From 538ae7dba607b332d13dfaa2d112fa0b24657489 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 23 Mar 2024 03:03:26 +0000 Subject: [PATCH] Auto-Update: 2024-03-23T03:00:37.575607+00:00 --- CVE-2024/CVE-2024-16xx/CVE-2024-1697.json | 51 +++++++++++++++++++++++ CVE-2024/CVE-2024-20xx/CVE-2024-2025.json | 47 +++++++++++++++++++++ CVE-2024/CVE-2024-21xx/CVE-2024-2131.json | 47 +++++++++++++++++++++ README.md | 18 ++++---- _state.csv | 9 ++-- 5 files changed, 160 insertions(+), 12 deletions(-) create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1697.json create mode 100644 CVE-2024/CVE-2024-20xx/CVE-2024-2025.json create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2131.json diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1697.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1697.json new file mode 100644 index 00000000000..871dd717a3d --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1697.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1697", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-23T02:15:46.940", + "lastModified": "2024-03-23T02:15:46.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2025.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2025.json new file mode 100644 index 00000000000..549c22e7164 --- /dev/null +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2025.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2025", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-23T02:15:47.127", + "lastModified": "2024-03-23T02:15:47.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The \"BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages\" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3055634/wc4bp/trunk/class/includes/class-request-helper.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2131.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2131.json new file mode 100644 index 00000000000..9b62644e5c9 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2131.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2131", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-23T02:15:47.300", + "lastModified": "2024-03-23T02:15:47.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e16456a1753..c6cad9bac02 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-23T00:55:29.430984+00:00 +2024-03-23T03:00:37.575607+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-23T00:15:09.150000+00:00 +2024-03-23T02:15:47.300000+00:00 ``` ### Last Data Feed Release @@ -23,28 +23,28 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-03-22T01:00:20.243771+00:00 +2024-03-23T01:00:20.240237+00:00 ``` ### Total Number of included CVEs ```plain -242477 +242480 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -* [CVE-2024-29059](CVE-2024/CVE-2024-290xx/CVE-2024-29059.json) (`2024-03-23T00:15:09.150`) -* [CVE-2024-29190](CVE-2024/CVE-2024-291xx/CVE-2024-29190.json) (`2024-03-22T23:15:07.123`) +* [CVE-2024-1697](CVE-2024/CVE-2024-16xx/CVE-2024-1697.json) (`2024-03-23T02:15:46.940`) +* [CVE-2024-2025](CVE-2024/CVE-2024-20xx/CVE-2024-2025.json) (`2024-03-23T02:15:47.127`) +* [CVE-2024-2131](CVE-2024/CVE-2024-21xx/CVE-2024-2131.json) (`2024-03-23T02:15:47.300`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-03-23T00:15:08.517`) ## Download and Usage diff --git a/_state.csv b/_state.csv index eadee057714..9cc2ce3cb6b 100644 --- a/_state.csv +++ b/_state.csv @@ -238956,6 +238956,7 @@ CVE-2024-1687,0,0,2c139dd7a4cd5eb96b19cf20743fdcf2a4372838670ad53c30ef28a6668ce9 CVE-2024-1690,0,0,e16a26a39ebf4d9143c222ac4d3d5665ab1b4b3206bac6531c75e151adca0d64,2024-03-13T18:15:58.530000 CVE-2024-1691,0,0,931899b69d7fadfa01c6f75758e366464f8e6df4f21ba5335640db83d91dfd79,2024-03-13T18:15:58.530000 CVE-2024-1696,0,0,99a90d5f5f3ed72de58d46078f56367f3c20ea4ece7ee2f1509d303d1823a04c,2024-03-12T12:40:13.500000 +CVE-2024-1697,1,1,007ae425d3fe1e6e8b17e0e984e65f0157351075cc77b438b297589eb21198f5,2024-03-23T02:15:46.940000 CVE-2024-1698,0,0,75dca8418f9d56ec0cfe8b6a5fe8dbac72155e2590b7f1e80f716b71405b9b9b,2024-02-27T14:20:06.637000 CVE-2024-1700,0,0,cee65cb95f1b63b5085a6fef6705edc5603fe69ec856486109e95f0f9000ec2a,2024-03-21T02:51:44.333000 CVE-2024-1701,0,0,4ddbc785b53d8d2b322cfa789acbbf827d1ba00b6941159053af95a225b55504,2024-03-21T02:51:44.410000 @@ -239180,6 +239181,7 @@ CVE-2024-2016,0,0,e4d6a9d4595377431e5ce160ced46348048f0037949f929229c70991b831cf CVE-2024-2020,0,0,f422dce7e31c04d765ef032016f68754e4069486d235f1a4f01a8c53d2acadb7,2024-03-13T18:15:58.530000 CVE-2024-2021,0,0,e8096360ed045a5afd9f02424e94ed50cdc41dc8a90b6bb9d41af3670bb54581,2024-03-21T02:52:26.990000 CVE-2024-2022,0,0,9c61768713de8ea54e0e5b2a6f26a246e93de9ccde66348393af619eb1c022cb,2024-03-21T02:52:27.063000 +CVE-2024-2025,1,1,7d320f92fb56d3f297cb74ca6166687e377dd26a55e5320502ca513f527409d3,2024-03-23T02:15:47.127000 CVE-2024-20251,0,0,93177578f73531041dc7b9f473ed061f1cc8390f1ba467fc874d7917d2010350,2024-02-02T16:15:53.757000 CVE-2024-20252,0,0,b3e7ab7affd116881816a7adc1b9a82671c5b4da83512a13f8133ebc1b35c66b,2024-02-15T15:54:43.420000 CVE-2024-20253,0,0,d3a8e74c395d6dc3e7ac6947f74fcfd7abc559db9a2a5673b58b5d97e64fbd4a,2024-02-02T16:15:53.893000 @@ -239261,7 +239263,7 @@ CVE-2024-20673,0,0,54b4e9f241ee8ab47844805a07750d3fdabb10465652b2260f0e87e7bebbe CVE-2024-20674,0,0,f83fbf3dc1e32d0c5b9ec55d499109531471159cb602690a46d0c915a76f76a9,2024-01-14T22:37:10.873000 CVE-2024-20675,0,0,098a1c1051e51e54708ad491ffc1da84402b5013489ba95a88b69b71214102c2,2024-01-18T19:14:08.637000 CVE-2024-20676,0,0,579775666c740fd791eda792a7e52a24b6b8e9d0d14bd0023a90dc5677447d47,2024-01-14T22:38:08.740000 -CVE-2024-20677,0,1,b9486dd78242be24c7ff296f75ca8770194c3200204379fdd7a794d452563c6b,2024-03-23T00:15:08.517000 +CVE-2024-20677,0,0,b9486dd78242be24c7ff296f75ca8770194c3200204379fdd7a794d452563c6b,2024-03-23T00:15:08.517000 CVE-2024-20679,0,0,1624b017f22f1cf58bc970d748c42b03846353e42c36ff6e40dcee02d8d7545e,2024-02-26T22:07:54.517000 CVE-2024-2068,0,0,3b967167d283286e695c714101ce01e382c0bd68babba1652284fa3fabb893fe,2024-03-21T02:52:28.280000 CVE-2024-20680,0,0,35b6f00c12f15f8755046cf5bffe1b26ae6f70d9c4c72c3072477aa5d126c0dc,2024-01-14T22:39:00.147000 @@ -239483,6 +239485,7 @@ CVE-2024-21305,0,0,add765edb797e1537c086895a6f6b6be7c9ee2d099bfe2aba1b67029d2679 CVE-2024-21306,0,0,416302ae665f6d7405fe0853b1869120a9e90d3549a767ac0c8683038e02649c,2024-01-12T18:47:54.860000 CVE-2024-21307,0,0,5e35f7709ae294d317ac87d1b83c57318d39c401c03ff0cb293f9373652cdd9d,2024-01-12T18:47:46.490000 CVE-2024-21309,0,0,a3f185568bb75e3259073f8c46c7820839dc23fb480d69a4b852a6b8273cd183,2024-01-12T18:47:19.217000 +CVE-2024-2131,1,1,46a78f1e7bfab3ca6a8fe9dcc5185efb29b4b6a3844cd9f7658dc4909c73aaf0,2024-03-23T02:15:47.300000 CVE-2024-21310,0,0,2c75672ceaeeb549c94221116f3bcd34de6a9699496eff58b8182f5a388b01f6,2024-01-12T18:47:12.043000 CVE-2024-21311,0,0,dd80a218a9aba0ce2af5bef8a751a7583da1d3839c410c785412ca1bb730c664,2024-01-12T18:47:05.760000 CVE-2024-21312,0,0,7bf4cb4b6d9d2c7ecff310937dd5f6f564a1bdb090c7a2c26253d4d488fb9b78,2024-02-08T10:15:14.017000 @@ -242378,7 +242381,7 @@ CVE-2024-29036,0,0,9e006ee4d248b12879916fd5a38e3fbf7a89f45ed6265666710ccd15d4bd0 CVE-2024-29037,0,0,522cff780a141ed0cb980da4de92689da8f883cb35906d0c7290ad955ce6a80b,2024-03-21T12:58:51.093000 CVE-2024-29042,0,0,94be04c88512f8801f1a0b7e8a0fe44bc1e2661493f643835e5309c09e2ba389,2024-03-22T19:02:10.300000 CVE-2024-29057,0,0,cdc1a145aba361380d18c2b35911a094ab57273bb744736ef7267676336ae250,2024-03-22T22:15:50.450000 -CVE-2024-29059,1,1,b707a4fa5a91288265f21e2d035c3e428763b4ab7ed04a8c4453f22922a2c39c,2024-03-23T00:15:09.150000 +CVE-2024-29059,0,0,b707a4fa5a91288265f21e2d035c3e428763b4ab7ed04a8c4453f22922a2c39c,2024-03-23T00:15:09.150000 CVE-2024-29089,0,0,e5fbae925c9da8d587d9573cbc1c34db123c4510c1c1616d472538493a08c59e,2024-03-20T13:00:16.367000 CVE-2024-29091,0,0,b1cb764a2082d02939e32c22f722543dd831cf608e6c39b51eb933f990788962,2024-03-20T13:00:16.367000 CVE-2024-29092,0,0,beafae19b6703c9fc1f01dec7ad304174a985adb5a44a4613a96bd5d1cef6a8d,2024-03-20T13:00:16.367000 @@ -242436,7 +242439,7 @@ CVE-2024-29180,0,0,e32bebc90fbd05fe3a3edfae9506df906c8ca56e295fcb3cc3f3f384d1252 CVE-2024-29184,0,0,f7b8833969ca9d0c0710d9e673438a664414c13b1764f6ae8189b2b9b95caa65,2024-03-22T19:02:10.300000 CVE-2024-29185,0,0,87ad89bc08b625b0d76de9def6a9a3830774fb10e68a03b7a7a4beff2b51d9e3,2024-03-22T19:02:10.300000 CVE-2024-29186,0,0,4d22f13bcc9a989b4457971fb422d0f63596eb5c598cc015a08c44b1e3975e55,2024-03-22T19:02:10.300000 -CVE-2024-29190,1,1,4d7a2612081971332e8caf786004f0b15e412bf1a77fc6c71f244026d2d902dc,2024-03-22T23:15:07.123000 +CVE-2024-29190,0,0,4d7a2612081971332e8caf786004f0b15e412bf1a77fc6c71f244026d2d902dc,2024-03-22T23:15:07.123000 CVE-2024-29243,0,0,80b3eab65af2d9fbeb7b6048e074697688a19de63e1138c377d0b826523dd7db,2024-03-21T15:24:35.093000 CVE-2024-29244,0,0,ab4dadc4ff7b45a2c285edb922de956bae0828f007627c62339f15145e95a7b7,2024-03-21T15:24:35.093000 CVE-2024-29271,0,0,86d82853285296d2653b2954b1f865b89755729787a00c9a08bf8b4da2a10347,2024-03-22T12:45:36.130000