Auto-Update: 2024-06-08T04:00:18.899822+00:00

2025-05-30 18:21:17 +00:00 · 2024-06-08 04:03:12 +00:00 · 2024-06-08 04:03:12 +00:00 · 51440c2d46
commit 51440c2d46
parent a6a59291cb
3 changed files with 62 additions and 6 deletions
--- a/CVE-2024/CVE-2024-56xx/CVE-2024-5663.json
+++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5663.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-5663",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-08T03:15:48.020",
+  "lastModified": "2024-06-08T03:15:48.020",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bb-bootstrap-cards/trunk/bb-bootstrap-cards-module/includes/frontend.php#L13",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3099081%40bb-bootstrap-cards&new=3099081%40bb-bootstrap-cards&sfp_email=&sfph_mail=#file4",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/bb-bootstrap-cards/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55ff923e-9d04-4ce7-b6d6-165fa4fc5433?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-07T23:55:17.964768+00:00
+2024-06-08T04:00:18.899822+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-07T23:15:47.267000+00:00
+2024-06-08T03:15:48.020000+00:00
 ```

 ### Last Data Feed Release
@ -27,20 +27,20 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-06-07T00:00:08.641666+00:00
+2024-06-08T00:00:08.651262+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-253019
+253020
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-0444](CVE-2024/CVE-2024-04xx/CVE-2024-0444.json) (`2024-06-07T23:15:47.267`)
+- [CVE-2024-5663](CVE-2024/CVE-2024-56xx/CVE-2024-5663.json) (`2024-06-08T03:15:48.020`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -240606,7 +240606,7 @@ CVE-2024-0439,0,0,4f05abe07b33d52630e7e2f16b2fc654dc7361de9b17d784a387c5f2734969
 CVE-2024-0440,0,0,1b8c6151d9e5112082edfbd55485c048af1a0e6af77ae8e6651b84d68c946722,2024-02-26T16:32:25.577000
 CVE-2024-0442,0,0,8cdba0674d25b3b3ea9cdded4aa83352a5239f2b65f68583fbcda0cd98fb79ab,2024-02-29T13:49:29.390000
 CVE-2024-0443,0,0,66f5ebd159b753199898dddfe8b1a62dd2999c1556a51d08b06f9a74e312a3e2,2024-05-20T11:15:08.403000
-CVE-2024-0444,1,1,786c01cbda4efbfcbc7789f860e5c7c13f5f94487248cc513cf3a2ea5f661ca7,2024-06-07T23:15:47.267000
+CVE-2024-0444,0,0,786c01cbda4efbfcbc7789f860e5c7c13f5f94487248cc513cf3a2ea5f661ca7,2024-06-07T23:15:47.267000
 CVE-2024-0445,0,0,abd39d6705adef15e4807879de948efd276d4ecca782592229f9c11a318d87fe,2024-05-14T16:13:02.773000
 CVE-2024-0446,0,0,177f0f6fa9da6f41d147a83b94c4a1a182c538433bae32bd44fabede9ad39c08,2024-03-01T05:15:08.440000
 CVE-2024-0447,0,0,462dd19e6dceba84c0c2bc16f20ac9c6c50b5a3824b0b2c21023eddf8c13abda,2024-03-13T18:16:18.563000
@ -253009,6 +253009,7 @@ CVE-2024-5653,0,0,283076b6ccce08ae3d1ddf9d7f5983a839d66c80929543a8a527d0bfdf86a2
 CVE-2024-5656,0,0,adabf37f78545832b9e31783c044d8f042bfbaaca432946aa95ed82eb518777b,2024-06-06T14:17:35.017000
 CVE-2024-5657,0,0,b9899ab9d953b5e4a78b96db0691f3e8b536e92241286e49b6931592afb0dbef,2024-06-06T14:17:35.017000
 CVE-2024-5658,0,0,f9a4660898e79de730b34f0f4bc7034aff51985f481860d10ff11713ac36cafd,2024-06-06T14:17:35.017000
+CVE-2024-5663,1,1,1a94fca9ac10c42458b8bbd3d1c739c4251754be5df10d4fbd889209fd329d93,2024-06-08T03:15:48.020000
 CVE-2024-5665,0,0,bd958d396bb4ad35b63d57ac1176d92cc2fe04cdc3b5189c4ab55e781e3023c0,2024-06-06T14:17:35.017000
 CVE-2024-5673,0,0,b896d7e323904f9e987f87941609f4675d0746a7c5358db642d05671db0b87b4,2024-06-06T14:17:35.017000
 CVE-2024-5675,0,0,38acd8263eeb8d1e4c48e0984f055dd4606319e26fa8928f4d3e5881bdfd6563,2024-06-06T14:17:35.017000