Auto-Update: 2024-12-25T09:00:19.585256+00:00

2025-07-11 16:13:34 +00:00 · 2024-12-25 09:03:43 +00:00 · 2024-12-25 09:03:43 +00:00 · 411f6cdce1
commit 411f6cdce1
parent 28c9c627f3
6 changed files with 207 additions and 16 deletions
--- a/CVE-2024/CVE-2024-108xx/CVE-2024-10862.json
+++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10862.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10862",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-12-25T07:15:11.190",
+  "lastModified": "2024-12-25T07:15:11.190",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L3065",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab807beb-0e20-47e4-be3e-9e8f50b84c7b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-112xx/CVE-2024-11281.json
+++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11281.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11281",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-12-25T07:15:11.777",
+  "lastModified": "2024-12-25T07:15:11.777",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/wordpress-woocommerce-pos-system-point-of-sale/21254976",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0671b1-1414-4315-8a2d-bd1aabe091a4?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-123xx/CVE-2024-12335.json
+++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12335.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-12335",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-12-25T07:15:11.980",
+  "lastModified": "2024-12-25T07:15:11.980",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://avada.com",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4181dcad-b5bd-46db-b47c-3cdee427123c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json
+++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json
@ -2,13 +2,20 @@
  "id": "CVE-2024-12782",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-12-19T13:15:05.900",
-  "lastModified": "2024-12-19T13:15:05.900",
-  "vulnStatus": "Received",
-  "cveTags": [],
+  "lastModified": "2024-12-25T08:15:05.410",
+  "vulnStatus": "Awaiting Analysis",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cna@vuldb.com",
+      "tags": [
+        "disputed"
+      ]
+    }
+  ],
  "descriptions": [
    {
      "lang": "en",
-      "value": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+      "value": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
@ -111,7 +118,7 @@
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
-      "type": "Primary",
+      "type": "Secondary",
      "description": [
        {
          "lang": "en",
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-12-25T07:00:19.831715+00:00
+2024-12-25T09:00:19.585256+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-12-25T06:15:23.407000+00:00
+2024-12-25T08:15:05.410000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-274654
+274657
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

- [CVE-2024-10858](CVE-2024/CVE-2024-108xx/CVE-2024-10858.json) (`2024-12-25T06:15:23.407`)
- [CVE-2024-12428](CVE-2024/CVE-2024-124xx/CVE-2024-12428.json) (`2024-12-25T05:15:06.920`)
- [CVE-2024-12636](CVE-2024/CVE-2024-126xx/CVE-2024-12636.json) (`2024-12-25T05:15:08.067`)
+- [CVE-2024-10862](CVE-2024/CVE-2024-108xx/CVE-2024-10862.json) (`2024-12-25T07:15:11.190`)
+- [CVE-2024-11281](CVE-2024/CVE-2024-112xx/CVE-2024-11281.json) (`2024-12-25T07:15:11.777`)
+- [CVE-2024-12335](CVE-2024/CVE-2024-123xx/CVE-2024-12335.json) (`2024-12-25T07:15:11.980`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2024-12782](CVE-2024/CVE-2024-127xx/CVE-2024-12782.json) (`2024-12-25T08:15:05.410`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243771,9 +243771,10 @@ CVE-2024-10854,0,0,afc7bc69a1b6288540bb663e3abfd7c0b6a784132b70b7f35e98f7b2cc506
 CVE-2024-10855,0,0,ae24b9251832889f0ab5093466f5bbce4d7ad6d8dd4bf7a8321d2155c2606591,2024-11-26T20:34:02.857000
 CVE-2024-10856,0,0,251c7531c17b6f3b0ed919ef9a67ac2f96c713f0018b87cf93ecb45c7c80519e,2024-12-24T11:15:07.260000
 CVE-2024-10857,0,0,957ae8afb2b021b5a39096260dcb79ccdc7e257258c659d883b9a23a31df5c0b,2024-11-26T07:15:05.003000
-CVE-2024-10858,1,1,c3d2dbeef5be79a26f33d51cb92151a2aad8e75fda9541a4a310c56924cd1970,2024-12-25T06:15:23.407000
+CVE-2024-10858,0,0,c3d2dbeef5be79a26f33d51cb92151a2aad8e75fda9541a4a310c56924cd1970,2024-12-25T06:15:23.407000
 CVE-2024-1086,0,0,688e2fb2892801c230e1dfe45afd0a98166e64f80974b1a593d490f3471fc0dd,2024-11-21T08:49:46.013000
 CVE-2024-10861,0,0,a0a9ed450f8163c1435b46341b966a17dde352d3f4e975547d6d20959f88110b,2024-11-18T17:11:17.393000
+CVE-2024-10862,1,1,47c3525e7600e4dc4aa8796ba01fd2047eb691201667cb5b589f2f6c1a826e5b,2024-12-25T07:15:11.190000
 CVE-2024-10863,0,0,b5b227485fbe2ef5029ee042bb93b4e86d4e47bdafc29c909ac7a75d6e0d47a4,2024-11-22T16:15:21.257000
 CVE-2024-10868,0,0,ed5c74cd38793a3786fe1a207774b7d893f356dc5b7738c219f7d841c4557dd6,2024-11-23T04:15:07.930000
 CVE-2024-10869,0,0,24e83078acb589a8bf17812dbc3140ca72ecc1dc51859fe588758bfcf79e45ac,2024-11-23T04:15:08.073000
@ -244105,6 +244106,7 @@ CVE-2024-11278,0,0,3f323ea4c088ae11099db65ea7e4647c3e5f880422ea2bf5351a2656e281a
 CVE-2024-11279,0,0,b2556a8750e158a7be1dc7b8c7e9a28d5376397dde30d88838c627e7fc39e344,2024-12-12T04:15:04.970000
 CVE-2024-1128,0,0,b5697d53bd1cc8361103858a196325f5d64208a9e9a1888a08b3143838ba1702,2024-11-21T08:49:51.657000
 CVE-2024-11280,0,0,55a96727b2485e04cc5b6b8add864215b2cd1aa8bc4bdf75a3cee41a9da85d1e,2024-12-17T12:15:19.343000
+CVE-2024-11281,1,1,c7426666803fe99955d578fc3958dce2b5ae0781c1e0b13c829c8e4325d838eb,2024-12-25T07:15:11.777000
 CVE-2024-11287,0,0,5e28cd1733331b85e0ad445b1086ed0ec9b451694b2573b6315e5610a8d849ee,2024-12-21T07:15:08.053000
 CVE-2024-11289,0,0,1d2443a1a9242c04e29818ad13875ac1c58e80e7866f1501dec4b2d1a8559f61,2024-12-06T10:15:05.450000
 CVE-2024-1129,0,0,cbf5818dce2e4cd60590d30546d905436cb36b8ec16eeb56ee9382ffddfc0bc3,2024-11-21T08:49:51.773000
@ -244853,6 +244855,7 @@ CVE-2024-12329,0,0,66dd2e3f2af8b0b1aca8274acaafc22644d93ff908c884984769d59605f22
 CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000
 CVE-2024-12331,0,0,1e9ca237392e514d67f31de618028f277c648eba4946fb0ca223d049863f158a,2024-12-19T12:15:05.330000
 CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000
+CVE-2024-12335,1,1,55358ce877e746c8c3bee6ac5ee688e77219acf04f4575809586a1e99b3370a0,2024-12-25T07:15:11.980000
 CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000
 CVE-2024-1234,0,0,6b4d1ae0b8159c98fb379447cf95a21f71a7514cfa9af5f48616ab89e3a52cca,2024-11-21T08:50:07.567000
 CVE-2024-12340,0,0,e64d9154ce721e0cef963ec962023bf662e8b1885905905ffc386c61964f035d,2024-12-18T10:15:07.827000
@ -244905,7 +244908,7 @@ CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc13140
 CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247bfd,2024-12-13T09:15:08.627000
 CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000
 CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d55292dc,2024-12-14T06:15:19.357000
-CVE-2024-12428,1,1,32f56e83775907d43fa99115492053c7951ff57ca9b528b984e1e2fcfea13b3f,2024-12-25T05:15:06.920000
+CVE-2024-12428,0,0,32f56e83775907d43fa99115492053c7951ff57ca9b528b984e1e2fcfea13b3f,2024-12-25T05:15:06.920000
 CVE-2024-12432,0,0,3d67b932349f6253a91fa970f1501aba586896a462aba17731bbe90a2499433d,2024-12-18T04:15:07.947000
 CVE-2024-12441,0,0,60177bfa0d9dcd79729d5ab6a51352067dd3b55deb7861fd956eb7f2cdfb3058,2024-12-12T05:15:12.703000
 CVE-2024-12443,0,0,f07c0805b285e00ba917c2d7fc7d6d01900a808064fd2463aaf6cc786dd6eda1,2024-12-16T23:15:06.097000
@ -244997,7 +245000,7 @@ CVE-2024-12628,0,0,f48463b1ecdc4a2ff76d188b8ae44a2e0e32ef1e929dc806ea33e24839d14
 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000
 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000
 CVE-2024-12635,0,0,99a228890bd43a8042fc5a059ac9a5dbbb198a1f556a6f74c7eecbd9945e18c8,2024-12-21T07:15:09.380000
-CVE-2024-12636,1,1,6cd5df7c0ec0b69dee8c268b93582a1e0f0a1ba755b4e8e67a5be6cd3d9ecf4c,2024-12-25T05:15:08.067000
+CVE-2024-12636,0,0,6cd5df7c0ec0b69dee8c268b93582a1e0f0a1ba755b4e8e67a5be6cd3d9ecf4c,2024-12-25T05:15:08.067000
 CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000
 CVE-2024-12641,0,0,6e6b1aa53bd8553222049d57d01527b85aa1b46f94f8dd550c03e6967ee19a5d,2024-12-16T07:15:05.787000
 CVE-2024-12642,0,0,a401d76248880d01d3fa48196afb4bda331b127bc27a94608f221d11c2863778,2024-12-16T07:15:06.023000
@ -245059,7 +245062,7 @@ CVE-2024-1276,0,0,342e07ea1475f57185158b84be14279572eebbc1b91e4c07c491730599e670
 CVE-2024-1277,0,0,fdccc6e1d66b4b759fea691d8a9a7ad4f8cc0afd5b2fb224e654b3bd9de12942,2024-11-21T08:50:13.170000
 CVE-2024-12771,0,0,00670c9ba4110d7f81f7077a284116c4904de555b874badf83d924edcbc78377,2024-12-21T07:15:09.997000
 CVE-2024-1278,0,0,304f88731c9c2e93f283a152f19a1ac852d3cf0fda0d38c9b82c242ac4604519,2024-11-21T08:50:13.287000
-CVE-2024-12782,0,0,d84c709a203c2b6e1eb6e82eaa62e3ee92b3b125eeb872c11ceb89fb44b775c6,2024-12-19T13:15:05.900000
+CVE-2024-12782,0,1,5b7b2e2ac02e7efc39bf5d7b73d597a9d89fda1b95cd7026fb4052ada3469843,2024-12-25T08:15:05.410000
 CVE-2024-12783,0,0,07d3b17e3d5d11707b74236da78c46b61df9436573adf7dc03baf418873a64fa,2024-12-19T13:15:06.217000
 CVE-2024-12784,0,0,394d09478b3fc884ce151ab4d804d3c0c2c79402a7d52b4c191775044a9438d1,2024-12-19T14:15:05.943000
 CVE-2024-12785,0,0,d1f5f24bf39cff8aec921e50b5018d4192a1029426c5f823f7cbb6630b28eed4,2024-12-19T15:15:05.980000