Auto-Update: 2024-03-23T03:00:37.575607+00:00

2025-07-09 16:05:11 +00:00 · 2024-03-23 03:03:26 +00:00 · 2024-03-23 03:03:26 +00:00 · 538ae7dba6
commit 538ae7dba6
parent 05d919ac00
5 changed files with 160 additions and 12 deletions
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1697.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1697.json
@ -0,0 +1,51 @@
 {
  "id": "CVE-2024-1697",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-03-23T02:15:46.940",
  "lastModified": "2024-03-23T02:15:46.940",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-20xx/CVE-2024-2025.json
+++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2025.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-2025",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-03-23T02:15:47.127",
  "lastModified": "2024-03-23T02:15:47.127",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages\" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3055634/wc4bp/trunk/class/includes/class-request-helper.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-21xx/CVE-2024-2131.json
+++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2131.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-2131",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-03-23T02:15:47.300",
  "lastModified": "2024-03-23T02:15:47.300",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-03-23T00:55:29.430984+00:00
+2024-03-23T03:00:37.575607+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-03-23T00:15:09.150000+00:00
+2024-03-23T02:15:47.300000+00:00
 ```
 ### Last Data Feed Release
@ -23,28 +23,28 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 ```plain
-2024-03-22T01:00:20.243771+00:00
+2024-03-23T01:00:20.240237+00:00
 ```
 ### Total Number of included CVEs
 ```plain
-242477
+242480
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `3`
-* [CVE-2024-29059](CVE-2024/CVE-2024-290xx/CVE-2024-29059.json) (`2024-03-23T00:15:09.150`)
+* [CVE-2024-1697](CVE-2024/CVE-2024-16xx/CVE-2024-1697.json) (`2024-03-23T02:15:46.940`)
-* [CVE-2024-29190](CVE-2024/CVE-2024-291xx/CVE-2024-29190.json) (`2024-03-22T23:15:07.123`)
+* [CVE-2024-2025](CVE-2024/CVE-2024-20xx/CVE-2024-2025.json) (`2024-03-23T02:15:47.127`)
 * [CVE-2024-2131](CVE-2024/CVE-2024-21xx/CVE-2024-2131.json) (`2024-03-23T02:15:47.300`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 * [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-03-23T00:15:08.517`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -238956,6 +238956,7 @@ CVE-2024-1687,0,0,2c139dd7a4cd5eb96b19cf20743fdcf2a4372838670ad53c30ef28a6668ce9
 CVE-2024-1690,0,0,e16a26a39ebf4d9143c222ac4d3d5665ab1b4b3206bac6531c75e151adca0d64,2024-03-13T18:15:58.530000
 CVE-2024-1691,0,0,931899b69d7fadfa01c6f75758e366464f8e6df4f21ba5335640db83d91dfd79,2024-03-13T18:15:58.530000
 CVE-2024-1696,0,0,99a90d5f5f3ed72de58d46078f56367f3c20ea4ece7ee2f1509d303d1823a04c,2024-03-12T12:40:13.500000
 CVE-2024-1697,1,1,007ae425d3fe1e6e8b17e0e984e65f0157351075cc77b438b297589eb21198f5,2024-03-23T02:15:46.940000
 CVE-2024-1698,0,0,75dca8418f9d56ec0cfe8b6a5fe8dbac72155e2590b7f1e80f716b71405b9b9b,2024-02-27T14:20:06.637000
 CVE-2024-1700,0,0,cee65cb95f1b63b5085a6fef6705edc5603fe69ec856486109e95f0f9000ec2a,2024-03-21T02:51:44.333000
 CVE-2024-1701,0,0,4ddbc785b53d8d2b322cfa789acbbf827d1ba00b6941159053af95a225b55504,2024-03-21T02:51:44.410000
@ -239180,6 +239181,7 @@ CVE-2024-2016,0,0,e4d6a9d4595377431e5ce160ced46348048f0037949f929229c70991b831cf
 CVE-2024-2020,0,0,f422dce7e31c04d765ef032016f68754e4069486d235f1a4f01a8c53d2acadb7,2024-03-13T18:15:58.530000
 CVE-2024-2021,0,0,e8096360ed045a5afd9f02424e94ed50cdc41dc8a90b6bb9d41af3670bb54581,2024-03-21T02:52:26.990000
 CVE-2024-2022,0,0,9c61768713de8ea54e0e5b2a6f26a246e93de9ccde66348393af619eb1c022cb,2024-03-21T02:52:27.063000
 CVE-2024-2025,1,1,7d320f92fb56d3f297cb74ca6166687e377dd26a55e5320502ca513f527409d3,2024-03-23T02:15:47.127000
 CVE-2024-20251,0,0,93177578f73531041dc7b9f473ed061f1cc8390f1ba467fc874d7917d2010350,2024-02-02T16:15:53.757000
 CVE-2024-20252,0,0,b3e7ab7affd116881816a7adc1b9a82671c5b4da83512a13f8133ebc1b35c66b,2024-02-15T15:54:43.420000
 CVE-2024-20253,0,0,d3a8e74c395d6dc3e7ac6947f74fcfd7abc559db9a2a5673b58b5d97e64fbd4a,2024-02-02T16:15:53.893000
@ -239261,7 +239263,7 @@ CVE-2024-20673,0,0,54b4e9f241ee8ab47844805a07750d3fdabb10465652b2260f0e87e7bebbe
 CVE-2024-20674,0,0,f83fbf3dc1e32d0c5b9ec55d499109531471159cb602690a46d0c915a76f76a9,2024-01-14T22:37:10.873000
 CVE-2024-20675,0,0,098a1c1051e51e54708ad491ffc1da84402b5013489ba95a88b69b71214102c2,2024-01-18T19:14:08.637000
 CVE-2024-20676,0,0,579775666c740fd791eda792a7e52a24b6b8e9d0d14bd0023a90dc5677447d47,2024-01-14T22:38:08.740000
-CVE-2024-20677,0,1,b9486dd78242be24c7ff296f75ca8770194c3200204379fdd7a794d452563c6b,2024-03-23T00:15:08.517000
+CVE-2024-20677,0,0,b9486dd78242be24c7ff296f75ca8770194c3200204379fdd7a794d452563c6b,2024-03-23T00:15:08.517000
 CVE-2024-20679,0,0,1624b017f22f1cf58bc970d748c42b03846353e42c36ff6e40dcee02d8d7545e,2024-02-26T22:07:54.517000
 CVE-2024-2068,0,0,3b967167d283286e695c714101ce01e382c0bd68babba1652284fa3fabb893fe,2024-03-21T02:52:28.280000
 CVE-2024-20680,0,0,35b6f00c12f15f8755046cf5bffe1b26ae6f70d9c4c72c3072477aa5d126c0dc,2024-01-14T22:39:00.147000
@ -239483,6 +239485,7 @@ CVE-2024-21305,0,0,add765edb797e1537c086895a6f6b6be7c9ee2d099bfe2aba1b67029d2679
 CVE-2024-21306,0,0,416302ae665f6d7405fe0853b1869120a9e90d3549a767ac0c8683038e02649c,2024-01-12T18:47:54.860000
 CVE-2024-21307,0,0,5e35f7709ae294d317ac87d1b83c57318d39c401c03ff0cb293f9373652cdd9d,2024-01-12T18:47:46.490000
 CVE-2024-21309,0,0,a3f185568bb75e3259073f8c46c7820839dc23fb480d69a4b852a6b8273cd183,2024-01-12T18:47:19.217000
 CVE-2024-2131,1,1,46a78f1e7bfab3ca6a8fe9dcc5185efb29b4b6a3844cd9f7658dc4909c73aaf0,2024-03-23T02:15:47.300000
 CVE-2024-21310,0,0,2c75672ceaeeb549c94221116f3bcd34de6a9699496eff58b8182f5a388b01f6,2024-01-12T18:47:12.043000
 CVE-2024-21311,0,0,dd80a218a9aba0ce2af5bef8a751a7583da1d3839c410c785412ca1bb730c664,2024-01-12T18:47:05.760000
 CVE-2024-21312,0,0,7bf4cb4b6d9d2c7ecff310937dd5f6f564a1bdb090c7a2c26253d4d488fb9b78,2024-02-08T10:15:14.017000
@ -242378,7 +242381,7 @@ CVE-2024-29036,0,0,9e006ee4d248b12879916fd5a38e3fbf7a89f45ed6265666710ccd15d4bd0
 CVE-2024-29037,0,0,522cff780a141ed0cb980da4de92689da8f883cb35906d0c7290ad955ce6a80b,2024-03-21T12:58:51.093000
 CVE-2024-29042,0,0,94be04c88512f8801f1a0b7e8a0fe44bc1e2661493f643835e5309c09e2ba389,2024-03-22T19:02:10.300000
 CVE-2024-29057,0,0,cdc1a145aba361380d18c2b35911a094ab57273bb744736ef7267676336ae250,2024-03-22T22:15:50.450000
-CVE-2024-29059,1,1,b707a4fa5a91288265f21e2d035c3e428763b4ab7ed04a8c4453f22922a2c39c,2024-03-23T00:15:09.150000
+CVE-2024-29059,0,0,b707a4fa5a91288265f21e2d035c3e428763b4ab7ed04a8c4453f22922a2c39c,2024-03-23T00:15:09.150000
 CVE-2024-29089,0,0,e5fbae925c9da8d587d9573cbc1c34db123c4510c1c1616d472538493a08c59e,2024-03-20T13:00:16.367000
 CVE-2024-29091,0,0,b1cb764a2082d02939e32c22f722543dd831cf608e6c39b51eb933f990788962,2024-03-20T13:00:16.367000
 CVE-2024-29092,0,0,beafae19b6703c9fc1f01dec7ad304174a985adb5a44a4613a96bd5d1cef6a8d,2024-03-20T13:00:16.367000
@ -242436,7 +242439,7 @@ CVE-2024-29180,0,0,e32bebc90fbd05fe3a3edfae9506df906c8ca56e295fcb3cc3f3f384d1252
 CVE-2024-29184,0,0,f7b8833969ca9d0c0710d9e673438a664414c13b1764f6ae8189b2b9b95caa65,2024-03-22T19:02:10.300000
 CVE-2024-29185,0,0,87ad89bc08b625b0d76de9def6a9a3830774fb10e68a03b7a7a4beff2b51d9e3,2024-03-22T19:02:10.300000
 CVE-2024-29186,0,0,4d22f13bcc9a989b4457971fb422d0f63596eb5c598cc015a08c44b1e3975e55,2024-03-22T19:02:10.300000
-CVE-2024-29190,1,1,4d7a2612081971332e8caf786004f0b15e412bf1a77fc6c71f244026d2d902dc,2024-03-22T23:15:07.123000
+CVE-2024-29190,0,0,4d7a2612081971332e8caf786004f0b15e412bf1a77fc6c71f244026d2d902dc,2024-03-22T23:15:07.123000
 CVE-2024-29243,0,0,80b3eab65af2d9fbeb7b6048e074697688a19de63e1138c377d0b826523dd7db,2024-03-21T15:24:35.093000
 CVE-2024-29244,0,0,ab4dadc4ff7b45a2c285edb922de956bae0828f007627c62339f15145e95a7b7,2024-03-21T15:24:35.093000
 CVE-2024-29271,0,0,86d82853285296d2653b2954b1f865b89755729787a00c9a08bf8b4da2a10347,2024-03-22T12:45:36.130000