Auto-Update: 2024-07-20T08:00:17.882747+00:00

2025-07-09 16:05:11 +00:00 · 2024-07-20 08:03:12 +00:00 · 2024-07-20 08:03:12 +00:00 · 4f616204ff
commit 4f616204ff
parent 939fe29e3a
4 changed files with 137 additions and 14 deletions
--- a/CVE-2024/CVE-2024-64xx/CVE-2024-6489.json
+++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6489.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-6489",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T07:15:01.963",
+  "lastModified": "2024-07-20T07:15:01.963",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3119180/getwid/trunk/includes/blocks/google-map.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe391ac9-e3ea-48b3-8ffe-243972ce89f6?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-64xx/CVE-2024-6491.json
+++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6491.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-6491",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T07:15:02.410",
+  "lastModified": "2024-07-20T07:15:02.410",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/getwid/trunk/includes/blocks/mailchimp.php#L190",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3119180/getwid/trunk/includes/blocks/mailchimp.php?contextall=1",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb2be4cd-2641-4f7f-993c-1c78e5a1d5da?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-20T06:00:18.217461+00:00
+2024-07-20T08:00:17.882747+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-20T04:15:05.940000+00:00
+2024-07-20T07:15:02.410000+00:00
 ```

 ### Last Data Feed Release
@ -33,18 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-257529
+257531
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `2`

- [CVE-2024-3934](CVE-2024/CVE-2024-39xx/CVE-2024-3934.json) (`2024-07-20T04:15:03.150`)
- [CVE-2024-40347](CVE-2024/CVE-2024-403xx/CVE-2024-40347.json) (`2024-07-20T04:15:03.853`)
- [CVE-2024-40348](CVE-2024/CVE-2024-403xx/CVE-2024-40348.json) (`2024-07-20T04:15:05.037`)
- [CVE-2024-6281](CVE-2024/CVE-2024-62xx/CVE-2024-6281.json) (`2024-07-20T04:15:05.260`)
- [CVE-2024-6694](CVE-2024/CVE-2024-66xx/CVE-2024-6694.json) (`2024-07-20T04:15:05.940`)
+- [CVE-2024-6489](CVE-2024/CVE-2024-64xx/CVE-2024-6489.json) (`2024-07-20T07:15:01.963`)
+- [CVE-2024-6491](CVE-2024/CVE-2024-64xx/CVE-2024-6491.json) (`2024-07-20T07:15:02.410`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -254937,7 +254937,7 @@ CVE-2024-39330,0,0,df282f57bb00a86772e9e77e51a445a51be95fedbc3011c51977bbb06b0f3
 CVE-2024-39331,0,0,e27921e016dec51173f86ad420de9e9174de4baa540da3f53e6e1157ef72adc9,2024-07-03T02:05:47.260000
 CVE-2024-39334,0,0,94cae5ba65ec50bed6d17b2b54650000947aeee42b8249838d1ebdc24642a191,2024-06-24T12:57:36.513000
 CVE-2024-39337,0,0,ae96e6e5658ac679eff4c9acfa518814cd5ee8874dd941939a565173aee28094,2024-06-24T12:57:36.513000
-CVE-2024-3934,1,1,059d8aace518af84f5283d8abb7521e20232308d89946efd63943e157ca5d785,2024-07-20T04:15:03.150000
+CVE-2024-3934,0,0,059d8aace518af84f5283d8abb7521e20232308d89946efd63943e157ca5d785,2024-07-20T04:15:03.150000
 CVE-2024-39340,0,0,8a19ea0d82baf517391d74de09fe55b24d4bbbe3d357c771c961dd3f6f9df19c,2024-07-15T22:15:02.910000
 CVE-2024-39347,0,0,f05ffc50868d752b16aba36bcf98397a1a823dcf709e914fdceefc955d8df28b,2024-06-28T10:27:00.920000
 CVE-2024-39348,0,0,798f996b4382b8a6e782460918b5005c42ce376a9b87c3209ffaa4789fe2c24c,2024-06-28T10:27:00.920000
@ -255278,8 +255278,8 @@ CVE-2024-40333,0,0,7e3d2c86e913650fda83b9ed457908dd220d08dc6d50420a52a17a80ec44e
 CVE-2024-40334,0,0,0f6416c66a2f7a24655624e914eca89a0566237a51d1e09767a4a1fc38d9e48f,2024-07-11T13:05:54.930000
 CVE-2024-40336,0,0,a5b75245e4db87e4fc3263aabb369a58a472f30d7c4ce491654a7dc1d23a1d6f,2024-07-11T15:06:22.143000
 CVE-2024-4034,0,0,b39ca2e444e8e083e595bb1c45cab5e2a41d75405ee52855e2d6dbb02a011da0,2024-05-02T18:00:37.360000
-CVE-2024-40347,1,1,ed983d7057f29f2aeefd2c55be14103e87ea0000e3baf01566f266a3f251173e,2024-07-20T04:15:03.853000
-CVE-2024-40348,1,1,20304c841485c9c843862d75c56579cbdf091e52faa585a7d474d44d3e5aa2d4,2024-07-20T04:15:05.037000
+CVE-2024-40347,0,0,ed983d7057f29f2aeefd2c55be14103e87ea0000e3baf01566f266a3f251173e,2024-07-20T04:15:03.853000
+CVE-2024-40348,0,0,20304c841485c9c843862d75c56579cbdf091e52faa585a7d474d44d3e5aa2d4,2024-07-20T04:15:05.037000
 CVE-2024-4035,0,0,3bb15040ac0c3c22ceadcf3607ee680ed3a99c29170715a5693bcfb82b999cb6,2024-04-25T13:18:02.660000
 CVE-2024-4036,0,0,faef85b8ea4d3772643857800ca53857ac0bd4e8c893e27c61e628dc7852637c,2024-05-02T18:00:37.360000
 CVE-2024-4037,0,0,835f7b633520c38dc69c5473ca883b788d7739f8c5278809ab72b10ff3489faf,2024-05-24T13:03:05.093000
@ -257275,7 +257275,7 @@ CVE-2024-6277,0,0,d0f7f00d5819b230843407b9bc3f1c7e29ec0322737584d90fb8a2a7a06622
 CVE-2024-6278,0,0,fef0d28a31a7314ee6fcb58b59b6730b2b275f5a8f8d33529ccdd59b9724e679,2024-06-24T14:15:13.293000
 CVE-2024-6279,0,0,f2caca6d37e74fba33e3ab428913517d72dcdb95f2cf0501739ddd9806dc7417,2024-06-26T20:15:17.003000
 CVE-2024-6280,0,0,6253a77410b62b74de6727f15951d9cf7c735a643bd8fffe051d2d292dc0ad4e,2024-06-24T12:57:36.513000
-CVE-2024-6281,1,1,5c2767dd24ce6a1e6f37b84357fb22f30acd34252322c185629739577cd33309,2024-07-20T04:15:05.260000
+CVE-2024-6281,0,0,5c2767dd24ce6a1e6f37b84357fb22f30acd34252322c185629739577cd33309,2024-07-20T04:15:05.260000
 CVE-2024-6283,0,0,84796e0660e5beb3ad885e74e117108f941d8d6090497e3b6867080b852b92df,2024-06-28T13:37:44.763000
 CVE-2024-6284,0,0,73ccbe59cd13df171bbc79ab6b910254c728a7cb44133bad73b07b9d4dc26d5e,2024-07-05T12:55:51.367000
 CVE-2024-6285,0,0,4aa94975a6bb5a18c805d5376b856037574bf8fee823086f9b7bc28590de93c1,2024-06-26T14:24:38.113000
@ -257394,6 +257394,8 @@ CVE-2024-6471,0,0,f732e100289c893532526b33b46541a39ba52ce518f7e90d2f97ec4bb67cf8
 CVE-2024-6484,0,0,bc633abd6bfb9da06585afdfb273066dfbc508847026385eb612d46f7c70ed29,2024-07-11T18:09:58.777000
 CVE-2024-6485,0,0,b143d2f5de1cad2c57f83d18fe64abfe0ba2da69210341aec4863f07cdd850cb,2024-07-11T18:09:58.777000
 CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566faa,2024-07-04T21:15:10.403000
+CVE-2024-6489,1,1,77837ba400c3690c0bd50e14fc77c874a4c9eb96e5f8e8743896d9be72ad8366,2024-07-20T07:15:01.963000
+CVE-2024-6491,1,1,2d4efed2380d6e5a21aafbc277c8c56df6c7c10e7a84627d2aaf270c5470b669,2024-07-20T07:15:02.410000
 CVE-2024-6492,0,0,82f79625038ad5debf137137104e45e1e353947b9c4b14df742baece7a047a71,2024-07-17T13:34:20.520000
 CVE-2024-6495,0,0,0b63a825f2423d6e7ce9297b9249f183116fa1df04bb2bd344ba05222b36e9dd,2024-07-12T16:34:58.687000
 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000
@ -257473,7 +257475,7 @@ CVE-2024-6679,0,0,193698b3a519c2de1af0fd23f7e404e2d54c730e4704d97d0092b63ef1c812
 CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232fc,2024-07-11T18:09:58.777000
 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000
 CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d52873c,2024-07-16T13:43:58.773000
-CVE-2024-6694,1,1,9fdb29ac60d9ec71e86e2ee7c9ec5cf21710b803b0c3d5f1c48f9b0df35e7006,2024-07-20T04:15:05.940000
+CVE-2024-6694,0,0,9fdb29ac60d9ec71e86e2ee7c9ec5cf21710b803b0c3d5f1c48f9b0df35e7006,2024-07-20T04:15:05.940000
 CVE-2024-6705,0,0,34f2408170b6a15dd38093cb290af7587fb1de87b725336b99400f51279e63d4,2024-07-18T12:28:43.707000
 CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c07,2024-07-17T14:15:04.210000
 CVE-2024-6721,0,0,20bc3ac9fd25b0ef666ff8f606cfc8f742981337efa5a16bd2cfa701fac87a51,2024-07-15T16:15:03.467000