Auto-Update: 2024-06-29T08:00:46.812704+00:00

CVE-2024/CVE-2024-393xx/CVE-2024-39331.json

@@ -2,8 +2,9 @@
   "id": "CVE-2024-39331",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-06-23T22:15:09.370",
-  "lastModified": "2024-06-24T12:57:36.513",
+  "lastModified": "2024-06-29T07:15:02.060",
   "vulnStatus": "Awaiting Analysis",
+  "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
@@ -28,6 +29,14 @@
       "url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/",
       "source": "cve@mitre.org"
     },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html",
       "source": "cve@mitre.org"

CVE-2024/CVE-2024-56xx/CVE-2024-5666.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-5666",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-29T07:15:02.657",
+  "lastModified": "2024-06-29T07:15:02.657",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/button/widgets/ee-button.php#L88",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3104024/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/extensions-for-elementor/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63306df3-4972-426f-bfda-6af75a09971c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-57xx/CVE-2024-5790.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-5790",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-29T07:15:03.130",
+  "lastModified": "2024-06-29T07:15:03.130",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.11.0/widgets/gradient-heading/widget.php#L260",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3108597/#file575",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/happy-elementor-addons/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-63xx/CVE-2024-6363.json

@@ -0,0 +1,52 @@
+{
+  "id": "CVE-2024-6363",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-29T07:15:03.357",
+  "lastModified": "2024-06-29T07:15:03.357",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/stock-ticker/trunk/stock-ticker.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/stock-ticker/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/280a5d6d-192a-43aa-927e-45c50b126463?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-06-29T06:00:50.254582+00:00
+2024-06-29T08:00:46.812704+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-06-29T05:15:03.560000+00:00
+2024-06-29T07:15:03.357000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,24 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-255487
+255490
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `3`
 
-- [CVE-2024-5192](CVE-2024/CVE-2024-51xx/CVE-2024-5192.json) (`2024-06-29T05:15:02.633`)
+- [CVE-2024-5666](CVE-2024/CVE-2024-56xx/CVE-2024-5666.json) (`2024-06-29T07:15:02.657`)
-- [CVE-2024-5598](CVE-2024/CVE-2024-55xx/CVE-2024-5598.json) (`2024-06-29T05:15:02.960`)
+- [CVE-2024-5790](CVE-2024/CVE-2024-57xx/CVE-2024-5790.json) (`2024-06-29T07:15:03.130`)
-- [CVE-2024-5889](CVE-2024/CVE-2024-58xx/CVE-2024-5889.json) (`2024-06-29T05:15:03.163`)
+- [CVE-2024-6363](CVE-2024/CVE-2024-63xx/CVE-2024-6363.json) (`2024-06-29T07:15:03.357`)
-- [CVE-2024-5942](CVE-2024/CVE-2024-59xx/CVE-2024-5942.json) (`2024-06-29T05:15:03.360`)
-- [CVE-2024-6265](CVE-2024/CVE-2024-62xx/CVE-2024-6265.json) (`2024-06-29T05:15:03.560`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2024-39331](CVE-2024/CVE-2024-393xx/CVE-2024-39331.json) (`2024-06-29T07:15:02.060`)
 
 
 ## Download and Usage

_state.csv

@@ -253800,7 +253800,7 @@ CVE-2024-39307,0,0,05e9bf14558e867bd628ea69c84a9164178632e38f111da57b0b92f168ed1
 CVE-2024-3931,0,0,ff26b5a8728d6a7f3e1f8095f9d431d98f0c624577950ceaf4dc1cf9ad688034,2024-06-06T20:15:13.933000
 CVE-2024-3932,0,0,371291a71f9c99e371f96e7d7b61e3e11967567047c07fae80310c4772d1c0c7,2024-06-06T20:15:14.030000
 CVE-2024-3933,0,0,1d08d4e317596700be65ef5300f76b449794bb2d8b1542a98c34b9cd74fea015,2024-05-28T12:39:28.377000
-CVE-2024-39331,0,0,d1461e039a637b8713f6e32e0beebb2ef4c2e762f105aa6c4f21bab6716eddb8,2024-06-24T12:57:36.513000
+CVE-2024-39331,0,1,c5bb3e665b31aacdbf907c7032da4f6d49d6bc82a59a96e6be39b1d4f66a92fd,2024-06-29T07:15:02.060000
 CVE-2024-39334,0,0,7a242c73a28ed17874e43348a26da2104869d7ef8d91c48fe0d8d7e00f57c31d,2024-06-24T12:57:36.513000
 CVE-2024-39337,0,0,7c96f97902de4594057b22d7507f3218093cc9f703d055990179db138387110a,2024-06-24T12:57:36.513000
 CVE-2024-39347,0,0,f5c35927ca6bc6b01c0289886e48e1c26a8232470e7aa98c1613809c151fa9f4,2024-06-28T10:27:00.920000
@@ -254834,7 +254834,7 @@ CVE-2024-5188,0,0,f341cd733a67fef7a36812a8f7aa63c3db307a7b91bf1e7665add6435f1983
 CVE-2024-5189,0,0,cd3bb13050c91870eb5838446a9e82835db405d95874bd44f6318a59b19e235d,2024-06-13T18:36:45.417000
 CVE-2024-5190,0,0,e11755e15485ad7d65ed59ac9abe5cac7f4b4c3e2591d1a6c69b4386ed9dea65,2024-05-22T03:15:08.273000
 CVE-2024-5191,0,0,db26f7ce160c714e95bc5c218e0073766ff2ed099b5e6969334cbfc827ce4bc3,2024-06-24T19:25:23.943000
-CVE-2024-5192,1,1,3c230b3cf3fe47e3d1f4926ac3672564b60cfa39d9ae8d2b56d3ca83ded8367e,2024-06-29T05:15:02.633000
+CVE-2024-5192,0,0,3c230b3cf3fe47e3d1f4926ac3672564b60cfa39d9ae8d2b56d3ca83ded8367e,2024-06-29T05:15:02.633000
 CVE-2024-5193,0,0,4619a3332fd1de828c7e949279cabe4a2b063d71a4e227126d8bf6d303fb6eb4,2024-06-04T19:21:01.867000
 CVE-2024-5194,0,0,2277a7390d0159b3dc2e5dfd100175220ffc5f5725f8c88a7a9344e62a79d516,2024-06-04T19:21:01.977000
 CVE-2024-5195,0,0,f6d192ea152622e2514b6c95ac0c9e8770ec516eb328b6bc7a2579d1133e54f5,2024-06-04T19:21:02.077000
@@ -255118,7 +255118,7 @@ CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047
 CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000
 CVE-2024-5596,0,0,c69cbcadf0a7f1e5940d842c2c9e90907cbda728581a745e7acd494576e03c9c,2024-06-24T12:57:36.513000
 CVE-2024-5597,0,0,652827ff26b80eabae5b3eddf519a61b0da7de181ce61fd257911ec48c45cdb0,2024-06-12T18:10:47.080000
-CVE-2024-5598,1,1,e13a2fe84ae10d8311262597dd4e191e606f9d3516d698c1f81e020875524ff5,2024-06-29T05:15:02.960000
+CVE-2024-5598,0,0,e13a2fe84ae10d8311262597dd4e191e606f9d3516d698c1f81e020875524ff5,2024-06-29T05:15:02.960000
 CVE-2024-5599,0,0,e4d8d3217ca804a33354b51b54e1f3f41ce0e1fc1f554dedfe90ad1a46a87370,2024-06-11T18:24:39.057000
 CVE-2024-5601,0,0,e22064ef868b7763ab6a035a66dc94fbf47f776f059b7b471d5873c49e582f7a,2024-06-28T13:25:40.677000
 CVE-2024-5605,0,0,4bb70fac398eb5e1fc6a3b8761dcfee9993510711b196c5d9f90dc1e34c785a3,2024-06-20T12:43:25.663000
@@ -255151,6 +255151,7 @@ CVE-2024-5661,0,0,e5f9f024a347e2b9638122ecde70323a03d416b3bde93f8e4f604cfeef08f4
 CVE-2024-5662,0,0,c30bff5b2d503274ccfb42c77a6a2f90af33779b4134c5919fad644e092eec26,2024-06-28T10:27:00.920000
 CVE-2024-5663,0,0,e65ed9bd668d6456ce5b39954ddd0ae3860f1cde2bd069c4d43e4b5601627808,2024-06-10T02:52:08.267000
 CVE-2024-5665,0,0,cf98b8118d31a45b868938fcf4b0239a4be77d7cb3995f06e552251067a9cecd,2024-06-11T17:47:45.033000
+CVE-2024-5666,1,1,216f6c3c676318b1a01a4cbe684273cb5693f89e561491e3438b8a8902cec499,2024-06-29T07:15:02.657000
 CVE-2024-5671,0,0,b302da9933b51baa02aebe638443397fc8a4c366af898c1301a8da6525832546,2024-06-17T12:42:04.623000
 CVE-2024-5673,0,0,f6db27a8b7c99bb0a58922425d96edcb461eeb527f78adfd8d9aed9c99330140,2024-06-11T18:17:10.037000
 CVE-2024-5674,0,0,69b0f5cdcc6414c1b3093ac76e322fc42e17eb869b8f1b328084f458395232cf,2024-06-13T18:36:09.010000
@@ -255224,6 +255225,7 @@ CVE-2024-5785,0,0,b8e4d96c063df13aad53416cef79463db3c390621a0b569b6ab0f4db2568be
 CVE-2024-5786,0,0,ed5396800d42f59a8cc5d452fd1faa0265b1965bb10ec68fd437a404a4a909e1,2024-06-10T18:06:22.600000
 CVE-2024-5787,0,0,a3d405a0f4e66faab3a863affeada58e47a227c5d73cf2b53ea525af4385d342,2024-06-13T18:36:09.010000
 CVE-2024-5788,0,0,b8c011e09345f8c438c15d748dc7ecb5f2eb62164ea0c1da7169d985a2f9f593,2024-06-28T10:27:00.920000
+CVE-2024-5790,1,1,9c5672e7c8447f1c23a1162576a1988a6667325985072690c0490fecebaca8d3,2024-06-29T07:15:03.130000
 CVE-2024-5791,0,0,424014ca254e257c8c57009775e061d0dd2abf87fc81691a50ea6d1a360bb310,2024-06-24T20:00:46.390000
 CVE-2024-5796,0,0,ee9ea77d6816c67e871ce0ce39c4d235af8efb4db7bec50166a494d6f8b7e47e,2024-06-28T10:27:00.920000
 CVE-2024-5798,0,0,f6c60b5ac812e7711b355fdc9c4ea7ca1c381d5fa9189e95b5ac079c15b31d9c,2024-06-13T18:36:09.010000
@@ -255269,7 +255271,7 @@ CVE-2024-5871,0,0,83e6d3ea3d7363cdcbcb485d9161ada2b3d6bba887290fa58ab89820983d40
 CVE-2024-5873,0,0,4affe4b1f71505ca05298a33c7e23c3ae147869580237755bed2d180fbea1b8e,2024-06-12T08:15:51.550000
 CVE-2024-5885,0,0,3a664b64c018213b23c270dac1c0f4e2c55b9d60dc4c41c7b81af3f039474644,2024-06-27T19:25:12.067000
 CVE-2024-5886,0,0,0c13c4ee009af0d9946120b2238809bd0a7459b4e90701a2a72b91121b1d711b,2024-06-20T11:15:56.580000
-CVE-2024-5889,1,1,7e47d1cc1487a1c728e02e89ddc97c090aaa466e38de6f396d9fcc1fa4a41e2e,2024-06-29T05:15:03.163000
+CVE-2024-5889,0,0,7e47d1cc1487a1c728e02e89ddc97c090aaa466e38de6f396d9fcc1fa4a41e2e,2024-06-29T05:15:03.163000
 CVE-2024-5891,0,0,da4ba5748ecb097f5befd86d4787f2c76143132bf594110b21f16b774e08e15d,2024-06-13T18:36:09.010000
 CVE-2024-5892,0,0,890747e3858b777381fac245c58cda030faeadae1530ec4012d9670fde261a4e,2024-06-13T18:36:09.013000
 CVE-2024-5893,0,0,8bbdd4fceee6f55f46acaf4e2e772cd5b071a8548251271838818c6acd356beb,2024-06-13T18:36:09.010000
@@ -255292,7 +255294,7 @@ CVE-2024-5933,0,0,43c62c8c7b78a3986e6c8a8e384c2c83973a07919e7ff71c58e74be82b63ae
 CVE-2024-5934,0,0,688a30e1a6237b69634d3ab7eb078a5b0fdbb09f93730eb6244fa568165f0ccc,2024-06-14T16:15:14.647000
 CVE-2024-5935,0,0,21662e5830e79e4b40d11ee8d4ca61a28a55ce393198f32f5a0fb22a492448a1,2024-06-27T19:25:12.067000
 CVE-2024-5936,0,0,dab5c088e03544c88b5524610f0cab10458f16230a50e10902868220b9e1d9db,2024-06-27T19:25:12.067000
-CVE-2024-5942,1,1,6c80720c7f6bd9221067ffb9049ae40638208143a0c09422dec3a112025682dc,2024-06-29T05:15:03.360000
+CVE-2024-5942,0,0,6c80720c7f6bd9221067ffb9049ae40638208143a0c09422dec3a112025682dc,2024-06-29T05:15:03.360000
 CVE-2024-5945,0,0,16d17edcf79dde7bc004547e40419569c5bdcb3c9d1fafd4da124c600699d701,2024-06-24T19:24:00.433000
 CVE-2024-5947,0,0,7906fe5496c2633ac624599b4fcbe00d50eb988a8b518b82e602f8ca90719dc3,2024-06-17T12:43:31.090000
 CVE-2024-5948,0,0,b50c023e3e038877d6c3f637d61b3c39fec4c81c008590663dc7a0096fec685c,2024-06-17T12:43:31.090000
@@ -255435,7 +255437,7 @@ CVE-2024-6252,0,0,468e259f2025efbae92579ad89a45c9f2c8b2e33c6f209272de57a1e66debc
 CVE-2024-6253,0,0,a6e4514e5a27665a5cb6260b36ae56e5c2da14fd9a2d1da643a44ff2f3f2cb21,2024-06-25T18:15:12
 CVE-2024-6257,0,0,2981da6c17c705bcf0d80e44b1fa14b0c6655b2077fb275b971c6bc5c7c2b720,2024-06-25T18:50:42.040000
 CVE-2024-6262,0,0,f703f7a7fbd3e1fe9efa1e5946752e209a081bf36124182aca731e3f05a363a4,2024-06-27T12:47:19.847000
-CVE-2024-6265,1,1,96348ec2c6d9dc31030876ca82de9102405c4d596533b9d110ab32d0dabb7540,2024-06-29T05:15:03.560000
+CVE-2024-6265,0,0,96348ec2c6d9dc31030876ca82de9102405c4d596533b9d110ab32d0dabb7540,2024-06-29T05:15:03.560000
 CVE-2024-6266,0,0,f14331da5cd861226d53e015f2a1f08c9e1d5e7f7b1b843a3feb7cb151cc145a,2024-06-24T12:57:36.513000
 CVE-2024-6267,0,0,d0d81696a0fe56042eb20b9f0c7d606c3ec4ab44f43adaf7633e08749cae8d6a,2024-06-24T15:15:12.093000
 CVE-2024-6268,0,0,f6b5ab227c5a0cba5e0d9764b3a65d1dea83e5d9d7e49ede9770a3daceae2872,2024-06-26T20:15:16.893000
@@ -255474,6 +255476,7 @@ CVE-2024-6344,0,0,f8fe072181ab91a453822e0b523eb31f74817bc4efb68c7d2134a2d41a8e35
 CVE-2024-6349,0,0,f01d61e3475192c945ec3639c2eda3b231a23d2f279c2f15b4719385fb2bd065,2024-06-26T15:15:20.690000
 CVE-2024-6354,0,0,b70a2915a44ee7e7e6c00925c9a92ab9e6b070beaff28ea6d89d1a4dcb2a10e6,2024-06-27T12:47:19.847000
 CVE-2024-6355,0,0,ae01fd3dff3a0136dc0dcda0f0c62bd72a4c84afe63740fbe5ae0aaceef04f3e,2024-06-27T14:15:16.753000
+CVE-2024-6363,1,1,e30e8346126e4db25622d7bfa0069b0e508a00cde2d6a89673dad355bdfc62a0,2024-06-29T07:15:03.357000
 CVE-2024-6367,0,0,7207995286cd77894417e443ceec13186f4617a3d835dc70f545e6022e4f6dc9,2024-06-27T12:47:19.847000
 CVE-2024-6368,0,0,15233ad7ff1f989e7bdf86db89d9527b042f90cc8844e61c0b9d2d12d522b414,2024-06-27T18:15:21.083000
 CVE-2024-6369,0,0,c793378edfea0b2a8c32a50d08899943167a983433e0948af5044c43e0a7ad33,2024-06-27T12:47:19.847000