a70cd2a,2024-05-04T05:15:06.497000
-CVE-2024-34461,1,1,a0ee1d1552fd6ae841473d1f66c127474e4be19544b272b8a13d4a1183e5c33b,2024-05-04T05:15:06.600000
+CVE-2024-34460,0,0,f55c45997cadc3bb62864286d65492b162b99f8e24b8566151735b6e6a70cd2a,2024-05-04T05:15:06.497000
+CVE-2024-34461,0,0,a0ee1d1552fd6ae841473d1f66c127474e4be19544b272b8a13d4a1183e5c33b,2024-05-04T05:15:06.600000
 CVE-2024-3448,0,0,38511310080ef6cbfb33c1721e41ad41c6df0877e6ffcdbf14f478fa1ea7a673,2024-04-10T19:49:51.183000
 CVE-2024-3455,0,0,18e948f1ff2182718852b2ba697f0fa9a8598811bb1c2e87509c3bd543b90a57,2024-04-11T01:26:03.233000
 CVE-2024-3456,0,0,944b33373fddc7621692e3fce6708723c7abc962139d88da65ad0c4ce610f104,2024-04-11T01:26:03.310000