From 388c60c56fbf008d8924f3c9f4157f10a29f0def Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 1 Mar 2025 13:03:47 +0000 Subject: [PATCH] Auto-Update: 2025-03-01T13:00:19.239201+00:00 --- CVE-2024/CVE-2024-138xx/CVE-2024-13833.json | 60 +++++++++++++++++ CVE-2025/CVE-2025-14xx/CVE-2025-1404.json | 72 +++++++++++++++++++++ README.md | 16 ++--- _state.csv | 14 ++-- 4 files changed, 146 insertions(+), 16 deletions(-) create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13833.json create mode 100644 CVE-2025/CVE-2025-14xx/CVE-2025-1404.json diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13833.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13833.json new file mode 100644 index 00000000000..64ccefe4c41 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13833.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13833", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-01T12:15:33.230", + "lastModified": "2025-03-01T12:15:33.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Album Gallery \u2013 WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3246291/new-album-gallery", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7075a6-5609-42ab-a4cb-9d33686c7de0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1404.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1404.json new file mode 100644 index 00000000000..60ac94367ae --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1404.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-1404", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-01T12:15:34.310", + "lastModified": "2025-03-01T12:15:34.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/class-secure-copy-content-protection-admin.php#L943", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/js/secure-copy-content-protection-admin.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3246301", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/secure-copy-content-protection/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7363b5de-db30-4b35-b701-5c8f2835ec6c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2577f736f88..1d8407137df 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-01T11:00:19.637851+00:00 +2025-03-01T13:00:19.239201+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-01T10:15:11.683000+00:00 +2025-03-01T12:15:34.310000+00:00 ``` ### Last Data Feed Release @@ -33,19 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -283587 +283589 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `2` -- [CVE-2024-13546](CVE-2024/CVE-2024-135xx/CVE-2024-13546.json) (`2025-03-01T10:15:10.207`) -- [CVE-2024-13611](CVE-2024/CVE-2024-136xx/CVE-2024-13611.json) (`2025-03-01T09:15:09.220`) -- [CVE-2024-13697](CVE-2024/CVE-2024-136xx/CVE-2024-13697.json) (`2025-03-01T09:15:09.370`) -- [CVE-2024-13910](CVE-2024/CVE-2024-139xx/CVE-2024-13910.json) (`2025-03-01T09:15:09.517`) -- [CVE-2025-1291](CVE-2025/CVE-2025-12xx/CVE-2025-1291.json) (`2025-03-01T09:15:09.710`) -- [CVE-2025-1786](CVE-2025/CVE-2025-17xx/CVE-2025-1786.json) (`2025-03-01T10:15:11.683`) +- [CVE-2024-13833](CVE-2024/CVE-2024-138xx/CVE-2024-13833.json) (`2025-03-01T12:15:33.230`) +- [CVE-2025-1404](CVE-2025/CVE-2025-14xx/CVE-2025-1404.json) (`2025-03-01T12:15:34.310`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 84dcb026014..46764a57110 100644 --- a/_state.csv +++ b/_state.csv @@ -247477,7 +247477,7 @@ CVE-2024-13542,0,0,20f9c26c58c33c18bfa9db172ebf7a3744023b74b8c8426c5f8aa545e507f CVE-2024-13543,0,0,313912351d5c53f4223a6d5b805b81f4ef85173ca4b09805270d61361b904099,2025-02-20T16:09:08.567000 CVE-2024-13544,0,0,40fd8d3043f2111bdb8eb0b8c5ce28fe2ce983b5b6a5fd7fe7c1666b74685deb,2025-02-20T16:11:08.567000 CVE-2024-13545,0,0,87a0f57604fe27d4ee9df650772826f7d7900467d357a9ad3aa561d00273e2a6,2025-02-05T17:12:11.700000 -CVE-2024-13546,1,1,63a860527663231f9bf1584d55966af9163c037835d8ace637da70afd0f2dc57,2025-03-01T10:15:10.207000 +CVE-2024-13546,0,0,63a860527663231f9bf1584d55966af9163c037835d8ace637da70afd0f2dc57,2025-03-01T10:15:10.207000 CVE-2024-13547,0,0,1e79ecfe46a254b42d924ae276e55ad400567d9e48a334180905a7986300687f,2025-02-24T16:16:56.543000 CVE-2024-13548,0,0,ce678384d6879b1518296d0bd59d7e5e9b3276f2861356166fcc86ea2354903e,2025-02-04T19:27:08.967000 CVE-2024-13549,0,0,bcedd6d4c0f25a57faa8365d40ac3a95b68e2d0adaafc3f3f6fa713e56e46afc,2025-01-31T18:10:28.800000 @@ -247536,7 +247536,7 @@ CVE-2024-13607,0,0,971007da10a9fc294b65e85316c324b849c3e2d15fb730239949152f9e552 CVE-2024-13608,0,0,b8b173401de3e1097c36a401f8928ae8cd5257912fc8cac1e3eea9f3234c491d,2025-02-19T19:15:14.260000 CVE-2024-13609,0,0,007c027106c3ec1d23edeaef367a828bff90431ee7cff957b7b00cd86e9cc2ee,2025-02-21T16:06:13.673000 CVE-2024-1361,0,0,97ae7bef997d0711a578d7bb7fe15767bd1e10109291fe764008616829a40faf,2025-01-15T18:39:23.493000 -CVE-2024-13611,1,1,adaf5b73e8fe9d66812dd3def28511b2d973fce9d240d376175277fce2929fa3,2025-03-01T09:15:09.220000 +CVE-2024-13611,0,0,adaf5b73e8fe9d66812dd3def28511b2d973fce9d240d376175277fce2929fa3,2025-03-01T09:15:09.220000 CVE-2024-13612,0,0,b4eebc3a0ba94cd7de5a857ae3d4519c3aaa03da31361c68d970a3c283ce20a7,2025-02-20T16:51:45.987000 CVE-2024-13614,0,0,e58c8adf8c29e7e85021326638f400d4333ddf67f47f6ad8c608c33ab2021149,2025-02-06T17:15:18.080000 CVE-2024-1362,0,0,1bf34831bc70bdad1bc996e752545d1e0c7befef2013c4482e56f5d7529aa921,2025-01-15T18:40:30.490000 @@ -247606,7 +247606,7 @@ CVE-2024-13693,0,0,f0cf4256d62cf2043dd430ed11196d9b70e2b2d1990b02789144ac56c8565 CVE-2024-13694,0,0,f76307657ffe1cf961458e88374ab5be6334165284f8bcf86e9ac130fdc702fd,2025-02-04T18:47:41.800000 CVE-2024-13695,0,0,8ff53e1c24294038725eeb5009487732d909b54f14df48126e66c23934ff0d91,2025-02-28T01:30:32.830000 CVE-2024-13696,0,0,ddda7d8ee3b5db6631ae21ebb6abc15e9b483b8978d4e9a66c9fc1507010682e,2025-01-29T08:15:19.677000 -CVE-2024-13697,1,1,068c9e165f4106c3b943dce2e334fc13af23c8d9d6418a3e81429f2272641ed4,2025-03-01T09:15:09.370000 +CVE-2024-13697,0,0,068c9e165f4106c3b943dce2e334fc13af23c8d9d6418a3e81429f2272641ed4,2025-03-01T09:15:09.370000 CVE-2024-13698,0,0,ea43a0ffeb82eb62bdf790bb3904a4694fa6ec80884e9d936dc30a8e05897d00,2025-02-07T20:15:27.277000 CVE-2024-13699,0,0,6c179d99e1e68d225e4cf32bfc134108fb7e1de353e5a047f158d68ed9ec8ab3,2025-02-05T18:33:09.660000 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000 @@ -247691,6 +247691,7 @@ CVE-2024-1383,0,0,aa117bb4caae4c90c9ef562f3b17aec83c186c85e2ed83fcc25ce7b11090cf CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000 CVE-2024-13831,0,0,dc606325056ecb3af1d0abdf4906087df581d7aaf8a47f4b06428d6e01b13004,2025-02-28T09:15:10.400000 CVE-2024-13832,0,0,ec5b2acd93db5978e9a901bf338782a10b26bfa5fce10324f0a5b3fac0b88ab1,2025-02-28T09:15:10.570000 +CVE-2024-13833,1,1,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000 CVE-2024-13834,0,0,43e5ae6cc904537a30eeccc37c7b9a07fd2bfb264b9574278bc2a72960c00c36,2025-02-24T12:37:18.957000 CVE-2024-13837,0,0,b186071e4ea62233d731f5821d490b3ab777186a5f4da25e22f6fedfafcbdd0c,2025-02-17T19:15:09.463000 CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000 @@ -247723,7 +247724,7 @@ CVE-2024-13901,0,0,b4d4185fc2cf368e3c24da5377f1f5ad78958c5d2f761e097232a413aff59 CVE-2024-13905,0,0,ddbce989e5316ebad241003772bca4cc3c14da0675ffb5196a1949f804fd0fe7,2025-02-27T05:15:13.610000 CVE-2024-13907,0,0,640813e4cb98565656c38dccbed289cbd873b305c530875f889d8d7ed33bbdce,2025-02-27T07:15:33.543000 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000 -CVE-2024-13910,1,1,1da974c8b4278339ddaf4e1b70396d7d0139387963424ab28e0cb7907c842a5e,2025-03-01T09:15:09.517000 +CVE-2024-13910,0,0,1da974c8b4278339ddaf4e1b70396d7d0139387963424ab28e0cb7907c842a5e,2025-03-01T09:15:09.517000 CVE-2024-13911,0,0,5c6ec30a98a23b22a75401ffb9290b39df569bd0f5609894fc8fdc52c5d0d4f8,2025-03-01T08:15:33.803000 CVE-2024-1392,0,0,7d376d426c7bde42291bb43e543815dd80a04cb004b570eb44a0e5840366c498,2025-01-17T19:53:57.010000 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000 @@ -280608,7 +280609,7 @@ CVE-2025-1270,0,0,a0fba4bca59afda304bf8335640266a3acf6a1624640bee675db51d94e9fc4 CVE-2025-1271,0,0,0359319eae8a142a0720b34e58c3d3808902c47ddd06a524c0e8a18f2f2f366a,2025-02-13T13:15:09.433000 CVE-2025-1282,0,0,8085f605dd153bbf0a8c66b972f09c50b99fc10a9dd97a78634e0e3f074d92b4,2025-02-27T09:15:10.160000 CVE-2025-1283,0,0,afbf73056779c2284deff120b8f7806be9c37e816574c79d2148aa8a36b813a0,2025-02-13T22:15:11.413000 -CVE-2025-1291,1,1,bb482c13e6ea46eaa51479ea468a757d12dfa1292b1f2ec778322441cd52e4d5,2025-03-01T09:15:09.710000 +CVE-2025-1291,0,0,bb482c13e6ea46eaa51479ea468a757d12dfa1292b1f2ec778322441cd52e4d5,2025-03-01T09:15:09.710000 CVE-2025-1293,0,0,dbd776d425a4170ebc67e8f467d76fdb1a678c6cc6717d2977a3876685bd7d30,2025-02-20T01:15:09.950000 CVE-2025-1295,0,0,675204ae0772f088026fc7f2412f8ab28c43fc8efc072775299de73d53b5b7cf,2025-02-27T06:15:21.990000 CVE-2025-1298,0,0,3dd2689cd87b723cb3286c5171c05d1ec556a4e424788772bb6ebd63733b94f4,2025-02-18T15:15:18.007000 @@ -280659,6 +280660,7 @@ CVE-2025-1391,0,0,6fee9eda29ef94ebb6c29d27c38776c5f8bb1fbd11f215f0e687819427cb50 CVE-2025-1392,0,0,8e4405371022efbf780ff58db6d926727305203f058fec61ae92b5e8fa805a81,2025-02-17T16:15:16.120000 CVE-2025-1402,0,0,c23c451cfa1d570fb16b3d38ae224aa085b42cdb084d4b1dbd67b0732fd42aba,2025-02-25T04:04:59.860000 CVE-2025-1403,0,0,cdf9a8de03213e0ac7f7767452341bf79edc3d976615c3099248fc0b29544461,2025-02-21T18:15:20.550000 +CVE-2025-1404,1,1,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000 CVE-2025-1405,0,0,f79a249eed6f1df2e72b69769faa924709e9a914f91232fbbc17335baa300615,2025-02-28T07:15:34.063000 CVE-2025-1406,0,0,6fbc92715581c083383884df65716e311e7920e9986e87816bf21c4af15408ec,2025-02-25T03:38:24.303000 CVE-2025-1407,0,0,81ebc501504f4e0e97111e960151a7a649f1ecbd9d904ea14ecfe9745b475037,2025-02-25T03:37:32.347000 @@ -280795,7 +280797,7 @@ CVE-2025-1756,0,0,20464066b464a87a383feb7ebdf7bcca2a5e74a3cb642d459cada04b2b771e CVE-2025-1757,0,0,2561a8f5c53734c028e83a6bda94ef29e169c9eb7376cb65d67bea6c6b2880de,2025-02-28T05:15:34.097000 CVE-2025-1776,0,0,1a12423b233b2ef4ba69976c3f13498310a33efb7f09102cfb934a1191ac53f0,2025-02-28T14:15:35.943000 CVE-2025-1780,0,0,226a30a5273cda636f0411ff11753517352eef60dfa6b2b998a1836a6dc818bf,2025-03-01T04:15:09.713000 -CVE-2025-1786,1,1,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88b0,2025-03-01T10:15:11.683000 +CVE-2025-1786,0,0,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88b0,2025-03-01T10:15:11.683000 CVE-2025-1795,0,0,70fd77cb540d3bda179678e58a7ef81c271cc3e16d5d4d855b724aa1245ec66f,2025-02-28T21:15:27.570000 CVE-2025-1803,0,0,61b8ea959516cf458cfa0ea204219ee983e8adc2cba473f893652a1e07a05d40,2025-03-01T01:15:28.077000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000