From 309075e8665b225dff9d6c6d6f320293600ca0b6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 27 Apr 2024 06:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-04-27T06:00:37.958605+00:00 --- CVE-2024/CVE-2024-22xx/CVE-2024-2258.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-28xx/CVE-2024-2838.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-30xx/CVE-2024-3034.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-324xx/CVE-2024-32405.json | 4 +- README.md | 14 +++--- _state.csv | 9 ++-- 6 files changed, 157 insertions(+), 11 deletions(-) create mode 100644 CVE-2024/CVE-2024-22xx/CVE-2024-2258.json create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2838.json create mode 100644 CVE-2024/CVE-2024-30xx/CVE-2024-3034.json diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2258.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2258.json new file mode 100644 index 00000000000..3c4ddc168f5 --- /dev/null +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2258.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2258", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-27T04:15:08.543", + "lastModified": "2024-04-27T04:15:08.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3071515", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af1075a5-9efa-4b86-9798-6dbafcba4db5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2838.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2838.json new file mode 100644 index 00000000000..c4cbf77a639 --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2838.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2838", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-27T04:15:09.040", + "lastModified": "2024-04-27T04:15:09.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3069973/wpc-composite-products/trunk/includes/class-wooco.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bea017-9fc3-4e14-97c4-5bb525650cde?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3034.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3034.json new file mode 100644 index 00000000000..377ef05abc7 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3034.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3034", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-27T05:15:48.623", + "lastModified": "2024-04-27T05:15:48.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076291%40backupwordpress&new=3076291%40backupwordpress&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2805cb0-8913-4487-8445-031b7d920e2d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json index 63c30f0196a..a164d155e6b 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json @@ -2,7 +2,7 @@ "id": "CVE-2024-32405", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-22T20:15:07.737", - "lastModified": "2024-04-23T12:52:26.253", + "lastModified": "2024-04-27T05:15:48.447", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -21,7 +21,7 @@ "source": "cve@mitre.org" }, { - "url": "https://portswigger.net/web-security/cross-site-scripting/stored", + "url": "https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html", "source": "cve@mitre.org" } ] diff --git a/README.md b/README.md index 2cc018a333f..594d45f9c29 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-27T02:00:29.409625+00:00 +2024-04-27T06:00:37.958605+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-27T01:15:06.083000+00:00 +2024-04-27T05:15:48.623000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -246945 +246948 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-2859](CVE-2024/CVE-2024-28xx/CVE-2024-2859.json) (`2024-04-27T00:15:07.010`) +- [CVE-2024-2258](CVE-2024/CVE-2024-22xx/CVE-2024-2258.json) (`2024-04-27T04:15:08.543`) +- [CVE-2024-2838](CVE-2024/CVE-2024-28xx/CVE-2024-2838.json) (`2024-04-27T04:15:09.040`) +- [CVE-2024-3034](CVE-2024/CVE-2024-30xx/CVE-2024-3034.json) (`2024-04-27T05:15:48.623`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-1394](CVE-2024/CVE-2024-13xx/CVE-2024-1394.json) (`2024-04-27T01:15:06.083`) +- [CVE-2024-32405](CVE-2024/CVE-2024-324xx/CVE-2024-32405.json) (`2024-04-27T05:15:48.447`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d2a275ca632..ba0710cc628 100644 --- a/_state.csv +++ b/_state.csv @@ -239508,7 +239508,7 @@ CVE-2024-1390,0,0,71eb0c49e1915160a890c9df4d2040fa529dd6e699ca4bdcf3f6829a9c0e60 CVE-2024-1391,0,0,95159e2513e9127a66f6050cbc2679326245e87281e8aee9653919649cc97f74,2024-03-13T18:15:58.530000 CVE-2024-1392,0,0,0948736f211221c32ddb432668205bccae67223b950d877ef11c76bff68a1c8f,2024-03-13T18:15:58.530000 CVE-2024-1393,0,0,d7662d0cf4655f5dc37cac1727274e85c0d695350e85be99fa06d400366cbddc,2024-03-13T18:15:58.530000 -CVE-2024-1394,0,1,f405926a88a7f0aad5016be9f18eb006fb8ab5ec97a6916b8da82b52a25ef848,2024-04-27T01:15:06.083000 +CVE-2024-1394,0,0,f405926a88a7f0aad5016be9f18eb006fb8ab5ec97a6916b8da82b52a25ef848,2024-04-27T01:15:06.083000 CVE-2024-1397,0,0,e6d8c9c2beca75d3fdc5f918cb423cf21913a9c807f46126d5b49c29c7bd60f0,2024-03-13T12:33:51.697000 CVE-2024-1398,0,0,2b28153468f4d42956e25c3f4649f2a8573b6a6d707501b23def6a1cde88644b,2024-03-04T13:58:23.447000 CVE-2024-1400,0,0,295a10f36c3e13d694d09cafc6872c0c48f9e2b4c87da0889327ecdac7abe4ac,2024-03-12T12:40:13.500000 @@ -241337,6 +241337,7 @@ CVE-2024-22567,0,0,37499b14fc95be5de51f415505f023a34c878497b34bd94665d0d5d9fc0f3 CVE-2024-22568,0,0,b7d805911224b1ae0c1c8858ee61b49b9c11cc28a75ce32a84caadcf77d4e108,2024-01-20T18:49:52.490000 CVE-2024-22569,0,0,bee3ca02120bb4729d62660d17afd0816ef9535b004ff125be13883d678f5fb9,2024-02-06T18:07:39.733000 CVE-2024-22570,0,0,c41ee5b58f7f6a9dd8b89c3af365a9d60dc2b413d2b344b295ffdf6e10d67e91,2024-02-02T23:32:46.897000 +CVE-2024-2258,1,1,ac35c2d4854a76b4c5778fc510e1c7d2c7c227c825e96bacea585778cc1cc57c,2024-04-27T04:15:08.543000 CVE-2024-22591,0,0,f5c348c7153b233a9d90322c9527755bd871e66df7cc43f695b58dbe543197c9,2024-01-20T18:49:47.907000 CVE-2024-22592,0,0,f50afa29eb1912ea2c3e321f184317ab81adfed74c362dc96640e9870bb57ed4,2024-01-20T18:49:41.750000 CVE-2024-22593,0,0,993941354f61719e720764f4475d3b2e7a78eded6442ffaa6fe56e23dc421b8f,2024-01-20T18:49:24.957000 @@ -244401,6 +244402,7 @@ CVE-2024-28353,0,0,f5d0b12a1e8a931f5519e51563d18b142745d332ff192847a7afb495f17e2 CVE-2024-28354,0,0,b6680336ce24c3665bbea7456a49c23f2010021d3a256de9fa063452e0cf7d3a,2024-03-15T12:53:06.423000 CVE-2024-2836,0,0,9acd34fc60cb65ba9cd271e5ec35a02f0cd82360d653d80e871f78f2c63ee537,2024-04-15T13:15:31.997000 CVE-2024-2837,0,0,ede30a076db0490f182649eaa516f525e72ce3474678f75311de4b8e697fa1bd,2024-04-26T12:58:17.720000 +CVE-2024-2838,1,1,8667d1c4020236689cce3b944a3ff8c7e80b101677a1e94cba0b1cd1616556e0,2024-04-27T04:15:09.040000 CVE-2024-28383,0,0,4ebb5b688ac785b11132be45898bb9d7934c49dcd0ae78bf745a27cbe4cf3c09,2024-03-14T14:21:20.217000 CVE-2024-28386,0,0,babe8ca097e0c09213bc5c6af798d9ab75b1906fe65d8568532f7dfbcdf59f5c,2024-03-25T16:43:06.137000 CVE-2024-28387,0,0,50317bd50b8bed7df4714df1431ccc5e21589c7d6b48de3eead147adffba9438,2024-03-25T16:43:06.137000 @@ -244493,7 +244495,7 @@ CVE-2024-28582,0,0,a8d301ccd0dad16aea2974823f92b257c48d20794dbe2fa246519ebd4b428 CVE-2024-28583,0,0,7df4736d3553ef9f843b9464b7ff203cfb47a1e4c81ead3328799bd34a187c85,2024-03-20T13:00:16.367000 CVE-2024-28584,0,0,c0c42a4e198b061c2a4f039c2e512cd03a64f3767d71ae1270f1b05707835c12,2024-03-20T13:00:16.367000 CVE-2024-28589,0,0,0bbfba634be0a6220fb48d12550a4d1e9192f3d277848f34860717c51da56d55,2024-04-03T12:38:04.840000 -CVE-2024-2859,1,1,90b23a37f06b196f8aaef5a2e269bb7f5832aebfe31e4b7da8b81061c7e4fb3b,2024-04-27T00:15:07.010000 +CVE-2024-2859,0,0,90b23a37f06b196f8aaef5a2e269bb7f5832aebfe31e4b7da8b81061c7e4fb3b,2024-04-27T00:15:07.010000 CVE-2024-28593,0,0,12e50d1047d9408aca5b77d1096e4a71cda0fba8e4dc35d15cd483b7f871d0cb,2024-04-11T01:25:10.400000 CVE-2024-28595,0,0,542734c5d7a6316ed6be596eecae4717d67621271c4b97cd461c76a709543cb8,2024-03-20T13:00:16.367000 CVE-2024-28613,0,0,bda4150312b2b3b79a305a8c0a3aeb6013ca159f1baaa84b69f3b052dab94ea7,2024-04-24T13:39:42.883000 @@ -245299,6 +245301,7 @@ CVE-2024-30336,0,0,e5351987b8d729d3503d921fe2dc9880c350f59f5a953427a6b814948ca4d CVE-2024-30337,0,0,36921abe92d25dec06f55554c591b6452ef07a36520db16afe8e41399ddedc0c,2024-04-02T20:31:58.463000 CVE-2024-30338,0,0,c70de79f61093bb957f2452c373197e0191e40923b05e55db920f5bac9b991ca,2024-04-02T20:31:58.463000 CVE-2024-30339,0,0,9fda1b1602dad3d189cf802a0ab881501bdc4001860ed5f68e3145a81fadd784,2024-04-02T20:31:58.463000 +CVE-2024-3034,1,1,b9e9e114df333016b641afbc9902aaab9b6979408bbd2c131cfe9a7e0f7a4b28,2024-04-27T05:15:48.623000 CVE-2024-30340,0,0,5122c03a233ded794ffad2a42ab54afbcfb7148c93cbc30383d855256d7ceee1,2024-04-02T20:31:58.463000 CVE-2024-30341,0,0,7cf4c251ace5c9cd1be08a073be5af7df10d126360e176784dcd480d86f09182,2024-04-02T20:31:58.463000 CVE-2024-30342,0,0,eb0e78b29270ab38683d7813c5fcac0ed5b167a2c3abb1485e0a4f5084b7a554,2024-04-02T20:31:58.463000 @@ -246235,7 +246238,7 @@ CVE-2024-32392,0,0,e9dc77721f231608117a79f151c9f1e6be5cd7530989658bd3dd67ce41889 CVE-2024-32394,0,0,5f3cc70e4b86c8028147d2489cef40fa6c9285878a28bdb0855878990e97443a,2024-04-23T12:52:26.253000 CVE-2024-32399,0,0,881ee2dd975bc6f828957c741f38d2e9a20065eb3fba67ea84e4e0b7e3e06627,2024-04-23T12:52:30.940000 CVE-2024-32404,0,0,79a6c7942a9f3dcde43616bd36ba873d8478b9d821d7bf155e9c801f8f350e7c,2024-04-26T12:58:17.720000 -CVE-2024-32405,0,0,3981342fdb5111e1ad684c404fe5fa643bf161596abde4f7fd085ddcbb79a5d7,2024-04-23T12:52:26.253000 +CVE-2024-32405,0,1,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000 CVE-2024-32406,0,0,8e6d36b8dcd241dcce7d220afafae7996fb58ae46bc5ab008c1d0443a9fffaf0,2024-04-26T12:58:17.720000 CVE-2024-32407,0,0,04bdb1c21d2d45016e5f7565a6490533ba649bcc5c4dc99b7e34c030532cab3a,2024-04-22T19:24:06.727000 CVE-2024-32409,0,0,2cc0bf26ecd8938fd89992a98bae2541af2d19072f0bc8cdc919759b6ea980aa,2024-04-19T16:19:49.043000