Auto-Update: 2024-08-01T12:00:16.698172+00:00

2025-05-08 19:47:09 +00:00 · 2024-08-01 12:03:11 +00:00 · 2024-08-01 12:03:11 +00:00 · 3d33ee7479
commit 3d33ee7479
parent d3dab1faa8
3 changed files with 92 additions and 39 deletions
--- a/CVE-2024/CVE-2024-63xx/CVE-2024-6346.json
+++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6346.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-6346",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-08-01T10:15:02.023",
+  "lastModified": "2024-08-01T10:15:02.023",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Gutenberg Blocks, Page Builder \u2013 ComboBlocks para WordPress es vulnerable a Cross Site Scripting almacenados\u00a1 a trav\u00e9s del par\u00e1metro redirectURL del widget Date Countdown, en todas las versiones hasta la 2.2.85a incluida, debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.84/includes/blocks/date-countdown/front-scripts.js#L117",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.84/includes/blocks/date-countdown/index.php#L283",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1512d911-167f-4653-ab20-cb057b83dab1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-08-01T10:00:16.930093+00:00
+2024-08-01T12:00:16.698172+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-08-01T09:15:03.097000+00:00
+2024-08-01T10:15:02.023000+00:00
 ```

 ### Last Data Feed Release
@ -33,36 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-258727
+258728
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `1`

- [CVE-2024-25948](CVE-2024/CVE-2024-259xx/CVE-2024-25948.json) (`2024-08-01T08:15:02.203`)
- [CVE-2024-28972](CVE-2024/CVE-2024-289xx/CVE-2024-28972.json) (`2024-08-01T08:15:02.520`)
- [CVE-2024-38481](CVE-2024/CVE-2024-384xx/CVE-2024-38481.json) (`2024-08-01T08:15:02.767`)
- [CVE-2024-38489](CVE-2024/CVE-2024-384xx/CVE-2024-38489.json) (`2024-08-01T08:15:02.980`)
- [CVE-2024-38490](CVE-2024/CVE-2024-384xx/CVE-2024-38490.json) (`2024-08-01T08:15:03.187`)
+- [CVE-2024-6346](CVE-2024/CVE-2024-63xx/CVE-2024-6346.json) (`2024-08-01T10:15:02.023`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `12`
+Recently modified CVEs: `0`

- [CVE-2022-24975](CVE-2022/CVE-2022-249xx/CVE-2022-24975.json) (`2024-08-01T09:15:02.447`)
- [CVE-2024-41684](CVE-2024/CVE-2024-416xx/CVE-2024-41684.json) (`2024-08-01T08:15:03.390`)
- [CVE-2024-41685](CVE-2024/CVE-2024-416xx/CVE-2024-41685.json) (`2024-08-01T08:15:03.547`)
- [CVE-2024-41686](CVE-2024/CVE-2024-416xx/CVE-2024-41686.json) (`2024-08-01T08:15:03.640`)
- [CVE-2024-41687](CVE-2024/CVE-2024-416xx/CVE-2024-41687.json) (`2024-08-01T08:15:03.730`)
- [CVE-2024-41688](CVE-2024/CVE-2024-416xx/CVE-2024-41688.json) (`2024-08-01T08:15:03.817`)
- [CVE-2024-41689](CVE-2024/CVE-2024-416xx/CVE-2024-41689.json) (`2024-08-01T08:15:03.907`)
- [CVE-2024-41690](CVE-2024/CVE-2024-416xx/CVE-2024-41690.json) (`2024-08-01T08:15:03.990`)
- [CVE-2024-41691](CVE-2024/CVE-2024-416xx/CVE-2024-41691.json) (`2024-08-01T08:15:04.083`)
- [CVE-2024-41692](CVE-2024/CVE-2024-416xx/CVE-2024-41692.json) (`2024-08-01T08:15:04.173`)
- [CVE-2024-6975](CVE-2024/CVE-2024-69xx/CVE-2024-6975.json) (`2024-08-01T09:15:03.097`)
- [CVE-2024-7302](CVE-2024/CVE-2024-73xx/CVE-2024-7302.json) (`2024-08-01T07:15:03.300`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -193982,7 +193982,7 @@ CVE-2022-24971,0,0,b0ec64ce85d02676128b2391e83c3a0904b022f7f222dffc5466868a30d12
 CVE-2022-24972,0,0,8ca286053ef211cb717e8d7ba05404f77cb656fa6c149573f4f398c341507249,2023-04-05T03:34:41.627000
 CVE-2022-24973,0,0,6650a12e7f7242fbdbdddfd89df53b30a62a61449f0bbf1e3070c5cf8806ef6a,2023-04-05T03:35:31.440000
 CVE-2022-24974,0,0,fba3a9c12ff147ef841443e5fe2e4f3e297e031a813c3be9c249e2f40a5ba227,2022-05-11T00:21:33.083000
-CVE-2022-24975,0,1,60a38241a1999df0b051f185d939ee92807ebaf4a33cfc59a64a863ae2e75245,2024-08-01T09:15:02.447000
+CVE-2022-24975,0,0,60a38241a1999df0b051f185d939ee92807ebaf4a33cfc59a64a863ae2e75245,2024-08-01T09:15:02.447000
 CVE-2022-24976,0,0,9d164c5ffac11b9a353375464b382d1507e31d1dcd0776c643e98607a371d3ac,2022-02-23T15:51:09.573000
 CVE-2022-24977,0,0,991181fb0f347b7660a40d47a98a2df1472959b4e57cf91f9ea277e9ff907058,2022-02-24T15:12:00.587000
 CVE-2022-24978,0,0,50d845b969b7e012c0869852e6f86b59f8ebbb78f2d6ace97d66ac19b3bf3cde,2023-08-08T14:22:24.967000
@ -246478,7 +246478,7 @@ CVE-2024-25943,0,0,d506e8c730696f4b2f3434da5ff1d66664f3a0f52ba266f85b5b04d36f260
 CVE-2024-25944,0,0,ab1a6f9559c2c17591ef013078bdc7d1074a6939146b74afdf8354c958a2a210,2024-04-01T01:12:59.077000
 CVE-2024-25946,0,0,a113fddf4e672678a1d14cda275154cb9972765501ae2bed1e5e6a531e4a4550,2024-03-28T20:53:20.813000
 CVE-2024-25947,0,0,485470e617d7bd91b0ac4d1200f519b4198e68df5c5f6a749aa66b3078909a80,2024-08-01T07:15:02.140000
-CVE-2024-25948,1,1,b1a8daba18f532e18688c786c199b0f61a9f31e5acabf8fcf1766745102f2aa8,2024-08-01T08:15:02.203000
+CVE-2024-25948,0,0,b1a8daba18f532e18688c786c199b0f61a9f31e5acabf8fcf1766745102f2aa8,2024-08-01T08:15:02.203000
 CVE-2024-25949,0,0,cf19f3ab0bbae3d1ff74313cc0fe0f90bdd6c260c977bc35c843079a46627a59,2024-06-13T18:36:09.010000
 CVE-2024-2595,0,0,e521c63ef6b03578b7bb7372b5bef2fecd2a3eebcba151ea7fc07a4fe787ff2a,2024-03-18T19:40:00.173000
 CVE-2024-25951,0,0,3b1032e7dee2277c1cd9087f14c93f6b15f85f0de6dddc7df9693edc271d4b00,2024-03-11T01:32:39.697000
@ -248734,7 +248734,7 @@ CVE-2024-28969,0,0,9aaf419f4a0f5578c1d360d21c88466bed088175329d02d5a4c08af5237b8
 CVE-2024-2897,0,0,cedfc20da5ed85e9f84ef73f96b224aba1a7761f3b26b18165ca182e0276563a,2024-06-04T19:19:19.267000
 CVE-2024-28970,0,0,e8f11977500005486cf7671144dacf7215de23ccf91b6c8eb182a0c1c61d7f56,2024-06-13T18:36:09.013000
 CVE-2024-28971,0,0,977b1e796a504922885da69c0f7540513ab16cea6a678ad4098d22f0ec570269,2024-05-08T17:05:24.083000
-CVE-2024-28972,1,1,d756f6addda93a7c284b986668a27e56ee364102435016902868a5e7a7d25511,2024-08-01T08:15:02.520000
+CVE-2024-28972,0,0,d756f6addda93a7c284b986668a27e56ee364102435016902868a5e7a7d25511,2024-08-01T08:15:02.520000
 CVE-2024-28973,0,0,c5833936687fc47280c5de84f71bab0362ecad8e5c2b89ba9d836c1b9ea2e1df,2024-06-26T12:44:29.693000
 CVE-2024-28974,0,0,9abba18f604ec1e999d11794eb149d52c94c8b05cbfba16cb362e87c9a7f33fd,2024-05-29T19:50:25.303000
 CVE-2024-28976,0,0,c0cfcb815492d56170eba26ed04c4ed5dc48c34f8cfcf09f6c5238d2d54ddae0,2024-04-24T13:39:42.883000
@ -254887,10 +254887,10 @@ CVE-2024-38476,0,0,b3d9539bc16644d562156587edde82f59f7e5b8caca519713a03097d766f3
 CVE-2024-38477,0,0,4e865b7fff5c5346863d587e484df8d5b457292ae17a1b95a338aa934a1871cd,2024-07-12T14:15:15.430000
 CVE-2024-3848,0,0,3a1e7dbb50cc54ecdbcc89881c429869965f00f9d2e1eb9f088acc297fe8920f,2024-05-16T13:03:05.353000
 CVE-2024-38480,0,0,04c4f9e75ecb94da8a57533882d0899c4c9616c45f6d4f0fa40fb0af2c036f64,2024-07-01T12:37:24.220000
-CVE-2024-38481,1,1,bb72467f4e9afb2c4aa8a39e9674a8464de905722f00f950bfbff293f40ed790,2024-08-01T08:15:02.767000
-CVE-2024-38489,1,1,69ac789f31c4f03380ba303a395be773598cc5e427669db419e4462c13ad5bde,2024-08-01T08:15:02.980000
+CVE-2024-38481,0,0,bb72467f4e9afb2c4aa8a39e9674a8464de905722f00f950bfbff293f40ed790,2024-08-01T08:15:02.767000
+CVE-2024-38489,0,0,69ac789f31c4f03380ba303a395be773598cc5e427669db419e4462c13ad5bde,2024-08-01T08:15:02.980000
 CVE-2024-3849,0,0,5306fee696144db88733a07d80a07ecf85ac2a8ec15f60e756615ae8c2f2566c,2024-05-02T18:00:37.360000
-CVE-2024-38490,1,1,da01ec7368c210ec9846fa69a0c396245ebbd3f153dbc63b210c9af31363abbc,2024-08-01T08:15:03.187000
+CVE-2024-38490,0,0,da01ec7368c210ec9846fa69a0c396245ebbd3f153dbc63b210c9af31363abbc,2024-08-01T08:15:03.187000
 CVE-2024-38491,0,0,45eb77a065b351e283c19fca52dbc0c415810a9854c6f93524e9a875f4b79ec5,2024-07-16T13:43:58.773000
 CVE-2024-38492,0,0,2fff266f3514c7b21683e88c34d78fd98dc9ab17c356d1ffe5e976b9d4dacf92,2024-07-16T13:43:58.773000
 CVE-2024-38493,0,0,7dab0c3b3c94bc494d9811e28eb01ed63c0107f6df03b64859d1b0c9c94817ec,2024-07-16T13:43:58.773000
@ -256287,16 +256287,16 @@ CVE-2024-41671,0,0,c3887e08a19f6a4662d206364ee646486b6ffd74972535a505600e6869433
 CVE-2024-41672,0,0,22d9ca4e03b108f26bbb384eff42397f3ecb90b1b86b629c7d5509df37cbcfd2,2024-07-25T12:36:39.947000
 CVE-2024-41676,0,0,4edd6c50f14612f7776f922c6baad3f4ffc072867d1278ee28662409b50e6afc,2024-07-29T16:21:52.517000
 CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000
-CVE-2024-41684,0,1,c04c7a72cb63ae7eeb8584b102c76882304d9bf5cb81d153e75d8ddb331bc6dc,2024-08-01T08:15:03.390000
-CVE-2024-41685,0,1,93eaff307f4f8791a8e8ff304ad0c9cc6b3c2580cc14efd1e8266bfdcba69042,2024-08-01T08:15:03.547000
-CVE-2024-41686,0,1,0d750b3e1e6c898024728468d3ecdbea6b50cb803a8aba6286daab29ba27ba2d,2024-08-01T08:15:03.640000
-CVE-2024-41687,0,1,236ced32c22135d66076b15c4bc6f24fb950953a526ecc4c5b2d92335e257049,2024-08-01T08:15:03.730000
-CVE-2024-41688,0,1,746c3c2890722cb9f7b8ea8d96eb0b8363f7ff857349b769b2e6b8f58085985d,2024-08-01T08:15:03.817000
-CVE-2024-41689,0,1,9be2d562482cfc3d064e5ab5fb8d77d4697f05af7dc97a600649153ea522a427,2024-08-01T08:15:03.907000
+CVE-2024-41684,0,0,c04c7a72cb63ae7eeb8584b102c76882304d9bf5cb81d153e75d8ddb331bc6dc,2024-08-01T08:15:03.390000
+CVE-2024-41685,0,0,93eaff307f4f8791a8e8ff304ad0c9cc6b3c2580cc14efd1e8266bfdcba69042,2024-08-01T08:15:03.547000
+CVE-2024-41686,0,0,0d750b3e1e6c898024728468d3ecdbea6b50cb803a8aba6286daab29ba27ba2d,2024-08-01T08:15:03.640000
+CVE-2024-41687,0,0,236ced32c22135d66076b15c4bc6f24fb950953a526ecc4c5b2d92335e257049,2024-08-01T08:15:03.730000
+CVE-2024-41688,0,0,746c3c2890722cb9f7b8ea8d96eb0b8363f7ff857349b769b2e6b8f58085985d,2024-08-01T08:15:03.817000
+CVE-2024-41689,0,0,9be2d562482cfc3d064e5ab5fb8d77d4697f05af7dc97a600649153ea522a427,2024-08-01T08:15:03.907000
 CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0f1,2024-06-04T19:20:31.780000
-CVE-2024-41690,0,1,35be90cc2bd7acfab9e39dbfe92412aec5993182e9d5569f04dfd886d5d74ef0,2024-08-01T08:15:03.990000
-CVE-2024-41691,0,1,76c5ab4f047190ae82bc420dbc882ff72fa817dfca623de9877d2ccfc2eb5ed1,2024-08-01T08:15:04.083000
-CVE-2024-41692,0,1,76fce59975fea7d60513f610577bf9eb48ded8abd0f97ff5d106b232ba29c3fb,2024-08-01T08:15:04.173000
+CVE-2024-41690,0,0,35be90cc2bd7acfab9e39dbfe92412aec5993182e9d5569f04dfd886d5d74ef0,2024-08-01T08:15:03.990000
+CVE-2024-41691,0,0,76c5ab4f047190ae82bc420dbc882ff72fa817dfca623de9877d2ccfc2eb5ed1,2024-08-01T08:15:04.083000
+CVE-2024-41692,0,0,76fce59975fea7d60513f610577bf9eb48ded8abd0f97ff5d106b232ba29c3fb,2024-08-01T08:15:04.173000
 CVE-2024-41693,0,0,1ab2b4b7ed8f921d2bbd47d1a0a36dd7d080353c42c5a60fc142ad6c40def5b1,2024-07-30T13:32:45.943000
 CVE-2024-41694,0,0,2beb2cafa0b59f0afe42f2c196fff55bc2e400d880d35147a1b32c39271b6739,2024-07-30T13:32:45.943000
 CVE-2024-41695,0,0,cfeced4f0e3fb4495c4233c92c745e7bccce82ccc90ae4a6ab56dbb48fdfcc87,2024-07-30T13:32:45.943000
@ -258234,6 +258234,7 @@ CVE-2024-6340,0,0,fd12f25a45d92fefbb8c0ec47428250f4f56bb9c686a12a52e54d86e24fec1
 CVE-2024-6341,0,0,528f4fdde1526d72477e90a767b2f2316b168f65b64effeddb9446d8a5cdcaf5,2024-07-02T18:15:03.900000
 CVE-2024-6344,0,0,ddc89c494afe0b7b80a518e0bed96070c096d29b8a0f403bdd242f60ce193de2,2024-06-27T00:15:13.360000
 CVE-2024-6345,0,0,fc166d5e44485020c9b016f580b4f1c78befbdae01a9e6ec8b7e6b8d01a2e1ea,2024-07-15T13:00:34.853000
+CVE-2024-6346,1,1,3a32bedc62b8908a4934b7e728edad074fe342446d680bd6ebcf19547f3026e6,2024-08-01T10:15:02.023000
 CVE-2024-6349,0,0,427eeb1c49748085f9d6a97a6add4281bc215342d4df9759ae2f609f0d24cf9a,2024-06-26T15:15:20.690000
 CVE-2024-6353,0,0,3e7ee1ed054bc0661b7c1f2f3de9fe2ed8be61a7a777eee50734c66af6748302,2024-07-12T12:49:07.030000
 CVE-2024-6354,0,0,c9410e2fdcd521ee7fa5aea0abe57bbff6ce1153eea9fc9c27ad647524c61c5c,2024-07-03T02:09:53.917000
@ -258564,7 +258565,7 @@ CVE-2024-6970,0,0,4194a84f3c5724b9bace97395e0f8e6456cd70a8d0cf3d46afccc165b27983
 CVE-2024-6972,0,0,136930c91bb85ebbdb27bc99dae627302f90363fa18ab987405ebabe27d12e99,2024-07-25T12:36:39.947000
 CVE-2024-6973,0,0,76295ec3ebe0bf6ab46ddfd52badda08304b88e18a3d20fac7cbdb819136f0e1,2024-07-31T20:15:07.293000
 CVE-2024-6974,0,0,7ef6b4f17e4d77510d507310e8365d24dcc0e8cace8ef658dfe2a033fdd6390d,2024-07-31T20:15:07.513000
-CVE-2024-6975,0,1,1b3bb18e08f814d7b2cc57908ec6de8ca6a8253cf52b1302675be3c13edfb1b5,2024-08-01T09:15:03.097000
+CVE-2024-6975,0,0,1b3bb18e08f814d7b2cc57908ec6de8ca6a8253cf52b1302675be3c13edfb1b5,2024-08-01T09:15:03.097000
 CVE-2024-6977,0,0,3121777bd0a52ccf3540d69bf9a48fe1c1b7f86ef36c5a72b5a200933b1d9fe6,2024-07-31T17:15:11.860000
 CVE-2024-6978,0,0,e2bc736f85bea0c52e162540a00648045c9f82e172db71c285eab8cf5b35db1f,2024-07-31T20:15:07.717000
 CVE-2024-6980,0,0,f6625eb84b24e1b38c56cc3bb53a8be195d62bb4e9db2a7b8e6feb6123dc7610,2024-07-31T12:57:02.300000
@ -258697,7 +258698,7 @@ CVE-2024-7290,0,0,e8c96d989cb70bd87ad54653beaf9542c2c74968268c5634e080d16dd0ba2b
 CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000
 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000
 CVE-2024-7300,0,0,a2e066ea38ffd4d283558ac9c550384947d588019ed19b0e0b6c2becc0799ae9,2024-07-31T14:15:08.080000
-CVE-2024-7302,0,1,eb848575f59647066e1f15d90b3f2f1e5ea9438ae4b28a66c4f233e32054cb49,2024-08-01T07:15:03.300000
+CVE-2024-7302,0,0,eb848575f59647066e1f15d90b3f2f1e5ea9438ae4b28a66c4f233e32054cb49,2024-08-01T07:15:03.300000
 CVE-2024-7303,0,0,d7f72dd61499e6619ce7f5b3ddfad21cf84d8b933f5b61aad0d5acbabf0695d7,2024-07-31T12:57:02.300000
 CVE-2024-7306,0,0,41d2dc73352be3adbe3da1c5ddee86e5aba159cd2a5da8e89aabb430dec59115,2024-07-31T12:57:02.300000
 CVE-2024-7307,0,0,880aa0ea5c84e56fdc3b5eb36854e1998bc80835f78667a7a6ad57104577d4f7,2024-07-31T12:57:02.300000