Auto-Update: 2024-12-10T07:00:20.390029+00:00

2025-07-09 16:05:11 +00:00 · 2024-12-10 07:03:43 +00:00 · 2024-12-10 07:03:43 +00:00 · 34d21dfe13
commit 34d21dfe13
parent 8fe078f820
7 changed files with 302 additions and 8 deletions
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6947.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6947.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2023-6947",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-12-10T06:15:19.950",
  "lastModified": "2024-12-10T06:15:19.950",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-25"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/fooplugins/foogallery/pull/263/commits/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68420c5a-4add-4597-bd2a-20dc831e81bd?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-107xx/CVE-2024-10708.json
+++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10708.json
@ -0,0 +1,21 @@
 {
  "id": "CVE-2024-10708",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-12-10T06:15:20.737",
  "lastModified": "2024-12-10T06:15:20.737",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server"
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/",
      "source": "contact@wpscan.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-111xx/CVE-2024-11107.json
+++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11107.json
@ -0,0 +1,21 @@
 {
  "id": "CVE-2024-11107",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-12-10T06:15:20.883",
  "lastModified": "2024-12-10T06:15:20.883",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/a89f1117-8df3-417b-b54f-6587545833ee/",
      "source": "contact@wpscan.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-112xx/CVE-2024-11205.json
+++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11205.json
@ -0,0 +1,72 @@
 {
  "id": "CVE-2024-11205",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-12-10T05:15:05.510",
  "lastModified": "2024-12-10T05:15:05.510",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/includes/functions/checks.php#L191",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L148",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/wpforms-lite/tags/1.9.2.1/src/Integrations/Stripe/Admin/Payments/SingleActionsHandler.php#L92",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3191229/wpforms-lite#file2128",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66898509-a93c-4dc3-bf01-1743daaa0ff1?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-215xx/CVE-2024-21542.json
+++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21542.json
@ -0,0 +1,112 @@
 {
  "id": "CVE-2024-21542",
  "sourceIdentifier": "report@snyk.io",
  "published": "2024-12-10T05:15:07.567",
  "lastModified": "2024-12-10T05:15:07.567",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "report@snyk.io",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "HIGH",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "report@snyk.io",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "report@snyk.io",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-29"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999",
      "source": "report@snyk.io"
    },
    {
      "url": "https://github.com/spotify/luigi/issues/3301",
      "source": "report@snyk.io"
    },
    {
      "url": "https://github.com/spotify/luigi/releases/tag/v3.6.0",
      "source": "report@snyk.io"
    },
    {
      "url": "https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489",
      "source": "report@snyk.io"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-12-10T05:00:26.603480+00:00
+2024-12-10T07:00:20.390029+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-12-10T03:15:05.730000+00:00
+2024-12-10T06:15:20.883000+00:00
 ```
 ### Last Data Feed Release
@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-272905
+272910
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `5`
- [CVE-2024-37143](CVE-2024/CVE-2024-371xx/CVE-2024-37143.json) (`2024-12-10T03:15:05.573`)
+- [CVE-2023-6947](CVE-2023/CVE-2023-69xx/CVE-2023-6947.json) (`2024-12-10T06:15:19.950`)
- [CVE-2024-37144](CVE-2024/CVE-2024-371xx/CVE-2024-37144.json) (`2024-12-10T03:15:05.730`)
+- [CVE-2024-10708](CVE-2024/CVE-2024-107xx/CVE-2024-10708.json) (`2024-12-10T06:15:20.737`)
 - [CVE-2024-11107](CVE-2024/CVE-2024-111xx/CVE-2024-11107.json) (`2024-12-10T06:15:20.883`)
 - [CVE-2024-11205](CVE-2024/CVE-2024-112xx/CVE-2024-11205.json) (`2024-12-10T05:15:05.510`)
 - [CVE-2024-21542](CVE-2024/CVE-2024-215xx/CVE-2024-21542.json) (`2024-12-10T05:15:07.567`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -241659,6 +241659,7 @@ CVE-2023-6943,0,0,089d337a8ecf415142a8459096aefe6b0ccb59116eef8afca750cc59e44d1b
 CVE-2023-6944,0,0,df2b7229c517209019fce35466d5ffbbde525fb676023ff8b16393577f2b89f6,2024-11-21T08:44:53.520000
 CVE-2023-6945,0,0,479c9fda5ccba9693dcf388278c19a19fda669c289a4366c0f6291cccf514bd4,2024-11-21T08:44:53.660000
 CVE-2023-6946,0,0,d11da4da13dc038beb075b5af1213743f8b40d251e7b7ea3b52df4c6657ce74d,2024-11-21T08:44:53.810000
 CVE-2023-6947,1,1,f9ceb9c69f9af7bc35cb22ae00cc89fe49c6a238e31c37cb849eeeceb76f4da3,2024-12-10T06:15:19.950000
 CVE-2023-6948,0,0,fe5733c12b0ee41b32ac32792a9499fb1c2fbb29abf274a6083757f7f49e4eea,2024-11-21T08:44:53.957000
 CVE-2023-6949,0,0,078850d39f1204331fbc98d392a0469ded8443843d8a5c473dc39bd1460bfcd6,2024-11-21T08:44:54.107000
 CVE-2023-6950,0,0,abe9e2e0d7383949fcddc1e9a1bdb75c1a66b8207ce4e95629fab56a059c4d2f,2024-11-21T08:44:54.263000
@ -243426,6 +243427,7 @@ CVE-2024-10700,0,0,47463adc515feae701fdd6df43b426f169c9e406b10e3ad8dd4832a0c6070
 CVE-2024-10701,0,0,641858d6153e165cc2c7dd6027743f3ae6b69eef2b92c96e3594e0be239333fa,2024-11-05T16:52:44.937000
 CVE-2024-10702,0,0,694400dab46a9218fb3a1006ad113a17ad1c8c5f4f2232220945883eb4081eae,2024-11-05T16:52:11.193000
 CVE-2024-10704,0,0,ba32dc9400bcf601c7de3ed1f96e389b9876b8709121dc8baeae8e0502050909,2024-11-29T15:15:15.777000
 CVE-2024-10708,1,1,915fc94c6de0496c38791426a8b6a993429b200041b827298838cab8bee39149,2024-12-10T06:15:20.737000
 CVE-2024-10709,0,0,41eadf98fd4f942149bd2d66f39b1d32e2fbc20d0415ec457a4d209de40f95b0,2024-11-25T21:15:08.837000
 CVE-2024-1071,0,0,511789b6fa5ad5f82a1b86953aeffe2ca3b5c7e6b5a99f94e7636c9edfe8a8b3,2024-11-21T08:49:43.920000
 CVE-2024-10710,0,0,e03984cb3009dc782d788c1b806be248c0ef7aa6de922ac24071c55d616e1630,2024-11-25T17:15:11.747000
@ -243733,6 +243735,7 @@ CVE-2024-11101,0,0,dd5f01c6c10626fada5843d26d25ecc9c303026b11e1f85af9563bdd8086a
 CVE-2024-11102,0,0,ec70fa86628f0582db7e97e83cef58a9123c92079aa9ea3641e1de155f8fc492,2024-11-18T20:00:09.120000
 CVE-2024-11103,0,0,525c56d7b3f8fec3123e98bad3867c199a9a90e84f6b6962f9d506a460e4664c,2024-11-28T10:15:06.197000
 CVE-2024-11104,0,0,b75d8ded53ff668230e72c743fffcbea02289181c30609ae66856a5e9653031c,2024-11-22T06:15:19.093000
 CVE-2024-11107,1,1,c5956665d8c7ce6fcd0a182467a15d9156b0276ffd181b7a1b3ebd79cb232eaf,2024-12-10T06:15:20.883000
 CVE-2024-1111,0,0,1e2a4c53f023bbf8c3b556fe6d8a896ca169d10bbf6dcef8f8f730e5e086694a,2024-11-21T08:49:49.257000
 CVE-2024-11110,0,0,d490bd60a369a1b46dbdb1050197f0676234294cb261b9f35d39066213c16bbc,2024-11-13T17:01:16.850000
 CVE-2024-11111,0,0,da9ee8d75f19a39df28c4985a5537997054eaf20345ca454e34c488f64fe6a62,2024-11-13T17:01:16.850000
@ -243797,6 +243800,7 @@ CVE-2024-11201,0,0,2400a3fff7c4756286421f46f94ce219c368f9dae4da912926dc56c7db0d6
 CVE-2024-11202,0,0,1c4fa16dc439f105ac28005f4d485fd2d81fcbfbfe746e38e05c1690388ba0cf,2024-11-26T08:15:03.710000
 CVE-2024-11203,0,0,89d9b670ca6e709dbc000e307eb68d5ac4e965c1f4c84f129e9430d049a2c78f,2024-11-28T09:15:04.007000
 CVE-2024-11204,0,0,1b902872d8d56ac838bb30e32deaa2c5385b128a323037f02bc4a73a9bc76977,2024-12-06T09:15:05.667000
 CVE-2024-11205,1,1,d46b7e976805c156b42bb00f93b285a4c7f33ed907e6a277b077e49fc4a8600b,2024-12-10T05:15:05.510000
 CVE-2024-11206,0,0,6963a23aa18d59f7f19667610c66a14f0573301879dfe182d608b9677a2a6c4e,2024-11-15T13:58:08.913000
 CVE-2024-11207,0,0,d5124d43b027ffc76512a295e16e94e98be02da33ee04487c126007b70c98e32,2024-11-15T13:58:08.913000
 CVE-2024-11208,0,0,1f38b0ac0ea75542119613bff44f8a5a87d53bc938d1d19c87e8fa8f533ca20f,2024-11-19T19:38:51.637000
@ -246505,6 +246509,7 @@ CVE-2024-21539,0,0,5b71b48f136ea0a133f42f5e9ff41239f19728230b6ea876d025e715b63e9
 CVE-2024-2154,0,0,0457c00e24736b547ac4f7f247e75fccaa09d13ea0de83ed7c8761e6cfd867ea,2024-11-21T09:09:08.927000
 CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000
 CVE-2024-21541,0,0,5334d81827b035e812e898c211255fb4104fa0827d052caba8f8153293e7f7ad,2024-11-19T16:20:37.887000
 CVE-2024-21542,1,1,71d7ac2f297762d496c833f12b77f71c133bcff4cded6f12936512da06dfadcb,2024-12-10T05:15:07.567000
 CVE-2024-21545,0,0,12417d057214273e4a76243ffeaf97d513746844d668a1420616fa022f5af746,2024-09-26T13:32:02.803000
 CVE-2024-2155,0,0,1def2d989b10107bcc4deca9404884628c1ba17bdc1993a4df13bb309b4ac8eb,2024-11-21T09:09:09.070000
 CVE-2024-21550,0,0,6b574e14ae55a92be9fd93a1bb9ebb56cb79876aa6e47f41fbbb48bbd5163e82,2024-08-13T17:33:13.537000
@ -258035,8 +258040,8 @@ CVE-2024-3714,0,0,f676f6aa3ea80163642b838ffc97366c6fd524d90413d89a27ae0fc5ef93d7
 CVE-2024-37140,0,0,e700dd8384686d59dc63698202c3202f899bcb254f2d0eb9c74ca4033afecdba,2024-11-21T09:23:17.183000
 CVE-2024-37141,0,0,ae07fdaf87c77dab376805804e1ae07d27c9caece9a648abb6d885d50da32cfd,2024-11-21T09:23:17.330000
 CVE-2024-37142,0,0,ddd4b85467c476513b25ea1c7c51f99cf08d5897ed43ab32a6a1b6b42be3ce3f,2024-08-08T21:17:18.647000
-CVE-2024-37143,1,1,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000
+CVE-2024-37143,0,0,197a2ae24481b5df4a85f280765bfb423d644b171a85bf1c1de77136a25586c0,2024-12-10T03:15:05.573000
-CVE-2024-37144,1,1,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000
+CVE-2024-37144,0,0,0a6d44cc6e0bc4c6ee1c6afa759b76576c3296205fae6b9f1280e3c48e02fe9f,2024-12-10T03:15:05.730000
 CVE-2024-37145,0,0,603e250630d8db36a65f2b32fc29bd909465783da4a4b9d605a69590653a4715,2024-11-21T09:23:17.597000
 CVE-2024-37146,0,0,e821fd740200ae8a142c50ef5c7f6d74765fdc916fffef75517e92f79dcfc790,2024-11-21T09:23:17.743000
 CVE-2024-37147,0,0,e8fb4db1994b2c8bec137eabef82837caa49013082af624f15b2d9e32283c316,2024-11-21T09:23:17.880000