From 368b02ba3d6c7dccc0fbb865c91c260bdce143b4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 18 Jan 2025 05:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-01-18T05:00:20.249364+00:00 --- CVE-2024/CVE-2024-120xx/CVE-2024-12071.json | 68 +++++++++++++++++++++ README.md | 8 +-- _state.csv | 3 +- 3 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12071.json diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12071.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12071.json new file mode 100644 index 00000000000..eb21287c402 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12071.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12071", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-18T04:15:06.690", + "lastModified": "2025-01-18T04:15:06.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/admin/class-evergreen_content_poster-admin.php#L333", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/includes/class-evergreen_content_poster.php#L345", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 40b4010bfd5..079442c76c8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-18T03:00:22.416979+00:00 +2025-01-18T05:00:20.249364+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-18T01:15:07.633000+00:00 +2025-01-18T04:15:06.690000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278025 +278026 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2025-23209](CVE-2025/CVE-2025-232xx/CVE-2025-23209.json) (`2025-01-18T01:15:07.633`) +- [CVE-2024-12071](CVE-2024/CVE-2024-120xx/CVE-2024-12071.json) (`2025-01-18T04:15:06.690`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f876ac6c7d6..7a4dc7ae4a7 100644 --- a/_state.csv +++ b/_state.csv @@ -245053,6 +245053,7 @@ CVE-2024-12064,0,0,5bbffd5016c2c66c65f1cad07469a2c9304ddde32e6765225186e453c653a CVE-2024-12066,0,0,b8b74ff74daf8006195a72a7866cbbcaf66d537ba02c482e9dfaf1c6e82963a9,2024-12-21T07:15:08.907000 CVE-2024-12067,0,0,1e92db34fdb6070fa741c6f0fc31b2e9eacb1c54540470e816605dc679b61bb9,2025-01-09T11:15:11.647000 CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af06c,2024-11-21T08:50:02.457000 +CVE-2024-12071,1,1,4892a0257a8e38f22462c3c3c3105d7a454d8d7732fd022887412193b58ae3a5,2025-01-18T04:15:06.690000 CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000 CVE-2024-12073,0,0,d6db2f0c4889187ac33654deef83fc5d0350b2e32b900f5fdab17885bff03ab5,2025-01-07T06:15:15.367000 CVE-2024-12077,0,0,fc51d2e5a9f19fe3fbf82780f8b1560f161bbef921778ce0625a7b0a0068014e,2025-01-07T08:15:24.927000 @@ -277813,7 +277814,7 @@ CVE-2025-23205,0,0,5dde18f3e1001012d88c0b2d8c423eb8fb8c3ba6cae70cd1181e6ed64426f CVE-2025-23206,0,0,ea12574764f66c161153bcbbbe1a91d389bf6c6631d0c7b641a3ca1fa029cc28,2025-01-17T21:15:12.003000 CVE-2025-23207,0,0,e5de4237889cfabf27065c43b82af396f478aa914ba2d9d161effc65eaba9de4,2025-01-17T22:15:29.523000 CVE-2025-23208,0,0,722b719f9dcffb0743a2a700fd962fc8d87ee9dd12d5c90b42efdfb8cdbc3a0a,2025-01-17T23:15:13.107000 -CVE-2025-23209,1,1,b5f5728016cefcd5c65fac9ec6e4863e254ca00e3ac538f16ec17bdaa0bbd53c,2025-01-18T01:15:07.633000 +CVE-2025-23209,0,0,b5f5728016cefcd5c65fac9ec6e4863e254ca00e3ac538f16ec17bdaa0bbd53c,2025-01-18T01:15:07.633000 CVE-2025-23366,0,0,9c322475015bf02d1585352d78c1a1b463f803a5f9fa5af211a6e73349c16f8f,2025-01-14T18:16:06.290000 CVE-2025-23423,0,0,b6f59e601cdbaad011f370832d8ff10b7231d5875d4fb9da3b536bb65b8259e8,2025-01-16T20:15:33.573000 CVE-2025-23424,0,0,af50c9c9dec5ab1ce79e37d50537a1d0fe21f0f1e703c32c29cd7fa3dc996735,2025-01-16T20:15:33.723000