Auto-Update: 2024-05-22T02:00:30.423671+00:00

2025-05-08 11:37:26 +00:00 · 2024-05-22 02:03:25 +00:00 · 2024-05-22 02:03:25 +00:00 · 447be35c2d
commit 447be35c2d
parent 60f8d1f94c
4 changed files with 110 additions and 10 deletions
--- a/CVE-2024/CVE-2024-35xx/CVE-2024-3518.json
+++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3518.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-3518",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-22T00:15:08.437",
+  "lastModified": "2024-05-22T00:15:08.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-custom-list.php#L1971",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7af1a03-8382-4593-a41f-8cdb1bb9e53b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-35xx/CVE-2024-3519.json
+++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3519.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3519",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-22T00:15:08.667",
+  "lastModified": "2024-05-22T00:15:08.667",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e1cdaf3-76fe-4b73-b30b-4554f0d34d11?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-21T23:55:29.372920+00:00
+2024-05-22T02:00:30.423671+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-21T23:15:07.923000+00:00
+2024-05-22T00:15:08.667000+00:00
 ```

 ### Last Data Feed Release
@ -27,27 +27,27 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-05-21T00:00:20.245344+00:00
+2024-05-22T00:00:20.267203+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-251332
+251334
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-21683](CVE-2024/CVE-2024-216xx/CVE-2024-21683.json) (`2024-05-21T23:15:07.923`)
+- [CVE-2024-3518](CVE-2024/CVE-2024-35xx/CVE-2024-3518.json) (`2024-05-22T00:15:08.437`)
+- [CVE-2024-3519](CVE-2024/CVE-2024-35xx/CVE-2024-3519.json) (`2024-05-22T00:15:08.667`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2022-26635](CVE-2022/CVE-2022-266xx/CVE-2022-26635.json) (`2024-05-21T22:15:08.540`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -195034,7 +195034,7 @@ CVE-2022-26631,0,0,6c83937fbcf8c59df157e5a573055a9f6346823d70c9c40aaa2c9f3d17ec5
 CVE-2022-26632,0,0,a6cf7328cd59bf5fd4f1162342d136c135ff2f77b6ba2351bc6e712245d6ae60,2022-05-26T18:27:37.887000
 CVE-2022-26633,0,0,e4cc80c6e63be230ad8d932bf0a8c56630d8d06fc6df22521ba23383f05f5b5c,2022-05-26T18:27:06.920000
 CVE-2022-26634,0,0,a92a226861281c0b69527bbd0d39f9dac9a2884939df58f7f557624336476097,2023-10-03T15:35:49.437000
-CVE-2022-26635,0,1,0b43fd14c564a13942c9aadaba7e0a4f77a37982610741909c9bfb5638e60e21,2024-05-21T22:15:08.540000
+CVE-2022-26635,0,0,0b43fd14c564a13942c9aadaba7e0a4f77a37982610741909c9bfb5638e60e21,2024-05-21T22:15:08.540000
 CVE-2022-26639,0,0,42cdba6b0479332490abcb51891547ee7ff78c72f1a676f43e6bffb168e4e62c,2022-06-05T03:22:04.437000
 CVE-2022-2664,0,0,c9f4d7689662753080ab42415893fef58ff76ad74a73abe21b81df64845ebe73,2022-08-11T18:46:25.067000
 CVE-2022-26640,0,0,6b60d7f521ea94ecdc144487a1bf9af40bd133c6bbf0dd8bb7b0ca8ae02a67c8,2022-06-05T03:23:24.217000
@ -242569,7 +242569,7 @@ CVE-2024-21677,0,0,cd63a9344db53196b5943e582014caefd2ce4c1e61501d807a03293e59d4b
 CVE-2024-21678,0,0,a74398aed7f752b8a4413bad434f2adf6ab8a95bc47028b48620e299957a54d0,2024-02-20T19:50:53.960000
 CVE-2024-2168,0,0,b854878eddfae20c7bf7090b800e5793dbeb1896e489304f1c2dd8d4439ad998,2024-05-17T02:38:05.397000
 CVE-2024-21682,0,0,6b4858b4700d4b6ec3ad8145ec0ece417db20d31f4042e4246bb7ce7db07ab15,2024-02-20T19:50:53.960000
-CVE-2024-21683,1,1,b0d572c6fab6e0bca65bdfcb02dc7b563f538dd00f3fb1f2ffe8ee18a7f7567b,2024-05-21T23:15:07.923000
+CVE-2024-21683,0,0,b0d572c6fab6e0bca65bdfcb02dc7b563f538dd00f3fb1f2ffe8ee18a7f7567b,2024-05-21T23:15:07.923000
 CVE-2024-2169,0,0,151ccb2c8e1a2ae0c1ec7f646f803cafe134a2f43c3cebd718a131296f39d84d,2024-03-20T13:00:16.367000
 CVE-2024-2170,0,0,ecb9a4c8858b9f58e40341aa169d3b7c37f3c5e40f6e92367b411525d123f7bf,2024-03-26T12:55:05.010000
 CVE-2024-2172,0,0,067e6adb1b1aa9b2eb664189abed7be18045e46cc8cc2013ed636a7714a246a2,2024-03-13T18:15:58.530000
@ -250130,11 +250130,13 @@ CVE-2024-35174,0,0,16fa728d7700257e714f9135ecc6626f2969f7784477f66bf5ab23856c34b
 CVE-2024-35175,0,0,9e25ae925e31973a2b67a8977610ae2bb87bb633e1a1caceea1eca0e2e2fe971,2024-05-15T16:40:19.330000
 CVE-2024-35176,0,0,c634344aaef4eabd3ce6ac8b9d0b3aadb9ab51e4f3a713c5a51fb9fa450b12f8,2024-05-17T18:36:31.297000
 CVE-2024-35179,0,0,4433fc22ade8274a4e17f50ac56484b62a8701a589dbfa040c3c094fd870b93d,2024-05-15T16:40:19.330000
+CVE-2024-3518,1,1,bc161668c36532557e89d5184324c40f2e14226da0bce821d3dd5b57d07697a8,2024-05-22T00:15:08.437000
 CVE-2024-35180,0,0,5a0dce9862394178bad6af24c3977746f84fc3be087e273bd629e00d7bd2a7a6,2024-05-21T16:54:35.880000
 CVE-2024-35183,0,0,a13a6c65b498bd81e5f60be29399a7cfffb17ddb2446f175a9bf7af049e805cc,2024-05-16T13:03:05.353000
 CVE-2024-35184,0,0,b9e43a79a8d3cf5f3dc97bfbc13e9d1e865d4c1cbd767526b45c719d87dddf99,2024-05-16T13:03:05.353000
 CVE-2024-35185,0,0,9566de12a112578d6f544cd49512e0fec5a478c1209019c8a894392a85ee7161,2024-05-17T18:36:31.297000
 CVE-2024-35187,0,0,e540e1bc620ba80ad5fa80f7d3263a6e3207bc8224e5eb747cca071b3bd90ce6,2024-05-17T18:36:31.297000
+CVE-2024-3519,1,1,a74cfbc52c25609280549ffc46d50d04309c851d9a765504015a6587a53eeacb,2024-05-22T00:15:08.667000
 CVE-2024-35190,0,0,df7331f94dde17b6fe9caf5aceb08176ef5d062bd31daf4fd79d8cfe540794ae,2024-05-17T18:35:35.070000
 CVE-2024-35191,0,0,ad5f120e0c10cc4969b716df938f97a8217d6bc0b56a26d3326f5d4feef8bb6c,2024-05-21T12:37:59.687000
 CVE-2024-35192,0,0,23cd729e19fbc1d14c67ebc44010f4e0066ae84ba866902513e5881072f82032,2024-05-21T12:37:59.687000