Auto-Update: 2025-03-01T13:00:19.239201+00:00

CVE-2024/CVE-2024-138xx/CVE-2024-13833.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13833",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-01T12:15:33.230",
+  "lastModified": "2025-03-01T12:15:33.230",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Album Gallery \u2013 WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3246291/new-album-gallery",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7075a6-5609-42ab-a4cb-9d33686c7de0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-14xx/CVE-2025-1404.json

@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2025-1404",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-01T12:15:34.310",
+  "lastModified": "2025-03-01T12:15:34.310",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/class-secure-copy-content-protection-admin.php#L943",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/js/secure-copy-content-protection-admin.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3246301",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/secure-copy-content-protection/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7363b5de-db30-4b35-b701-5c8f2835ec6c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-03-01T11:00:19.637851+00:00
+2025-03-01T13:00:19.239201+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-03-01T10:15:11.683000+00:00
+2025-03-01T12:15:34.310000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,19 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-283587
+283589
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `2`
 
-- [CVE-2024-13546](CVE-2024/CVE-2024-135xx/CVE-2024-13546.json) (`2025-03-01T10:15:10.207`)
-- [CVE-2024-13611](CVE-2024/CVE-2024-136xx/CVE-2024-13611.json) (`2025-03-01T09:15:09.220`)
-- [CVE-2024-13697](CVE-2024/CVE-2024-136xx/CVE-2024-13697.json) (`2025-03-01T09:15:09.370`)
-- [CVE-2024-13910](CVE-2024/CVE-2024-139xx/CVE-2024-13910.json) (`2025-03-01T09:15:09.517`)
-- [CVE-2025-1291](CVE-2025/CVE-2025-12xx/CVE-2025-1291.json) (`2025-03-01T09:15:09.710`)
-- [CVE-2025-1786](CVE-2025/CVE-2025-17xx/CVE-2025-1786.json) (`2025-03-01T10:15:11.683`)
+- [CVE-2024-13833](CVE-2024/CVE-2024-138xx/CVE-2024-13833.json) (`2025-03-01T12:15:33.230`)
+- [CVE-2025-1404](CVE-2025/CVE-2025-14xx/CVE-2025-1404.json) (`2025-03-01T12:15:34.310`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -247477,7 +247477,7 @@ CVE-2024-13542,0,0,20f9c26c58c33c18bfa9db172ebf7a3744023b74b8c8426c5f8aa545e507f
 CVE-2024-13543,0,0,313912351d5c53f4223a6d5b805b81f4ef85173ca4b09805270d61361b904099,2025-02-20T16:09:08.567000
 CVE-2024-13544,0,0,40fd8d3043f2111bdb8eb0b8c5ce28fe2ce983b5b6a5fd7fe7c1666b74685deb,2025-02-20T16:11:08.567000
 CVE-2024-13545,0,0,87a0f57604fe27d4ee9df650772826f7d7900467d357a9ad3aa561d00273e2a6,2025-02-05T17:12:11.700000
-CVE-2024-13546,1,1,63a860527663231f9bf1584d55966af9163c037835d8ace637da70afd0f2dc57,2025-03-01T10:15:10.207000
+CVE-2024-13546,0,0,63a860527663231f9bf1584d55966af9163c037835d8ace637da70afd0f2dc57,2025-03-01T10:15:10.207000
 CVE-2024-13547,0,0,1e79ecfe46a254b42d924ae276e55ad400567d9e48a334180905a7986300687f,2025-02-24T16:16:56.543000
 CVE-2024-13548,0,0,ce678384d6879b1518296d0bd59d7e5e9b3276f2861356166fcc86ea2354903e,2025-02-04T19:27:08.967000
 CVE-2024-13549,0,0,bcedd6d4c0f25a57faa8365d40ac3a95b68e2d0adaafc3f3f6fa713e56e46afc,2025-01-31T18:10:28.800000
@@ -247536,7 +247536,7 @@ CVE-2024-13607,0,0,971007da10a9fc294b65e85316c324b849c3e2d15fb730239949152f9e552
 CVE-2024-13608,0,0,b8b173401de3e1097c36a401f8928ae8cd5257912fc8cac1e3eea9f3234c491d,2025-02-19T19:15:14.260000
 CVE-2024-13609,0,0,007c027106c3ec1d23edeaef367a828bff90431ee7cff957b7b00cd86e9cc2ee,2025-02-21T16:06:13.673000
 CVE-2024-1361,0,0,97ae7bef997d0711a578d7bb7fe15767bd1e10109291fe764008616829a40faf,2025-01-15T18:39:23.493000
-CVE-2024-13611,1,1,adaf5b73e8fe9d66812dd3def28511b2d973fce9d240d376175277fce2929fa3,2025-03-01T09:15:09.220000
+CVE-2024-13611,0,0,adaf5b73e8fe9d66812dd3def28511b2d973fce9d240d376175277fce2929fa3,2025-03-01T09:15:09.220000
 CVE-2024-13612,0,0,b4eebc3a0ba94cd7de5a857ae3d4519c3aaa03da31361c68d970a3c283ce20a7,2025-02-20T16:51:45.987000
 CVE-2024-13614,0,0,e58c8adf8c29e7e85021326638f400d4333ddf67f47f6ad8c608c33ab2021149,2025-02-06T17:15:18.080000
 CVE-2024-1362,0,0,1bf34831bc70bdad1bc996e752545d1e0c7befef2013c4482e56f5d7529aa921,2025-01-15T18:40:30.490000
@@ -247606,7 +247606,7 @@ CVE-2024-13693,0,0,f0cf4256d62cf2043dd430ed11196d9b70e2b2d1990b02789144ac56c8565
 CVE-2024-13694,0,0,f76307657ffe1cf961458e88374ab5be6334165284f8bcf86e9ac130fdc702fd,2025-02-04T18:47:41.800000
 CVE-2024-13695,0,0,8ff53e1c24294038725eeb5009487732d909b54f14df48126e66c23934ff0d91,2025-02-28T01:30:32.830000
 CVE-2024-13696,0,0,ddda7d8ee3b5db6631ae21ebb6abc15e9b483b8978d4e9a66c9fc1507010682e,2025-01-29T08:15:19.677000
-CVE-2024-13697,1,1,068c9e165f4106c3b943dce2e334fc13af23c8d9d6418a3e81429f2272641ed4,2025-03-01T09:15:09.370000
+CVE-2024-13697,0,0,068c9e165f4106c3b943dce2e334fc13af23c8d9d6418a3e81429f2272641ed4,2025-03-01T09:15:09.370000
 CVE-2024-13698,0,0,ea43a0ffeb82eb62bdf790bb3904a4694fa6ec80884e9d936dc30a8e05897d00,2025-02-07T20:15:27.277000
 CVE-2024-13699,0,0,6c179d99e1e68d225e4cf32bfc134108fb7e1de353e5a047f158d68ed9ec8ab3,2025-02-05T18:33:09.660000
 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
@@ -247691,6 +247691,7 @@ CVE-2024-1383,0,0,aa117bb4caae4c90c9ef562f3b17aec83c186c85e2ed83fcc25ce7b11090cf
 CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000
 CVE-2024-13831,0,0,dc606325056ecb3af1d0abdf4906087df581d7aaf8a47f4b06428d6e01b13004,2025-02-28T09:15:10.400000
 CVE-2024-13832,0,0,ec5b2acd93db5978e9a901bf338782a10b26bfa5fce10324f0a5b3fac0b88ab1,2025-02-28T09:15:10.570000
+CVE-2024-13833,1,1,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000
 CVE-2024-13834,0,0,43e5ae6cc904537a30eeccc37c7b9a07fd2bfb264b9574278bc2a72960c00c36,2025-02-24T12:37:18.957000
 CVE-2024-13837,0,0,b186071e4ea62233d731f5821d490b3ab777186a5f4da25e22f6fedfafcbdd0c,2025-02-17T19:15:09.463000
 CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000
@@ -247723,7 +247724,7 @@ CVE-2024-13901,0,0,b4d4185fc2cf368e3c24da5377f1f5ad78958c5d2f761e097232a413aff59
 CVE-2024-13905,0,0,ddbce989e5316ebad241003772bca4cc3c14da0675ffb5196a1949f804fd0fe7,2025-02-27T05:15:13.610000
 CVE-2024-13907,0,0,640813e4cb98565656c38dccbed289cbd873b305c530875f889d8d7ed33bbdce,2025-02-27T07:15:33.543000
 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000
-CVE-2024-13910,1,1,1da974c8b4278339ddaf4e1b70396d7d0139387963424ab28e0cb7907c842a5e,2025-03-01T09:15:09.517000
+CVE-2024-13910,0,0,1da974c8b4278339ddaf4e1b70396d7d0139387963424ab28e0cb7907c842a5e,2025-03-01T09:15:09.517000
 CVE-2024-13911,0,0,5c6ec30a98a23b22a75401ffb9290b39df569bd0f5609894fc8fdc52c5d0d4f8,2025-03-01T08:15:33.803000
 CVE-2024-1392,0,0,7d376d426c7bde42291bb43e543815dd80a04cb004b570eb44a0e5840366c498,2025-01-17T19:53:57.010000
 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000
@@ -280608,7 +280609,7 @@ CVE-2025-1270,0,0,a0fba4bca59afda304bf8335640266a3acf6a1624640bee675db51d94e9fc4
 CVE-2025-1271,0,0,0359319eae8a142a0720b34e58c3d3808902c47ddd06a524c0e8a18f2f2f366a,2025-02-13T13:15:09.433000
 CVE-2025-1282,0,0,8085f605dd153bbf0a8c66b972f09c50b99fc10a9dd97a78634e0e3f074d92b4,2025-02-27T09:15:10.160000
 CVE-2025-1283,0,0,afbf73056779c2284deff120b8f7806be9c37e816574c79d2148aa8a36b813a0,2025-02-13T22:15:11.413000
-CVE-2025-1291,1,1,bb482c13e6ea46eaa51479ea468a757d12dfa1292b1f2ec778322441cd52e4d5,2025-03-01T09:15:09.710000
+CVE-2025-1291,0,0,bb482c13e6ea46eaa51479ea468a757d12dfa1292b1f2ec778322441cd52e4d5,2025-03-01T09:15:09.710000
 CVE-2025-1293,0,0,dbd776d425a4170ebc67e8f467d76fdb1a678c6cc6717d2977a3876685bd7d30,2025-02-20T01:15:09.950000
 CVE-2025-1295,0,0,675204ae0772f088026fc7f2412f8ab28c43fc8efc072775299de73d53b5b7cf,2025-02-27T06:15:21.990000
 CVE-2025-1298,0,0,3dd2689cd87b723cb3286c5171c05d1ec556a4e424788772bb6ebd63733b94f4,2025-02-18T15:15:18.007000
@@ -280659,6 +280660,7 @@ CVE-2025-1391,0,0,6fee9eda29ef94ebb6c29d27c38776c5f8bb1fbd11f215f0e687819427cb50
 CVE-2025-1392,0,0,8e4405371022efbf780ff58db6d926727305203f058fec61ae92b5e8fa805a81,2025-02-17T16:15:16.120000
 CVE-2025-1402,0,0,c23c451cfa1d570fb16b3d38ae224aa085b42cdb084d4b1dbd67b0732fd42aba,2025-02-25T04:04:59.860000
 CVE-2025-1403,0,0,cdf9a8de03213e0ac7f7767452341bf79edc3d976615c3099248fc0b29544461,2025-02-21T18:15:20.550000
+CVE-2025-1404,1,1,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000
 CVE-2025-1405,0,0,f79a249eed6f1df2e72b69769faa924709e9a914f91232fbbc17335baa300615,2025-02-28T07:15:34.063000
 CVE-2025-1406,0,0,6fbc92715581c083383884df65716e311e7920e9986e87816bf21c4af15408ec,2025-02-25T03:38:24.303000
 CVE-2025-1407,0,0,81ebc501504f4e0e97111e960151a7a649f1ecbd9d904ea14ecfe9745b475037,2025-02-25T03:37:32.347000
@@ -280795,7 +280797,7 @@ CVE-2025-1756,0,0,20464066b464a87a383feb7ebdf7bcca2a5e74a3cb642d459cada04b2b771e
 CVE-2025-1757,0,0,2561a8f5c53734c028e83a6bda94ef29e169c9eb7376cb65d67bea6c6b2880de,2025-02-28T05:15:34.097000
 CVE-2025-1776,0,0,1a12423b233b2ef4ba69976c3f13498310a33efb7f09102cfb934a1191ac53f0,2025-02-28T14:15:35.943000
 CVE-2025-1780,0,0,226a30a5273cda636f0411ff11753517352eef60dfa6b2b998a1836a6dc818bf,2025-03-01T04:15:09.713000
-CVE-2025-1786,1,1,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88b0,2025-03-01T10:15:11.683000
+CVE-2025-1786,0,0,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88b0,2025-03-01T10:15:11.683000
 CVE-2025-1795,0,0,70fd77cb540d3bda179678e58a7ef81c271cc3e16d5d4d855b724aa1245ec66f,2025-02-28T21:15:27.570000
 CVE-2025-1803,0,0,61b8ea959516cf458cfa0ea204219ee983e8adc2cba473f893652a1e07a05d40,2025-03-01T01:15:28.077000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000