diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6346.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6346.json new file mode 100644 index 00000000000..8924be4c0cb --- /dev/null +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6346.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-6346", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-08-01T10:15:02.023", + "lastModified": "2024-08-01T10:15:02.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Gutenberg Blocks, Page Builder \u2013 ComboBlocks para WordPress es vulnerable a Cross Site Scripting almacenados\u00a1 a trav\u00e9s del par\u00e1metro redirectURL del widget Date Countdown, en todas las versiones hasta la 2.2.85a incluida, debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.84/includes/blocks/date-countdown/front-scripts.js#L117", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.84/includes/blocks/date-countdown/index.php#L283", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1512d911-167f-4653-ab20-cb057b83dab1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bc8869ef223..b1598aa3990 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-01T10:00:16.930093+00:00 +2024-08-01T12:00:16.698172+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-01T09:15:03.097000+00:00 +2024-08-01T10:15:02.023000+00:00 ``` ### Last Data Feed Release @@ -33,36 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -258727 +258728 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -- [CVE-2024-25948](CVE-2024/CVE-2024-259xx/CVE-2024-25948.json) (`2024-08-01T08:15:02.203`) -- [CVE-2024-28972](CVE-2024/CVE-2024-289xx/CVE-2024-28972.json) (`2024-08-01T08:15:02.520`) -- [CVE-2024-38481](CVE-2024/CVE-2024-384xx/CVE-2024-38481.json) (`2024-08-01T08:15:02.767`) -- [CVE-2024-38489](CVE-2024/CVE-2024-384xx/CVE-2024-38489.json) (`2024-08-01T08:15:02.980`) -- [CVE-2024-38490](CVE-2024/CVE-2024-384xx/CVE-2024-38490.json) (`2024-08-01T08:15:03.187`) +- [CVE-2024-6346](CVE-2024/CVE-2024-63xx/CVE-2024-6346.json) (`2024-08-01T10:15:02.023`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `0` -- [CVE-2022-24975](CVE-2022/CVE-2022-249xx/CVE-2022-24975.json) (`2024-08-01T09:15:02.447`) -- [CVE-2024-41684](CVE-2024/CVE-2024-416xx/CVE-2024-41684.json) (`2024-08-01T08:15:03.390`) -- [CVE-2024-41685](CVE-2024/CVE-2024-416xx/CVE-2024-41685.json) (`2024-08-01T08:15:03.547`) -- [CVE-2024-41686](CVE-2024/CVE-2024-416xx/CVE-2024-41686.json) (`2024-08-01T08:15:03.640`) -- [CVE-2024-41687](CVE-2024/CVE-2024-416xx/CVE-2024-41687.json) (`2024-08-01T08:15:03.730`) -- [CVE-2024-41688](CVE-2024/CVE-2024-416xx/CVE-2024-41688.json) (`2024-08-01T08:15:03.817`) -- [CVE-2024-41689](CVE-2024/CVE-2024-416xx/CVE-2024-41689.json) (`2024-08-01T08:15:03.907`) -- [CVE-2024-41690](CVE-2024/CVE-2024-416xx/CVE-2024-41690.json) (`2024-08-01T08:15:03.990`) -- [CVE-2024-41691](CVE-2024/CVE-2024-416xx/CVE-2024-41691.json) (`2024-08-01T08:15:04.083`) -- [CVE-2024-41692](CVE-2024/CVE-2024-416xx/CVE-2024-41692.json) (`2024-08-01T08:15:04.173`) -- [CVE-2024-6975](CVE-2024/CVE-2024-69xx/CVE-2024-6975.json) (`2024-08-01T09:15:03.097`) -- [CVE-2024-7302](CVE-2024/CVE-2024-73xx/CVE-2024-7302.json) (`2024-08-01T07:15:03.300`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 042c79c0ce6..012b95573fa 100644 --- a/_state.csv +++ b/_state.csv @@ -193982,7 +193982,7 @@ CVE-2022-24971,0,0,b0ec64ce85d02676128b2391e83c3a0904b022f7f222dffc5466868a30d12 CVE-2022-24972,0,0,8ca286053ef211cb717e8d7ba05404f77cb656fa6c149573f4f398c341507249,2023-04-05T03:34:41.627000 CVE-2022-24973,0,0,6650a12e7f7242fbdbdddfd89df53b30a62a61449f0bbf1e3070c5cf8806ef6a,2023-04-05T03:35:31.440000 CVE-2022-24974,0,0,fba3a9c12ff147ef841443e5fe2e4f3e297e031a813c3be9c249e2f40a5ba227,2022-05-11T00:21:33.083000 -CVE-2022-24975,0,1,60a38241a1999df0b051f185d939ee92807ebaf4a33cfc59a64a863ae2e75245,2024-08-01T09:15:02.447000 +CVE-2022-24975,0,0,60a38241a1999df0b051f185d939ee92807ebaf4a33cfc59a64a863ae2e75245,2024-08-01T09:15:02.447000 CVE-2022-24976,0,0,9d164c5ffac11b9a353375464b382d1507e31d1dcd0776c643e98607a371d3ac,2022-02-23T15:51:09.573000 CVE-2022-24977,0,0,991181fb0f347b7660a40d47a98a2df1472959b4e57cf91f9ea277e9ff907058,2022-02-24T15:12:00.587000 CVE-2022-24978,0,0,50d845b969b7e012c0869852e6f86b59f8ebbb78f2d6ace97d66ac19b3bf3cde,2023-08-08T14:22:24.967000 @@ -246478,7 +246478,7 @@ CVE-2024-25943,0,0,d506e8c730696f4b2f3434da5ff1d66664f3a0f52ba266f85b5b04d36f260 CVE-2024-25944,0,0,ab1a6f9559c2c17591ef013078bdc7d1074a6939146b74afdf8354c958a2a210,2024-04-01T01:12:59.077000 CVE-2024-25946,0,0,a113fddf4e672678a1d14cda275154cb9972765501ae2bed1e5e6a531e4a4550,2024-03-28T20:53:20.813000 CVE-2024-25947,0,0,485470e617d7bd91b0ac4d1200f519b4198e68df5c5f6a749aa66b3078909a80,2024-08-01T07:15:02.140000 -CVE-2024-25948,1,1,b1a8daba18f532e18688c786c199b0f61a9f31e5acabf8fcf1766745102f2aa8,2024-08-01T08:15:02.203000 +CVE-2024-25948,0,0,b1a8daba18f532e18688c786c199b0f61a9f31e5acabf8fcf1766745102f2aa8,2024-08-01T08:15:02.203000 CVE-2024-25949,0,0,cf19f3ab0bbae3d1ff74313cc0fe0f90bdd6c260c977bc35c843079a46627a59,2024-06-13T18:36:09.010000 CVE-2024-2595,0,0,e521c63ef6b03578b7bb7372b5bef2fecd2a3eebcba151ea7fc07a4fe787ff2a,2024-03-18T19:40:00.173000 CVE-2024-25951,0,0,3b1032e7dee2277c1cd9087f14c93f6b15f85f0de6dddc7df9693edc271d4b00,2024-03-11T01:32:39.697000 @@ -248734,7 +248734,7 @@ CVE-2024-28969,0,0,9aaf419f4a0f5578c1d360d21c88466bed088175329d02d5a4c08af5237b8 CVE-2024-2897,0,0,cedfc20da5ed85e9f84ef73f96b224aba1a7761f3b26b18165ca182e0276563a,2024-06-04T19:19:19.267000 CVE-2024-28970,0,0,e8f11977500005486cf7671144dacf7215de23ccf91b6c8eb182a0c1c61d7f56,2024-06-13T18:36:09.013000 CVE-2024-28971,0,0,977b1e796a504922885da69c0f7540513ab16cea6a678ad4098d22f0ec570269,2024-05-08T17:05:24.083000 -CVE-2024-28972,1,1,d756f6addda93a7c284b986668a27e56ee364102435016902868a5e7a7d25511,2024-08-01T08:15:02.520000 +CVE-2024-28972,0,0,d756f6addda93a7c284b986668a27e56ee364102435016902868a5e7a7d25511,2024-08-01T08:15:02.520000 CVE-2024-28973,0,0,c5833936687fc47280c5de84f71bab0362ecad8e5c2b89ba9d836c1b9ea2e1df,2024-06-26T12:44:29.693000 CVE-2024-28974,0,0,9abba18f604ec1e999d11794eb149d52c94c8b05cbfba16cb362e87c9a7f33fd,2024-05-29T19:50:25.303000 CVE-2024-28976,0,0,c0cfcb815492d56170eba26ed04c4ed5dc48c34f8cfcf09f6c5238d2d54ddae0,2024-04-24T13:39:42.883000 @@ -254887,10 +254887,10 @@ CVE-2024-38476,0,0,b3d9539bc16644d562156587edde82f59f7e5b8caca519713a03097d766f3 CVE-2024-38477,0,0,4e865b7fff5c5346863d587e484df8d5b457292ae17a1b95a338aa934a1871cd,2024-07-12T14:15:15.430000 CVE-2024-3848,0,0,3a1e7dbb50cc54ecdbcc89881c429869965f00f9d2e1eb9f088acc297fe8920f,2024-05-16T13:03:05.353000 CVE-2024-38480,0,0,04c4f9e75ecb94da8a57533882d0899c4c9616c45f6d4f0fa40fb0af2c036f64,2024-07-01T12:37:24.220000 -CVE-2024-38481,1,1,bb72467f4e9afb2c4aa8a39e9674a8464de905722f00f950bfbff293f40ed790,2024-08-01T08:15:02.767000 -CVE-2024-38489,1,1,69ac789f31c4f03380ba303a395be773598cc5e427669db419e4462c13ad5bde,2024-08-01T08:15:02.980000 +CVE-2024-38481,0,0,bb72467f4e9afb2c4aa8a39e9674a8464de905722f00f950bfbff293f40ed790,2024-08-01T08:15:02.767000 +CVE-2024-38489,0,0,69ac789f31c4f03380ba303a395be773598cc5e427669db419e4462c13ad5bde,2024-08-01T08:15:02.980000 CVE-2024-3849,0,0,5306fee696144db88733a07d80a07ecf85ac2a8ec15f60e756615ae8c2f2566c,2024-05-02T18:00:37.360000 -CVE-2024-38490,1,1,da01ec7368c210ec9846fa69a0c396245ebbd3f153dbc63b210c9af31363abbc,2024-08-01T08:15:03.187000 +CVE-2024-38490,0,0,da01ec7368c210ec9846fa69a0c396245ebbd3f153dbc63b210c9af31363abbc,2024-08-01T08:15:03.187000 CVE-2024-38491,0,0,45eb77a065b351e283c19fca52dbc0c415810a9854c6f93524e9a875f4b79ec5,2024-07-16T13:43:58.773000 CVE-2024-38492,0,0,2fff266f3514c7b21683e88c34d78fd98dc9ab17c356d1ffe5e976b9d4dacf92,2024-07-16T13:43:58.773000 CVE-2024-38493,0,0,7dab0c3b3c94bc494d9811e28eb01ed63c0107f6df03b64859d1b0c9c94817ec,2024-07-16T13:43:58.773000 @@ -256287,16 +256287,16 @@ CVE-2024-41671,0,0,c3887e08a19f6a4662d206364ee646486b6ffd74972535a505600e6869433 CVE-2024-41672,0,0,22d9ca4e03b108f26bbb384eff42397f3ecb90b1b86b629c7d5509df37cbcfd2,2024-07-25T12:36:39.947000 CVE-2024-41676,0,0,4edd6c50f14612f7776f922c6baad3f4ffc072867d1278ee28662409b50e6afc,2024-07-29T16:21:52.517000 CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000 -CVE-2024-41684,0,1,c04c7a72cb63ae7eeb8584b102c76882304d9bf5cb81d153e75d8ddb331bc6dc,2024-08-01T08:15:03.390000 -CVE-2024-41685,0,1,93eaff307f4f8791a8e8ff304ad0c9cc6b3c2580cc14efd1e8266bfdcba69042,2024-08-01T08:15:03.547000 -CVE-2024-41686,0,1,0d750b3e1e6c898024728468d3ecdbea6b50cb803a8aba6286daab29ba27ba2d,2024-08-01T08:15:03.640000 -CVE-2024-41687,0,1,236ced32c22135d66076b15c4bc6f24fb950953a526ecc4c5b2d92335e257049,2024-08-01T08:15:03.730000 -CVE-2024-41688,0,1,746c3c2890722cb9f7b8ea8d96eb0b8363f7ff857349b769b2e6b8f58085985d,2024-08-01T08:15:03.817000 -CVE-2024-41689,0,1,9be2d562482cfc3d064e5ab5fb8d77d4697f05af7dc97a600649153ea522a427,2024-08-01T08:15:03.907000 +CVE-2024-41684,0,0,c04c7a72cb63ae7eeb8584b102c76882304d9bf5cb81d153e75d8ddb331bc6dc,2024-08-01T08:15:03.390000 +CVE-2024-41685,0,0,93eaff307f4f8791a8e8ff304ad0c9cc6b3c2580cc14efd1e8266bfdcba69042,2024-08-01T08:15:03.547000 +CVE-2024-41686,0,0,0d750b3e1e6c898024728468d3ecdbea6b50cb803a8aba6286daab29ba27ba2d,2024-08-01T08:15:03.640000 +CVE-2024-41687,0,0,236ced32c22135d66076b15c4bc6f24fb950953a526ecc4c5b2d92335e257049,2024-08-01T08:15:03.730000 +CVE-2024-41688,0,0,746c3c2890722cb9f7b8ea8d96eb0b8363f7ff857349b769b2e6b8f58085985d,2024-08-01T08:15:03.817000 +CVE-2024-41689,0,0,9be2d562482cfc3d064e5ab5fb8d77d4697f05af7dc97a600649153ea522a427,2024-08-01T08:15:03.907000 CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0f1,2024-06-04T19:20:31.780000 -CVE-2024-41690,0,1,35be90cc2bd7acfab9e39dbfe92412aec5993182e9d5569f04dfd886d5d74ef0,2024-08-01T08:15:03.990000 -CVE-2024-41691,0,1,76c5ab4f047190ae82bc420dbc882ff72fa817dfca623de9877d2ccfc2eb5ed1,2024-08-01T08:15:04.083000 -CVE-2024-41692,0,1,76fce59975fea7d60513f610577bf9eb48ded8abd0f97ff5d106b232ba29c3fb,2024-08-01T08:15:04.173000 +CVE-2024-41690,0,0,35be90cc2bd7acfab9e39dbfe92412aec5993182e9d5569f04dfd886d5d74ef0,2024-08-01T08:15:03.990000 +CVE-2024-41691,0,0,76c5ab4f047190ae82bc420dbc882ff72fa817dfca623de9877d2ccfc2eb5ed1,2024-08-01T08:15:04.083000 +CVE-2024-41692,0,0,76fce59975fea7d60513f610577bf9eb48ded8abd0f97ff5d106b232ba29c3fb,2024-08-01T08:15:04.173000 CVE-2024-41693,0,0,1ab2b4b7ed8f921d2bbd47d1a0a36dd7d080353c42c5a60fc142ad6c40def5b1,2024-07-30T13:32:45.943000 CVE-2024-41694,0,0,2beb2cafa0b59f0afe42f2c196fff55bc2e400d880d35147a1b32c39271b6739,2024-07-30T13:32:45.943000 CVE-2024-41695,0,0,cfeced4f0e3fb4495c4233c92c745e7bccce82ccc90ae4a6ab56dbb48fdfcc87,2024-07-30T13:32:45.943000 @@ -258234,6 +258234,7 @@ CVE-2024-6340,0,0,fd12f25a45d92fefbb8c0ec47428250f4f56bb9c686a12a52e54d86e24fec1 CVE-2024-6341,0,0,528f4fdde1526d72477e90a767b2f2316b168f65b64effeddb9446d8a5cdcaf5,2024-07-02T18:15:03.900000 CVE-2024-6344,0,0,ddc89c494afe0b7b80a518e0bed96070c096d29b8a0f403bdd242f60ce193de2,2024-06-27T00:15:13.360000 CVE-2024-6345,0,0,fc166d5e44485020c9b016f580b4f1c78befbdae01a9e6ec8b7e6b8d01a2e1ea,2024-07-15T13:00:34.853000 +CVE-2024-6346,1,1,3a32bedc62b8908a4934b7e728edad074fe342446d680bd6ebcf19547f3026e6,2024-08-01T10:15:02.023000 CVE-2024-6349,0,0,427eeb1c49748085f9d6a97a6add4281bc215342d4df9759ae2f609f0d24cf9a,2024-06-26T15:15:20.690000 CVE-2024-6353,0,0,3e7ee1ed054bc0661b7c1f2f3de9fe2ed8be61a7a777eee50734c66af6748302,2024-07-12T12:49:07.030000 CVE-2024-6354,0,0,c9410e2fdcd521ee7fa5aea0abe57bbff6ce1153eea9fc9c27ad647524c61c5c,2024-07-03T02:09:53.917000 @@ -258564,7 +258565,7 @@ CVE-2024-6970,0,0,4194a84f3c5724b9bace97395e0f8e6456cd70a8d0cf3d46afccc165b27983 CVE-2024-6972,0,0,136930c91bb85ebbdb27bc99dae627302f90363fa18ab987405ebabe27d12e99,2024-07-25T12:36:39.947000 CVE-2024-6973,0,0,76295ec3ebe0bf6ab46ddfd52badda08304b88e18a3d20fac7cbdb819136f0e1,2024-07-31T20:15:07.293000 CVE-2024-6974,0,0,7ef6b4f17e4d77510d507310e8365d24dcc0e8cace8ef658dfe2a033fdd6390d,2024-07-31T20:15:07.513000 -CVE-2024-6975,0,1,1b3bb18e08f814d7b2cc57908ec6de8ca6a8253cf52b1302675be3c13edfb1b5,2024-08-01T09:15:03.097000 +CVE-2024-6975,0,0,1b3bb18e08f814d7b2cc57908ec6de8ca6a8253cf52b1302675be3c13edfb1b5,2024-08-01T09:15:03.097000 CVE-2024-6977,0,0,3121777bd0a52ccf3540d69bf9a48fe1c1b7f86ef36c5a72b5a200933b1d9fe6,2024-07-31T17:15:11.860000 CVE-2024-6978,0,0,e2bc736f85bea0c52e162540a00648045c9f82e172db71c285eab8cf5b35db1f,2024-07-31T20:15:07.717000 CVE-2024-6980,0,0,f6625eb84b24e1b38c56cc3bb53a8be195d62bb4e9db2a7b8e6feb6123dc7610,2024-07-31T12:57:02.300000 @@ -258697,7 +258698,7 @@ CVE-2024-7290,0,0,e8c96d989cb70bd87ad54653beaf9542c2c74968268c5634e080d16dd0ba2b CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000 CVE-2024-7300,0,0,a2e066ea38ffd4d283558ac9c550384947d588019ed19b0e0b6c2becc0799ae9,2024-07-31T14:15:08.080000 -CVE-2024-7302,0,1,eb848575f59647066e1f15d90b3f2f1e5ea9438ae4b28a66c4f233e32054cb49,2024-08-01T07:15:03.300000 +CVE-2024-7302,0,0,eb848575f59647066e1f15d90b3f2f1e5ea9438ae4b28a66c4f233e32054cb49,2024-08-01T07:15:03.300000 CVE-2024-7303,0,0,d7f72dd61499e6619ce7f5b3ddfad21cf84d8b933f5b61aad0d5acbabf0695d7,2024-07-31T12:57:02.300000 CVE-2024-7306,0,0,41d2dc73352be3adbe3da1c5ddee86e5aba159cd2a5da8e89aabb430dec59115,2024-07-31T12:57:02.300000 CVE-2024-7307,0,0,880aa0ea5c84e56fdc3b5eb36854e1998bc80835f78667a7a6ad57104577d4f7,2024-07-31T12:57:02.300000