From 2f4cd6f5247cf2e01e7ead75251b48af014fab38 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 12 Sep 2024 08:03:16 +0000 Subject: [PATCH] Auto-Update: 2024-09-12T08:00:16.753299+00:00 --- CVE-2024/CVE-2024-31xx/CVE-2024-3163.json | 21 ++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38688.json | 54 ++------------------- CVE-2024/CVE-2024-57xx/CVE-2024-5799.json | 21 ++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6017.json | 21 ++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6018.json | 21 ++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6019.json | 21 ++++++++ CVE-2024/CVE-2024-68xx/CVE-2024-6887.json | 21 ++++++++ CVE-2024/CVE-2024-77xx/CVE-2024-7766.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7816.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7817.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7818.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7820.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7822.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7859.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7860.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7861.json | 21 ++++++++ CVE-2024/CVE-2024-78xx/CVE-2024-7862.json | 21 ++++++++ CVE-2024/CVE-2024-80xx/CVE-2024-8054.json | 21 ++++++++ CVE-2024/CVE-2024-80xx/CVE-2024-8056.json | 21 ++++++++ README.md | 31 +++++++++--- _state.csv | 24 +++++++-- 21 files changed, 428 insertions(+), 59 deletions(-) create mode 100644 CVE-2024/CVE-2024-31xx/CVE-2024-3163.json create mode 100644 CVE-2024/CVE-2024-57xx/CVE-2024-5799.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6017.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6018.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6019.json create mode 100644 CVE-2024/CVE-2024-68xx/CVE-2024-6887.json create mode 100644 CVE-2024/CVE-2024-77xx/CVE-2024-7766.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7816.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7817.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7818.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7820.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7822.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7859.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7860.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7861.json create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7862.json create mode 100644 CVE-2024/CVE-2024-80xx/CVE-2024-8054.json create mode 100644 CVE-2024/CVE-2024-80xx/CVE-2024-8056.json diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json new file mode 100644 index 00000000000..87b7c1b2630 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3163.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-3163", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:23.607", + "lastModified": "2024-09-12T06:15:23.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/f89c8654-5486-4939-880d-101f33d359c0/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38688.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38688.json index 5fe48a3cc43..5c75d15a0ab 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38688.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38688.json @@ -2,59 +2,15 @@ "id": "CVE-2024-38688", "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-13T10:15:06.677", - "lastModified": "2024-08-13T15:15:17.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-12T07:15:04.813", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6." - }, - { - "lang": "es", - "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Recipe Maker For Your Food Blog de Zip Recipes de Igor Beni? permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Recipe Maker For Your Food Blog de Zip Recipes: desde n/a hasta 8.2.6." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "audit@patchstack.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" - }, - "exploitabilityScore": 3.9, - "impactScore": 1.4 - } - ] - }, - "weaknesses": [ - { - "source": "audit@patchstack.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-862" - } - ] - } - ], - "references": [ - { - "url": "https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-2-6-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json new file mode 100644 index 00000000000..402a2b16a03 --- /dev/null +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5799.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-5799", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:23.777", + "lastModified": "2024-09-12T06:15:23.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/3ee3023a-541c-40e6-8d62-24b4b110633c/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json new file mode 100644 index 00000000000..50f56a9fb8c --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6017.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-6017", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:23.850", + "lastModified": "2024-09-12T06:15:23.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/06d0559e-4389-4280-bbef-d100c0e07903/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json new file mode 100644 index 00000000000..723ac380e65 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6018.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-6018", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:23.920", + "lastModified": "2024-09-12T06:15:23.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c3f50e30-c7c5-4e7e-988c-ab884d75870b/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json new file mode 100644 index 00000000000..b5e6083ed7e --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6019.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-6019", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.000", + "lastModified": "2024-09-12T06:15:24.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json new file mode 100644 index 00000000000..48be009d853 --- /dev/null +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6887.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-6887", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.293", + "lastModified": "2024-09-12T06:15:24.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/553806f4-da20-433c-8c19-35e6c87ccade/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json new file mode 100644 index 00000000000..2d1d4888783 --- /dev/null +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7766.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7766", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.363", + "lastModified": "2024-09-12T06:15:24.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/ca4d629e-ab55-4e5d-80c9-fddbc9c97259/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json new file mode 100644 index 00000000000..90339fa5860 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7816.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7816", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.440", + "lastModified": "2024-09-12T06:15:24.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/f610c4a5-ccde-4305-93e0-3c6f50c741ee/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json new file mode 100644 index 00000000000..1e800935ec7 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7817.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7817", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.503", + "lastModified": "2024-09-12T06:15:24.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/ab09e5a3-f5ea-479f-be2d-366f8707775e/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json new file mode 100644 index 00000000000..8a554bcde23 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7818.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7818", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.570", + "lastModified": "2024-09-12T06:15:24.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/3d2263b9-e1e7-4e86-8475-5e468eef1826/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json new file mode 100644 index 00000000000..caffa451a80 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7820.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7820", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.633", + "lastModified": "2024-09-12T06:15:24.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/31b2c97b-2458-43ee-93db-e57968ac8455/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json new file mode 100644 index 00000000000..c2d956cb462 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7822.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7822", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.713", + "lastModified": "2024-09-12T06:15:24.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json new file mode 100644 index 00000000000..172f74d5bb9 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7859.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7859", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.783", + "lastModified": "2024-09-12T06:15:24.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/88cacd47-d900-478c-b833-c6c55fd4b082/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json new file mode 100644 index 00000000000..4c17c6c6d87 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7860.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7860", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.853", + "lastModified": "2024-09-12T06:15:24.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/584156d7-928e-48c9-8b81-539ccb06f3f5/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json new file mode 100644 index 00000000000..587275362bc --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7861.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7861", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:24.933", + "lastModified": "2024-09-12T06:15:24.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/df9aa795-ba16-4806-b01a-311f80aa52c0/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json new file mode 100644 index 00000000000..5d74dfef30a --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7862.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-7862", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:25.003", + "lastModified": "2024-09-12T06:15:25.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json new file mode 100644 index 00000000000..f6854939b4a --- /dev/null +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8054.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-8054", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:25.077", + "lastModified": "2024-09-12T06:15:25.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/f27deffc-9555-44bf-8dee-1891c210ecfd/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json new file mode 100644 index 00000000000..63ac19c76b1 --- /dev/null +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8056.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-8056", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-09-12T06:15:25.140", + "lastModified": "2024-09-12T06:15:25.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/203b8122-f1e5-4e9e-ba83-f5cd59d8a289/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9f5cd4b3ed0..1aa63b48ebf 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-12T06:00:16.865198+00:00 +2024-09-12T08:00:16.753299+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-12T05:15:05.053000+00:00 +2024-09-12T07:15:04.813000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262615 +262633 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `18` -- [CVE-2024-45624](CVE-2024/CVE-2024-456xx/CVE-2024-45624.json) (`2024-09-12T05:15:05.053`) -- [CVE-2024-8711](CVE-2024/CVE-2024-87xx/CVE-2024-8711.json) (`2024-09-12T04:15:07.283`) +- [CVE-2024-3163](CVE-2024/CVE-2024-31xx/CVE-2024-3163.json) (`2024-09-12T06:15:23.607`) +- [CVE-2024-5799](CVE-2024/CVE-2024-57xx/CVE-2024-5799.json) (`2024-09-12T06:15:23.777`) +- [CVE-2024-6017](CVE-2024/CVE-2024-60xx/CVE-2024-6017.json) (`2024-09-12T06:15:23.850`) +- [CVE-2024-6018](CVE-2024/CVE-2024-60xx/CVE-2024-6018.json) (`2024-09-12T06:15:23.920`) +- [CVE-2024-6019](CVE-2024/CVE-2024-60xx/CVE-2024-6019.json) (`2024-09-12T06:15:24.000`) +- [CVE-2024-6887](CVE-2024/CVE-2024-68xx/CVE-2024-6887.json) (`2024-09-12T06:15:24.293`) +- [CVE-2024-7766](CVE-2024/CVE-2024-77xx/CVE-2024-7766.json) (`2024-09-12T06:15:24.363`) +- [CVE-2024-7816](CVE-2024/CVE-2024-78xx/CVE-2024-7816.json) (`2024-09-12T06:15:24.440`) +- [CVE-2024-7817](CVE-2024/CVE-2024-78xx/CVE-2024-7817.json) (`2024-09-12T06:15:24.503`) +- [CVE-2024-7818](CVE-2024/CVE-2024-78xx/CVE-2024-7818.json) (`2024-09-12T06:15:24.570`) +- [CVE-2024-7820](CVE-2024/CVE-2024-78xx/CVE-2024-7820.json) (`2024-09-12T06:15:24.633`) +- [CVE-2024-7822](CVE-2024/CVE-2024-78xx/CVE-2024-7822.json) (`2024-09-12T06:15:24.713`) +- [CVE-2024-7859](CVE-2024/CVE-2024-78xx/CVE-2024-7859.json) (`2024-09-12T06:15:24.783`) +- [CVE-2024-7860](CVE-2024/CVE-2024-78xx/CVE-2024-7860.json) (`2024-09-12T06:15:24.853`) +- [CVE-2024-7861](CVE-2024/CVE-2024-78xx/CVE-2024-7861.json) (`2024-09-12T06:15:24.933`) +- [CVE-2024-7862](CVE-2024/CVE-2024-78xx/CVE-2024-7862.json) (`2024-09-12T06:15:25.003`) +- [CVE-2024-8054](CVE-2024/CVE-2024-80xx/CVE-2024-8054.json) (`2024-09-12T06:15:25.077`) +- [CVE-2024-8056](CVE-2024/CVE-2024-80xx/CVE-2024-8056.json) (`2024-09-12T06:15:25.140`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-38688](CVE-2024/CVE-2024-386xx/CVE-2024-38688.json) (`2024-09-12T07:15:04.813`) ## Download and Usage diff --git a/_state.csv b/_state.csv index bab875d8969..2210a1cd260 100644 --- a/_state.csv +++ b/_state.csv @@ -251167,6 +251167,7 @@ CVE-2024-31626,0,0,6d48ca244a7fb039538d6e9b26f71170e207ffafb08843b89ee3ec2f370dd CVE-2024-31627,0,0,5c857ff477019105381749492d85a34695636b9db0c5f4e905fef7028afdac5f,2024-06-05T17:15:12.817000 CVE-2024-31628,0,0,d1e1002cfeaa20bb2521d6174b8a95169d4f2c09dd222e852d091ee789ef0ab3,2024-06-05T17:15:12.890000 CVE-2024-31629,0,0,553c81e4d5a1720d369cb037cd3d3fdc00a0ab2d6da0b4add50845296fba4630,2024-06-05T17:15:12.960000 +CVE-2024-3163,1,1,174abdcc9978344f04f1da65a7753af1ea6cffa4df2b8fac0f8361f34430be11,2024-09-12T06:15:23.607000 CVE-2024-31630,0,0,2bd16e3fcef7bda0b7ed937f45148dde60c59ea9d09224ef4dc76dc8aeb1eb7a,2024-06-05T17:15:13.040000 CVE-2024-31631,0,0,189299e833a9bdec5625f34c9b7af7b60646f6c7b2cd4586dea999ec400d5e00,2024-06-05T17:15:13.130000 CVE-2024-31634,0,0,cd6336332928e139372eaeb7f2fa7bd12555d147721492304ddeef71595ef37a,2024-04-16T13:24:07.103000 @@ -256111,7 +256112,7 @@ CVE-2024-38684,0,0,de2604bb564cc434d07df81940a8260c4b3d699e13c5c4b0afa4745c84869 CVE-2024-38685,0,0,59bac4b8404d77f8fc1c0cdc9fe4021b8e96d3d207cf1a68dc260c160fc894d5,2024-07-22T13:00:53.287000 CVE-2024-38686,0,0,ca8f4f25ca8d3ba06f67bdacb6029bd19890f07767fdf9ef77f98e4bafb70469,2024-07-22T13:00:53.287000 CVE-2024-38687,0,0,f0cff34686afd44d154a8ccd7570e1d62449845a805d2513aece2d14a15ffa23,2024-07-22T13:00:53.287000 -CVE-2024-38688,0,0,6c1e1c63760b8f330227267f950d647098745020ef3d161e16c9e453d5d4832a,2024-08-13T15:15:17.783000 +CVE-2024-38688,0,1,c5b30a411c671b0fd64a758fbbc25ac95f365e054aa5766ce55f55714b200b96,2024-09-12T07:15:04.813000 CVE-2024-38689,0,0,0d7351b68eb1ca333a04fe4331d97d8f3d9e657db2a8d3347ae1c4f5a70fdfb8,2024-07-22T13:00:53.287000 CVE-2024-3869,0,0,48f9071a6f5d125b2c43fec069da722b087f824997b9c50ca7b95aad4aebfb77,2024-04-16T13:24:07.103000 CVE-2024-38692,0,0,761911cf70aa71c41ae3228fdbacf4aede8e08f3f941d9d59231e75b06896f24,2024-08-14T16:48:07.087000 @@ -259581,7 +259582,7 @@ CVE-2024-45620,0,0,79d0fcf4ffd9e5c58086135dfac2f9737c74cc4ac6ac6ca9de004adbc8816 CVE-2024-45621,0,0,14a519a8f510b3c3b7a6df78c35235d4501d8bcffdb6cf42158adb38aa1e44bd,2024-09-03T12:59:02.453000 CVE-2024-45622,0,0,a33339926b8b20e966e52f22a13007f367a7fdd9b0655040e29ed073b9b76629,2024-09-03T16:35:09.647000 CVE-2024-45623,0,0,6e76d49f362c221a481237923ca3f07ce122524ae0700d93b755e69d33328599,2024-09-03T15:35:15.360000 -CVE-2024-45624,1,1,6deb1f743ecbf0a05af80b5d695a67815e1f56e9cc1ab1eb300aa1d9ef9be977,2024-09-12T05:15:05.053000 +CVE-2024-45624,0,0,6deb1f743ecbf0a05af80b5d695a67815e1f56e9cc1ab1eb300aa1d9ef9be977,2024-09-12T05:15:05.053000 CVE-2024-45625,0,0,3e5f2d639aef0e82608d7bd80d0e32d86a25b4046e30921cb8739a9c3be44b6a,2024-09-10T11:19:40.113000 CVE-2024-4563,0,0,a90af34c00297497a78ff72a2c306ea2262a49c5811c3b8bcaed5ddcefc9b6fb,2024-05-23T16:15:08.867000 CVE-2024-4564,0,0,045273651cbda7642192b25b1ce14ee6220cb16969b1d2c569252c03c480a950,2024-06-13T18:36:09.013000 @@ -260677,6 +260678,7 @@ CVE-2024-5793,0,0,4f7c09f8feed484d3c3bfde7191aecbd9210e86e918c2f39cfc1ec374b1fc0 CVE-2024-5795,0,0,f96bd55511ad8d513f3ec0decf8876ed6554642b2cf81135dc3a93534acc202d,2024-07-17T13:34:20.520000 CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000 CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000 +CVE-2024-5799,1,1,8203dcf95c26df33ce0a7053fb4405bc34019c927ff1c57f9f4a7a75ea4d9ce3,2024-09-12T06:15:23.777000 CVE-2024-5800,0,0,a1cb578d92a5ce21abf5c6c3a9df30d0f15dec959b83eaaecf5cab603de30571,2024-08-12T13:41:36.517000 CVE-2024-5801,0,0,668584c28d68f34806b15aa23a003fb18ba18cb7fb2d24326345f03f0e3dd0a3,2024-08-12T13:41:36.517000 CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000 @@ -260852,6 +260854,9 @@ CVE-2024-6013,0,0,dd5aadcad9485c7b63e2c76668a62eba788e1248615fab9fd06bf5aaf41af2 CVE-2024-6014,0,0,6f9e64ff8fbf43e19b3d7e24c13ad8adc071c58e85b8bf9a829322ea55abcf8f,2024-07-19T14:18:17.607000 CVE-2024-6015,0,0,c2460029f18cca819988d11dbd49466b5328ee3d26de8c6ec6e0519debb7ea98,2024-07-19T14:13:10.463000 CVE-2024-6016,0,0,db11fa4e2db5dca1bf67cd82c1ae54777d6d6de86c83abed9806f80a5c1a5385,2024-07-19T14:02:04.600000 +CVE-2024-6017,1,1,cdae3d38b0c467da2c075691c4b358410a7e16f809914fef470e291d3e5b5e14,2024-09-12T06:15:23.850000 +CVE-2024-6018,1,1,cf01cbe3f3d6a0df81330790733d4b0397ca9aee602c9cfe3f77e38a69acc639,2024-09-12T06:15:23.920000 +CVE-2024-6019,1,1,0a7a3a8b629034b06ca029439b922d1910cebce56fbe2fdc65d3d0c7d6157ae8,2024-09-12T06:15:24 CVE-2024-6020,0,0,074b02a1424aae1978150f09e7d5889851f8afbaedf8d5213fe33ca18fe17c85,2024-09-04T15:35:25.307000 CVE-2024-6021,0,0,89bc3fbda68691de22c48372ad0a77a2b4849fdf02c26c23812a34a3700d835a,2024-08-01T14:00:08.097000 CVE-2024-6022,0,0,55d2fd1c662113ade487c32b8dfaf0e98bea6d5629f505bd14ff7aba829d2368,2024-08-02T19:46:23.360000 @@ -261512,6 +261517,7 @@ CVE-2024-6883,0,0,17af31f8537d0ebfdcc29735e63f85da6d525c783f08d8df80e6d71ccea2f1 CVE-2024-6884,0,0,02f1ddb5da314dd396e2205aa21249cb1d9497ae10f450ff628522b4f22bdeac,2024-08-08T19:35:22.760000 CVE-2024-6885,0,0,820342a8aad3354940c223afe57157bbf13eee743fbe19265a63d35dde973086,2024-07-24T12:55:13.223000 CVE-2024-6886,0,0,fbca102ce434786c03a8469f687e67e8b7739ad3b6f0519e88d819189fb30d7c,2024-08-06T16:30:24.547000 +CVE-2024-6887,1,1,b74418a21ac170123f343f7cafcc0acceeb78365e36de71c876b563a063b85d1,2024-09-12T06:15:24.293000 CVE-2024-6888,0,0,7821f6ad756a40ba9974e9367cfa80ba14bf6ad061fb58534103c07dbd9c83c7,2024-09-04T15:35:25.820000 CVE-2024-6889,0,0,0d71ba8db5d6e12f2200830434e214b33ddf0e478787afb192cd93b07991608f,2024-09-04T15:35:26.040000 CVE-2024-6890,0,0,a4b61d6d84db517405e5620d04c7a39034adaee98aaff7a0c1a327ff7affb43d,2024-08-08T20:53:15.917000 @@ -262153,6 +262159,7 @@ CVE-2024-7752,0,0,a2329e23410b1feec53d6ea38469016e280edd824b17c574fc21bf18179470 CVE-2024-7753,0,0,8d87f0b2095698ec5201c016f27ad170e6b85d6a83cdb1acca64ef97e59384ac,2024-08-19T17:47:49.083000 CVE-2024-7754,0,0,aa642088260d14c06ef027c5ebe72633a842f86ac8e6448a2c0c42d526be8fa5,2024-08-19T17:48:15.203000 CVE-2024-7757,0,0,ca7d079474a8e4f4b2f55e1721105da3a15a9e1d63f2bd4356eaaa03e8d55f39,2024-08-21T09:15:04.973000 +CVE-2024-7766,1,1,53a5e5cb949337b78b8cdbafd205ab4bd6b1c20f5b939ecdbc32d7ea2f41cf9d,2024-09-12T06:15:24.363000 CVE-2024-7770,0,0,050ca25dc9f9b4d1ecb0313871198cecedaeb8fddc305a81bf31aa56f8757cc5,2024-09-10T12:09:50.377000 CVE-2024-7775,0,0,e75f99322bf942cd40c2d94981e16e48a8ebca7abec8ba8da6e02adea2112f97,2024-08-26T18:18:22.887000 CVE-2024-7777,0,0,4a2d78b8605a3d4db2907c7fe28bc447e2c0379246d7b81936de12aa55ddf523,2024-08-26T18:19:19.507000 @@ -262180,7 +262187,12 @@ CVE-2024-7812,0,0,7d23c7651a18766135526d086e05755f7342e9775f0f39e533e1590484eb2e CVE-2024-7813,0,0,660725c7439a0ec1a8a527e4f36d939d7005bd8e1713b07e4bd27cf3728c3f7f,2024-08-19T18:16:48.327000 CVE-2024-7814,0,0,77d672b90a1329b486901cf23b6e584004769dc821cc49b3c03fcd61d7b51c38,2024-08-19T18:31:16.473000 CVE-2024-7815,0,0,414a9ddc4da9ca2a40da2f6f1d9c0348a16eb40238a0ca5a655b1ae9bc8cc665,2024-08-19T18:32:00.617000 +CVE-2024-7816,1,1,71567a8548aa0b4ba3428813fd34ea55dc41eb1e8298a4f5d17fc118fcb0e25e,2024-09-12T06:15:24.440000 +CVE-2024-7817,1,1,4e48edbd983324e46f2ca0024d95d7f1c27a62d87b22216983ff17fb3a1be732,2024-09-12T06:15:24.503000 +CVE-2024-7818,1,1,06e7ffe97669191eaaf93f8063137006b239f8338d4e93bc4bebf912b2a78224,2024-09-12T06:15:24.570000 +CVE-2024-7820,1,1,2a905d25663382d9fbfd72f00ae0e06bcb758ec53467c32718a642fb0cb2bcf3,2024-09-12T06:15:24.633000 CVE-2024-7821,0,0,a6cbf4229b3ac9caad2c13358d94e9d25b2f946f0353199ff2ed2717953ff2a4,2024-09-04T10:15:03.553000 +CVE-2024-7822,1,1,4a46b5d6e899586d6f08272f4ca2a4dd204611bee9951f2a9995f6a23a87c1e0,2024-09-12T06:15:24.713000 CVE-2024-7827,0,0,20afe3aa4a313fb97b1d97a1cbf5257a0701f273bd3d99d4148b86bfbef51981,2024-08-20T15:44:20.567000 CVE-2024-7828,0,0,e3115575bb7dae7cb27cdf5edd1f5d03fa0744cba105509a33368f4e132d9ca7,2024-08-19T18:33:17.583000 CVE-2024-7829,0,0,3634da4931045efa2221e4dd20ed9805c5f347e47423b6602d3467d4b2db62e9,2024-08-19T18:34:00.040000 @@ -262207,6 +262219,10 @@ CVE-2024-7854,0,0,c7d42abb2b322c04201a8af34648ccfdb0ede7da24776e4c0b3ca238a25bf3 CVE-2024-7856,0,0,4c18a2db12636b3d9ab7f571b553f307088acfa3032a3727cdd03791c5b56b45,2024-08-29T13:25:27.537000 CVE-2024-7857,0,0,b74961afa7dd10dda782bf64e146bf5117eb37327cdce5dd6f430c037eea52b1,2024-08-29T13:25:27.537000 CVE-2024-7858,0,0,dbe22e1f02da632a108fdb9c096b7008488e7f6cd1024c2ca6a33d2456cc067c,2024-09-03T14:34:09.017000 +CVE-2024-7859,1,1,bb158d243c4e77ad9b877528c002d596635f207533557374024a2da96bb5e675,2024-09-12T06:15:24.783000 +CVE-2024-7860,1,1,a3dec7b6938312490ed8a81feba4cd5ba0b698f0531b811ef425dfbefb338207,2024-09-12T06:15:24.853000 +CVE-2024-7861,1,1,d61291e5302628ac9ba53ef63fb8b27c818b684d7b73d77600074f886700d514,2024-09-12T06:15:24.933000 +CVE-2024-7862,1,1,8a99e75c762af17d821e9f71c18c6734a2ed5ec5a727951457e39e9e6e55ad9a,2024-09-12T06:15:25.003000 CVE-2024-7866,0,0,4c0cb0c858c0ff2de3d3bc9c6187348080bb51d5934bb16167513e626d441be5,2024-08-20T19:23:02.780000 CVE-2024-7867,0,0,cc4e8e2cbae6cc9c2393332b56b3dc1a7160836d4b3b7919e8d1234e73599a3b,2024-08-28T21:59:33.973000 CVE-2024-7868,0,0,c4ea1bb97a13baa8d231995b3d29c0db15f328b428d9b25a1a7a0b4c8b9c1d1a,2024-09-11T12:40:01.817000 @@ -262318,6 +262334,8 @@ CVE-2024-8041,0,0,d1a08eb64fa9104259a4b82950c39baccb3cd8ac76a0f9fe28938628a68983 CVE-2024-8042,0,0,fe11fe06852bd8872b8038bbdb1b59f9abf17559f4fd0139db22bc4b00f3a1bd,2024-09-09T18:30:12.050000 CVE-2024-8045,0,0,05d36d75d042c2c9517546223100d3f67299fb6baf521e764ed39ac43e964a74,2024-09-11T16:26:11.920000 CVE-2024-8046,0,0,b737fce0801d82db74076beb4b2a2085f8323b47e71780060f37f6f5c3050f1a,2024-08-27T13:01:37.913000 +CVE-2024-8054,1,1,08b1e4f87847347caa710795ae6a42732fd3301317bfd45db6e3189d44a00cea,2024-09-12T06:15:25.077000 +CVE-2024-8056,1,1,58036ddcf23c771164dc6db525a837e1db2332a820f1b22a2f1a301e1c3569f7,2024-09-12T06:15:25.140000 CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000 CVE-2024-8071,0,0,ac7c2c7e7df896f6bfe7f17a6e74f8de236e5ec843865384cdf53fde1e533098,2024-08-23T15:34:53.913000 CVE-2024-8072,0,0,08fafb0bed7b0568fefcb8938e0e01cf4acf3cb153d4b847bc3e1d9427344a62,2024-08-22T14:35:18.797000 @@ -262613,4 +262631,4 @@ CVE-2024-8707,0,0,0f47c6cb8b3cd13658d17328f28325f74fd88df2879e75773f22b4cffaad3f CVE-2024-8708,0,0,82aa7a5283dd9f45ec1aa85b535e39867cc211396bc3ddc0e2c29db8a9e21d28,2024-09-12T02:15:03.870000 CVE-2024-8709,0,0,8f15724da598ddc8c772382f4f03a3697f4d3bcafa5648272971f284535ed18f,2024-09-12T03:15:04.837000 CVE-2024-8710,0,0,df8f5fdc126fcb3fc9c19cd45f93e49981064c1874b64e6d7d735998b9f49c37,2024-09-12T03:15:05.103000 -CVE-2024-8711,1,1,c26c789d0c6236a55cb7489d0e79a82b32089142661c9113c84c06edfe1c6f65,2024-09-12T04:15:07.283000 +CVE-2024-8711,0,0,c26c789d0c6236a55cb7489d0e79a82b32089142661c9113c84c06edfe1c6f65,2024-09-12T04:15:07.283000