Auto-Update: 2024-09-08T08:00:17.499349+00:00

2025-05-08 19:47:09 +00:00 · 2024-09-08 08:03:16 +00:00 · 2024-09-08 08:03:16 +00:00 · 3eaf1ae990
commit 3eaf1ae990
parent 6365de89e8
11 changed files with 332 additions and 6 deletions
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6852.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6852.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6852",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.010",
+  "lastModified": "2024-09-08T06:15:02.010",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/e6c7c153-8080-40b3-85e2-604ce7c66e32/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6853.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6853.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6853",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.217",
+  "lastModified": "2024-09-08T06:15:02.217",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d1ce78c3-5d6c-465e-9ce8-6d92f7480333/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6855.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6855.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6855",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.320",
+  "lastModified": "2024-09-08T06:15:02.320",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/1124b07a-6274-49df-be77-615fda8f3a38/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6856.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6856.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6856",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.400",
+  "lastModified": "2024-09-08T06:15:02.400",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/9700845e-89ca-4f9b-95f0-4b46a975b662/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-68xx/CVE-2024-6859.json
+++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6859.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6859",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.497",
+  "lastModified": "2024-09-08T06:15:02.497",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP MultiTasking  WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/34ae6121-304f-495b-bcc1-4fbd3d70a9fb/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-69xx/CVE-2024-6924.json
+++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6924.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6924",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.580",
+  "lastModified": "2024-09-08T06:15:02.580",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TrueBooker  WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-69xx/CVE-2024-6925.json
+++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6925.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6925",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.660",
+  "lastModified": "2024-09-08T06:15:02.660",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TrueBooker  WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/1da75fd7-e44f-4043-b8f4-7ee975356982/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-69xx/CVE-2024-6928.json
+++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6928.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-6928",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-09-08T06:15:02.747",
+  "lastModified": "2024-09-08T06:15:02.747",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-85xx/CVE-2024-8570.json
+++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8570.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2024-8570",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-09-08T07:15:01.977",
+  "lastModified": "2024-09-08T07:15:01.977",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/teachersongsec/cve/issues/2",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://itsourcecode.com/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.276800",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.276800",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.403126",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-08T06:00:17.664623+00:00
+2024-09-08T08:00:17.499349+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-08T05:15:10.763000+00:00
+2024-09-08T07:15:01.977000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-262166
+262175
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `9`

- [CVE-2024-8569](CVE-2024/CVE-2024-85xx/CVE-2024-8569.json) (`2024-09-08T05:15:10.763`)
+- [CVE-2024-6852](CVE-2024/CVE-2024-68xx/CVE-2024-6852.json) (`2024-09-08T06:15:02.010`)
+- [CVE-2024-6853](CVE-2024/CVE-2024-68xx/CVE-2024-6853.json) (`2024-09-08T06:15:02.217`)
+- [CVE-2024-6855](CVE-2024/CVE-2024-68xx/CVE-2024-6855.json) (`2024-09-08T06:15:02.320`)
+- [CVE-2024-6856](CVE-2024/CVE-2024-68xx/CVE-2024-6856.json) (`2024-09-08T06:15:02.400`)
+- [CVE-2024-6859](CVE-2024/CVE-2024-68xx/CVE-2024-6859.json) (`2024-09-08T06:15:02.497`)
+- [CVE-2024-6924](CVE-2024/CVE-2024-69xx/CVE-2024-6924.json) (`2024-09-08T06:15:02.580`)
+- [CVE-2024-6925](CVE-2024/CVE-2024-69xx/CVE-2024-6925.json) (`2024-09-08T06:15:02.660`)
+- [CVE-2024-6928](CVE-2024/CVE-2024-69xx/CVE-2024-6928.json) (`2024-09-08T06:15:02.747`)
+- [CVE-2024-8570](CVE-2024/CVE-2024-85xx/CVE-2024-8570.json) (`2024-09-08T07:15:01.977`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -261154,6 +261154,11 @@ CVE-2024-6846,0,0,3f14d31d382a54a260125fd51294d960031d5921ae608f837ae240e5738c3b
 CVE-2024-6847,0,0,3aed5f2ad75c2a50eaefca5c72002315f9d747456f8615efa188f54be39bf54d,2024-08-20T19:35:15.040000
 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000
 CVE-2024-6849,0,0,b5896237f1558adc9cbcef856b59d2b35556967e115dfbf32d3a1bb8bd0adfca,2024-09-07T09:15:01.957000
+CVE-2024-6852,1,1,267d93931e2b0362fbd30fc86b2bb20385b38f93c981f65d4750cca7563ffea2,2024-09-08T06:15:02.010000
+CVE-2024-6853,1,1,abced8b2b2097096b28f9fe283d14bab816415c27cb7d975759d9e067e33c26a,2024-09-08T06:15:02.217000
+CVE-2024-6855,1,1,7f3930fcc8a447145da4056c1cb1adbf252f15cb65e3eb7c30657d2908cf728a,2024-09-08T06:15:02.320000
+CVE-2024-6856,1,1,fc346e27792a0ba9a5d1702d7deb3ba01592a71739ce6351076f3ff5dbaa923d,2024-09-08T06:15:02.400000
+CVE-2024-6859,1,1,9bc576a7ad331c231127a18569646e5d7fcb3730eb876b05cfe644a09757c443,2024-09-08T06:15:02.497000
 CVE-2024-6864,0,0,469a0ad039e39ca71e90d0d65b529134e06346783388106a10d2fa7d0b356379,2024-09-03T20:22:16.433000
 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000
 CVE-2024-6869,0,0,cc765e0741eb808a23e90ee3171ba570febcbdba6db7038c79938ac8aebc9baa,2024-08-08T13:04:18.753000
@ -261200,8 +261205,11 @@ CVE-2024-6920,0,0,744aaab347ce054c640620e9d15a192dc28f2121833a3843e0cf354f2c0d44
 CVE-2024-6921,0,0,fc130b18365e3f25f9898f5e73006c1589c6e414f2e4023eec1353ee7665721a,2024-09-03T12:59:02.453000
 CVE-2024-6922,0,0,06f94107ca0d2a59d9bc293905aa46a216c7a8ead08ee7b0b3a0f5d8d9c7d0a8,2024-07-29T14:12:08.783000
 CVE-2024-6923,0,0,0cfbd144d08a5d679110992f45e4be991e6cd9826e8a45ed46231797910890a0,2024-09-04T21:15:14.567000
+CVE-2024-6924,1,1,4b2673ae55df113294349f83c955352d5630eb37bf713fc84e8867d17ffb5567,2024-09-08T06:15:02.580000
+CVE-2024-6925,1,1,afcc6c83a98e45cb8988cf139f1745d0ce3f75ff66c6bb47312987a39d581e9b,2024-09-08T06:15:02.660000
 CVE-2024-6926,0,0,8f7a980eaebe48aff3a265873ac088d8aab7ac9e61e313ad47eb901f8ccee0e3,2024-09-04T15:35:26.253000
 CVE-2024-6927,0,0,e148b46f63346622a06f6186d016b89227da86b491e3aa4a6ce8be2d756e1768,2024-08-29T20:37:07.310000
+CVE-2024-6928,1,1,2f18115f0bb4b5e6aa73b873617ccef88a9312fd428143130e9d54a05c29ea7a,2024-09-08T06:15:02.747000
 CVE-2024-6929,0,0,be8ff54e71c3dae7aaaebdfc2eb64ab807c47924b1857c6816d9c69c8ca6063c,2024-09-05T12:53:21.110000
 CVE-2024-6930,0,0,1339dcde2064efad12400b33b71bb10f58bb3894621d0a104ecb7e997db508bc,2024-08-08T20:06:49.207000
 CVE-2024-6932,0,0,67a8aa74150c82de9338c7f5e13237de6a0b3fc058478249ab687a9bbea18d6e,2024-07-22T13:00:31.330000
@ -262164,4 +262172,5 @@ CVE-2024-8565,0,0,6cb4a30a25a1065de5f88cfca7cfe6d62437f9d4de222f9741b6956aadeba3
 CVE-2024-8566,0,0,9a96173e33b9e2f152eb0ef99d89c66ac1ffc3a87540584d06ac71a484065544,2024-09-08T00:15:02.037000
 CVE-2024-8567,0,0,128c1c03702479e16aeb74ac1d5ff777775df76bef6861dc5a90bc996a0ed9fd,2024-09-08T02:15:10.643000
 CVE-2024-8568,0,0,4f947db17327204061a3cbd87b0e0e34fcde742e3d6be8f12c557585eebdd903,2024-09-08T03:15:01.833000
-CVE-2024-8569,1,1,cddbad41d115b0e24f21900215e9a8424d8cd4b102bb78b99cdec197572a5219,2024-09-08T05:15:10.763000
+CVE-2024-8569,0,0,cddbad41d115b0e24f21900215e9a8424d8cd4b102bb78b99cdec197572a5219,2024-09-08T05:15:10.763000
+CVE-2024-8570,1,1,81f0759069b3ea9299d0bb8ce9d4e5d6ff5dc8250f74bf869cce93ec5dcff888,2024-09-08T07:15:01.977000