Auto-Update: 2024-04-27T06:00:37.958605+00:00

2025-05-08 11:37:26 +00:00 · 2024-04-27 06:03:28 +00:00 · 2024-04-27 06:03:28 +00:00 · 309075e866
commit 309075e866
parent 172238b671
6 changed files with 157 additions and 11 deletions
--- a/CVE-2024/CVE-2024-22xx/CVE-2024-2258.json
+++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2258.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-2258",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-27T04:15:08.543",
+  "lastModified": "2024-04-27T04:15:08.543",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3071515",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af1075a5-9efa-4b86-9798-6dbafcba4db5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-28xx/CVE-2024-2838.json
+++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2838.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-2838",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-27T04:15:09.040",
+  "lastModified": "2024-04-27T04:15:09.040",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3069973/wpc-composite-products/trunk/includes/class-wooco.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bea017-9fc3-4e14-97c4-5bb525650cde?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-30xx/CVE-2024-3034.json
+++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3034.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3034",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-27T05:15:48.623",
+  "lastModified": "2024-04-27T05:15:48.623",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076291%40backupwordpress&new=3076291%40backupwordpress&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2805cb0-8913-4487-8445-031b7d920e2d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json
+++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32405.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-32405",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-22T20:15:07.737",
-  "lastModified": "2024-04-23T12:52:26.253",
+  "lastModified": "2024-04-27T05:15:48.447",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -21,7 +21,7 @@
      "source": "cve@mitre.org"
    },
    {
-      "url": "https://portswigger.net/web-security/cross-site-scripting/stored",
+      "url": "https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html",
      "source": "cve@mitre.org"
    }
  ]
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-27T02:00:29.409625+00:00
+2024-04-27T06:00:37.958605+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-27T01:15:06.083000+00:00
+2024-04-27T05:15:48.623000+00:00
 ```

 ### Last Data Feed Release
@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-246945
+246948
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2024-2859](CVE-2024/CVE-2024-28xx/CVE-2024-2859.json) (`2024-04-27T00:15:07.010`)
+- [CVE-2024-2258](CVE-2024/CVE-2024-22xx/CVE-2024-2258.json) (`2024-04-27T04:15:08.543`)
+- [CVE-2024-2838](CVE-2024/CVE-2024-28xx/CVE-2024-2838.json) (`2024-04-27T04:15:09.040`)
+- [CVE-2024-3034](CVE-2024/CVE-2024-30xx/CVE-2024-3034.json) (`2024-04-27T05:15:48.623`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2024-1394](CVE-2024/CVE-2024-13xx/CVE-2024-1394.json) (`2024-04-27T01:15:06.083`)
+- [CVE-2024-32405](CVE-2024/CVE-2024-324xx/CVE-2024-32405.json) (`2024-04-27T05:15:48.447`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -239508,7 +239508,7 @@ CVE-2024-1390,0,0,71eb0c49e1915160a890c9df4d2040fa529dd6e699ca4bdcf3f6829a9c0e60
 CVE-2024-1391,0,0,95159e2513e9127a66f6050cbc2679326245e87281e8aee9653919649cc97f74,2024-03-13T18:15:58.530000
 CVE-2024-1392,0,0,0948736f211221c32ddb432668205bccae67223b950d877ef11c76bff68a1c8f,2024-03-13T18:15:58.530000
 CVE-2024-1393,0,0,d7662d0cf4655f5dc37cac1727274e85c0d695350e85be99fa06d400366cbddc,2024-03-13T18:15:58.530000
-CVE-2024-1394,0,1,f405926a88a7f0aad5016be9f18eb006fb8ab5ec97a6916b8da82b52a25ef848,2024-04-27T01:15:06.083000
+CVE-2024-1394,0,0,f405926a88a7f0aad5016be9f18eb006fb8ab5ec97a6916b8da82b52a25ef848,2024-04-27T01:15:06.083000
 CVE-2024-1397,0,0,e6d8c9c2beca75d3fdc5f918cb423cf21913a9c807f46126d5b49c29c7bd60f0,2024-03-13T12:33:51.697000
 CVE-2024-1398,0,0,2b28153468f4d42956e25c3f4649f2a8573b6a6d707501b23def6a1cde88644b,2024-03-04T13:58:23.447000
 CVE-2024-1400,0,0,295a10f36c3e13d694d09cafc6872c0c48f9e2b4c87da0889327ecdac7abe4ac,2024-03-12T12:40:13.500000
@ -241337,6 +241337,7 @@ CVE-2024-22567,0,0,37499b14fc95be5de51f415505f023a34c878497b34bd94665d0d5d9fc0f3
 CVE-2024-22568,0,0,b7d805911224b1ae0c1c8858ee61b49b9c11cc28a75ce32a84caadcf77d4e108,2024-01-20T18:49:52.490000
 CVE-2024-22569,0,0,bee3ca02120bb4729d62660d17afd0816ef9535b004ff125be13883d678f5fb9,2024-02-06T18:07:39.733000
 CVE-2024-22570,0,0,c41ee5b58f7f6a9dd8b89c3af365a9d60dc2b413d2b344b295ffdf6e10d67e91,2024-02-02T23:32:46.897000
+CVE-2024-2258,1,1,ac35c2d4854a76b4c5778fc510e1c7d2c7c227c825e96bacea585778cc1cc57c,2024-04-27T04:15:08.543000
 CVE-2024-22591,0,0,f5c348c7153b233a9d90322c9527755bd871e66df7cc43f695b58dbe543197c9,2024-01-20T18:49:47.907000
 CVE-2024-22592,0,0,f50afa29eb1912ea2c3e321f184317ab81adfed74c362dc96640e9870bb57ed4,2024-01-20T18:49:41.750000
 CVE-2024-22593,0,0,993941354f61719e720764f4475d3b2e7a78eded6442ffaa6fe56e23dc421b8f,2024-01-20T18:49:24.957000
@ -244401,6 +244402,7 @@ CVE-2024-28353,0,0,f5d0b12a1e8a931f5519e51563d18b142745d332ff192847a7afb495f17e2
 CVE-2024-28354,0,0,b6680336ce24c3665bbea7456a49c23f2010021d3a256de9fa063452e0cf7d3a,2024-03-15T12:53:06.423000
 CVE-2024-2836,0,0,9acd34fc60cb65ba9cd271e5ec35a02f0cd82360d653d80e871f78f2c63ee537,2024-04-15T13:15:31.997000
 CVE-2024-2837,0,0,ede30a076db0490f182649eaa516f525e72ce3474678f75311de4b8e697fa1bd,2024-04-26T12:58:17.720000
+CVE-2024-2838,1,1,8667d1c4020236689cce3b944a3ff8c7e80b101677a1e94cba0b1cd1616556e0,2024-04-27T04:15:09.040000
 CVE-2024-28383,0,0,4ebb5b688ac785b11132be45898bb9d7934c49dcd0ae78bf745a27cbe4cf3c09,2024-03-14T14:21:20.217000
 CVE-2024-28386,0,0,babe8ca097e0c09213bc5c6af798d9ab75b1906fe65d8568532f7dfbcdf59f5c,2024-03-25T16:43:06.137000
 CVE-2024-28387,0,0,50317bd50b8bed7df4714df1431ccc5e21589c7d6b48de3eead147adffba9438,2024-03-25T16:43:06.137000
@ -244493,7 +244495,7 @@ CVE-2024-28582,0,0,a8d301ccd0dad16aea2974823f92b257c48d20794dbe2fa246519ebd4b428
 CVE-2024-28583,0,0,7df4736d3553ef9f843b9464b7ff203cfb47a1e4c81ead3328799bd34a187c85,2024-03-20T13:00:16.367000
 CVE-2024-28584,0,0,c0c42a4e198b061c2a4f039c2e512cd03a64f3767d71ae1270f1b05707835c12,2024-03-20T13:00:16.367000
 CVE-2024-28589,0,0,0bbfba634be0a6220fb48d12550a4d1e9192f3d277848f34860717c51da56d55,2024-04-03T12:38:04.840000
-CVE-2024-2859,1,1,90b23a37f06b196f8aaef5a2e269bb7f5832aebfe31e4b7da8b81061c7e4fb3b,2024-04-27T00:15:07.010000
+CVE-2024-2859,0,0,90b23a37f06b196f8aaef5a2e269bb7f5832aebfe31e4b7da8b81061c7e4fb3b,2024-04-27T00:15:07.010000
 CVE-2024-28593,0,0,12e50d1047d9408aca5b77d1096e4a71cda0fba8e4dc35d15cd483b7f871d0cb,2024-04-11T01:25:10.400000
 CVE-2024-28595,0,0,542734c5d7a6316ed6be596eecae4717d67621271c4b97cd461c76a709543cb8,2024-03-20T13:00:16.367000
 CVE-2024-28613,0,0,bda4150312b2b3b79a305a8c0a3aeb6013ca159f1baaa84b69f3b052dab94ea7,2024-04-24T13:39:42.883000
@ -245299,6 +245301,7 @@ CVE-2024-30336,0,0,e5351987b8d729d3503d921fe2dc9880c350f59f5a953427a6b814948ca4d
 CVE-2024-30337,0,0,36921abe92d25dec06f55554c591b6452ef07a36520db16afe8e41399ddedc0c,2024-04-02T20:31:58.463000
 CVE-2024-30338,0,0,c70de79f61093bb957f2452c373197e0191e40923b05e55db920f5bac9b991ca,2024-04-02T20:31:58.463000
 CVE-2024-30339,0,0,9fda1b1602dad3d189cf802a0ab881501bdc4001860ed5f68e3145a81fadd784,2024-04-02T20:31:58.463000
+CVE-2024-3034,1,1,b9e9e114df333016b641afbc9902aaab9b6979408bbd2c131cfe9a7e0f7a4b28,2024-04-27T05:15:48.623000
 CVE-2024-30340,0,0,5122c03a233ded794ffad2a42ab54afbcfb7148c93cbc30383d855256d7ceee1,2024-04-02T20:31:58.463000
 CVE-2024-30341,0,0,7cf4c251ace5c9cd1be08a073be5af7df10d126360e176784dcd480d86f09182,2024-04-02T20:31:58.463000
 CVE-2024-30342,0,0,eb0e78b29270ab38683d7813c5fcac0ed5b167a2c3abb1485e0a4f5084b7a554,2024-04-02T20:31:58.463000
@ -246235,7 +246238,7 @@ CVE-2024-32392,0,0,e9dc77721f231608117a79f151c9f1e6be5cd7530989658bd3dd67ce41889
 CVE-2024-32394,0,0,5f3cc70e4b86c8028147d2489cef40fa6c9285878a28bdb0855878990e97443a,2024-04-23T12:52:26.253000
 CVE-2024-32399,0,0,881ee2dd975bc6f828957c741f38d2e9a20065eb3fba67ea84e4e0b7e3e06627,2024-04-23T12:52:30.940000
 CVE-2024-32404,0,0,79a6c7942a9f3dcde43616bd36ba873d8478b9d821d7bf155e9c801f8f350e7c,2024-04-26T12:58:17.720000
-CVE-2024-32405,0,0,3981342fdb5111e1ad684c404fe5fa643bf161596abde4f7fd085ddcbb79a5d7,2024-04-23T12:52:26.253000
+CVE-2024-32405,0,1,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000
 CVE-2024-32406,0,0,8e6d36b8dcd241dcce7d220afafae7996fb58ae46bc5ab008c1d0443a9fffaf0,2024-04-26T12:58:17.720000
 CVE-2024-32407,0,0,04bdb1c21d2d45016e5f7565a6490533ba649bcc5c4dc99b7e34c030532cab3a,2024-04-22T19:24:06.727000
 CVE-2024-32409,0,0,2cc0bf26ecd8938fd89992a98bae2541af2d19072f0bc8cdc919759b6ea980aa,2024-04-19T16:19:49.043000