From 5fdc1ab816ad9e14d83c41431a33a46ef5defaa5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 19 Feb 2025 05:04:36 +0000 Subject: [PATCH] Auto-Update: 2025-02-19T05:01:06.410035+00:00 --- CVE-2024/CVE-2024-115xx/CVE-2024-11582.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-134xx/CVE-2024-13443.json | 60 +++++++++++++++++++++ CVE-2025/CVE-2025-226xx/CVE-2025-22622.json | 60 +++++++++++++++++++++ README.md | 22 +++----- _state.csv | 21 ++++---- 5 files changed, 200 insertions(+), 23 deletions(-) create mode 100644 CVE-2024/CVE-2024-115xx/CVE-2024-11582.json create mode 100644 CVE-2024/CVE-2024-134xx/CVE-2024-13443.json create mode 100644 CVE-2025/CVE-2025-226xx/CVE-2025-22622.json diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11582.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11582.json new file mode 100644 index 00000000000..2dccef667c9 --- /dev/null +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11582.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11582", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-19T04:15:10.200", + "lastModified": "2025-02-19T04:15:10.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/subscribe2/tags/10.43/classes/class-s2-list-table.php#L72", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36777e39-be45-41f2-beca-2971e15b77cd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13443.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13443.json new file mode 100644 index 00000000000..caac9d3dc0b --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13443.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13443", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-19T04:15:10.360", + "lastModified": "2025-02-19T04:15:10.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/easypromos/tags/1.3.8/includes/functions.php#L93", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81998d01-8ae7-44ac-a22e-7bdbebee6c49?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-226xx/CVE-2025-22622.json b/CVE-2025/CVE-2025-226xx/CVE-2025-22622.json new file mode 100644 index 00000000000..285edd2b6ae --- /dev/null +++ b/CVE-2025/CVE-2025-226xx/CVE-2025-22622.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-22622", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2025-02-19T04:15:10.550", + "lastModified": "2025-02-19T04:15:10.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/skims-5/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://wordpress.org/plugins/agecheckernet/#developers", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ff2808479f8..6a607bde445 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-19T03:02:54.694460+00:00 +2025-02-19T05:01:06.410035+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-19T02:15:08.833000+00:00 +2025-02-19T04:15:10.550000+00:00 ``` ### Last Data Feed Release @@ -33,28 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281731 +281734 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -- [CVE-2024-57261](CVE-2024/CVE-2024-572xx/CVE-2024-57261.json) (`2025-02-19T02:15:08.480`) -- [CVE-2024-57262](CVE-2024/CVE-2024-572xx/CVE-2024-57262.json) (`2025-02-19T02:15:08.677`) -- [CVE-2025-1447](CVE-2025/CVE-2025-14xx/CVE-2025-1447.json) (`2025-02-19T01:15:09.407`) -- [CVE-2025-1448](CVE-2025/CVE-2025-14xx/CVE-2025-1448.json) (`2025-02-19T02:15:08.833`) +- [CVE-2024-11582](CVE-2024/CVE-2024-115xx/CVE-2024-11582.json) (`2025-02-19T04:15:10.200`) +- [CVE-2024-13443](CVE-2024/CVE-2024-134xx/CVE-2024-13443.json) (`2025-02-19T04:15:10.360`) +- [CVE-2025-22622](CVE-2025/CVE-2025-226xx/CVE-2025-22622.json) (`2025-02-19T04:15:10.550`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `0` -- [CVE-2024-53704](CVE-2024/CVE-2024-537xx/CVE-2024-53704.json) (`2025-02-19T02:00:02.000`) -- [CVE-2024-57257](CVE-2024/CVE-2024-572xx/CVE-2024-57257.json) (`2025-02-19T01:15:08.963`) -- [CVE-2024-57258](CVE-2024/CVE-2024-572xx/CVE-2024-57258.json) (`2025-02-19T01:15:09.117`) -- [CVE-2024-57259](CVE-2024/CVE-2024-572xx/CVE-2024-57259.json) (`2025-02-19T01:15:09.257`) -- [CVE-2025-0108](CVE-2025/CVE-2025-01xx/CVE-2025-0108.json) (`2025-02-19T02:00:02.000`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 73be74eaa8e..ff2c02c02b1 100644 --- a/_state.csv +++ b/_state.csv @@ -244892,6 +244892,7 @@ CVE-2024-11579,0,0,a0e8ebe7e9d438299b2b08bfdc182fcceaa66df7c647d83ef69f75c205558 CVE-2024-1158,0,0,cc758ded81eb4716575c03ddb54fc317f50917a2b43ee2a36cb438fc8fb74732,2024-11-21T08:49:55.723000 CVE-2024-11580,0,0,2902a2896d70a09162eab174719b1f937a00063abe723be1bb8861e8aaeb5891,2024-12-20T17:35:39.513000 CVE-2024-11581,0,0,54519437e00f96c23a8c70641ca6b3fe6fa4bcc79e1443a9a5c2a0ca7b114449,2024-12-20T17:32:03.967000 +CVE-2024-11582,1,1,f9ff8eb2d12ec0bbd7818a1709287484b4780b4422c883d3ad5ed537bbf3d553,2025-02-19T04:15:10.200000 CVE-2024-11583,0,0,0b07441a5ea7c52db00cfe826d700b0c0eb6984d5bc925e0a246fd9c511bc36e,2025-01-31T20:03:24.500000 CVE-2024-11585,0,0,d73bc146050e187d4f7b957a4961cb8470ba9ebdf69a5843cdfa9e686c284b8e,2024-12-06T06:15:22.723000 CVE-2024-11586,0,0,acbb89c7a73edeb9af616fbe1a7bbf2dff72a4d1c23f19e17196df7c7df36053,2024-11-25T18:15:10.123000 @@ -246541,6 +246542,7 @@ CVE-2024-13439,0,0,9977a2cc02f20b148bdbeb2cb70da6b957cfc1fa7b049bde9614c22678a63 CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000 CVE-2024-13440,0,0,5766e7a438a8e4269354aacca2cf4360d814b2b0ba936161bc318042a1e4abc8,2025-02-13T17:17:19.413000 CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000 +CVE-2024-13443,1,1,5e0554feb4a2f4dbf6619974907598a97160af25d67a3f0cb251733bc39feede,2025-02-19T04:15:10.360000 CVE-2024-13444,0,0,f559be4a09d3b0d4718253e232ed1d6b01b700beffd4896c1d6f62eac4116d3c,2025-01-21T11:15:09.450000 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000 CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6b70,2025-01-30T18:01:07.080000 @@ -272676,7 +272678,7 @@ CVE-2024-5370,0,0,48c7315107625a479797e074526b223c8b52af346ac3d015ac5eeb0155616f CVE-2024-53701,0,0,1a2bc4566eec18c70c1090c86f62c17b18dd370d9f36bbeea87f735f0b867519,2024-11-29T06:15:07.327000 CVE-2024-53702,0,0,df4acdecd1eceade8b04c1e8f2d0208a2fb87f2140d6e9f86d0b91986c09f3f5,2024-12-05T16:15:26.077000 CVE-2024-53703,0,0,fb9cc5fb637d3f614eb88b1748740fd2dceb8edefd36486bf6555b6ace1738fb,2024-12-05T15:15:11.270000 -CVE-2024-53704,0,1,5a29d0026803cfefd80daeb2effed8634f8ef892ba81f5bbfbab498237e4d8ea,2025-02-19T02:00:02 +CVE-2024-53704,0,0,5a29d0026803cfefd80daeb2effed8634f8ef892ba81f5bbfbab498237e4d8ea,2025-02-19T02:00:02 CVE-2024-53705,0,0,cb2aece8a5d68261ccbbe06bdcbef5f15dc8b4b71fbf212b281c5c2102470ea9,2025-01-09T15:15:18.800000 CVE-2024-53706,0,0,df37bc87068a5b2ce03429b7e89276c6f6c8ca589f496366856bc396d49be328,2025-01-09T16:16:21.743000 CVE-2024-53707,0,0,4163d5321b4bf42492ee17d3e3420b9e06f0f632230aa0e5ae79c446b00e1993,2024-12-02T14:15:13.323000 @@ -274691,12 +274693,12 @@ CVE-2024-57252,0,0,1934cc1672f51074e73fec8f79c8c1a0c2b2ef217ce3d8eb4ed233f3d5050 CVE-2024-57254,0,0,78f3756f504d64aafe3c7fe030d998338c4f68eeebca5a88a1ee7746dcf3b080,2025-02-19T00:15:10.243000 CVE-2024-57255,0,0,47d85e6c518447f6b2398d380509ce606bb346706e2218bb1c2ffeae53aec47c,2025-02-19T00:15:10.397000 CVE-2024-57256,0,0,04cbb17411d01c78be02ff0e779795e92b0782215dfab979123c37fbfd98ae11,2025-02-19T00:15:10.550000 -CVE-2024-57257,0,1,0f11b41937fa4627d73472deb52deae8f6bc85d7966ebb62d9c4447ed3649650,2025-02-19T01:15:08.963000 -CVE-2024-57258,0,1,22fe56d0f81aba8abf95644ff85b0581abf3fa4849ede72d307ace4cb2da41cb,2025-02-19T01:15:09.117000 -CVE-2024-57259,0,1,7a6eb23f5e3eaefce3e01258346d6c3c63f7f8eb3b1eabb3adf0a779bd3162ae,2025-02-19T01:15:09.257000 +CVE-2024-57257,0,0,0f11b41937fa4627d73472deb52deae8f6bc85d7966ebb62d9c4447ed3649650,2025-02-19T01:15:08.963000 +CVE-2024-57258,0,0,22fe56d0f81aba8abf95644ff85b0581abf3fa4849ede72d307ace4cb2da41cb,2025-02-19T01:15:09.117000 +CVE-2024-57259,0,0,7a6eb23f5e3eaefce3e01258346d6c3c63f7f8eb3b1eabb3adf0a779bd3162ae,2025-02-19T01:15:09.257000 CVE-2024-5726,0,0,4ceeef37c455f852012651a7e920e126aeb659ebe7ba7b011f93539db03748f1,2024-11-21T09:48:14.060000 -CVE-2024-57261,1,1,ca42f68e153d0be6e9cb0cd79e10c17f8af4df029f55193e9ee3cebd8e1524d1,2025-02-19T02:15:08.480000 -CVE-2024-57262,1,1,9450e719a6c12b68a90f479bb3c057c51a8162807b8fbaf825e482631247111d,2025-02-19T02:15:08.677000 +CVE-2024-57261,0,0,ca42f68e153d0be6e9cb0cd79e10c17f8af4df029f55193e9ee3cebd8e1524d1,2025-02-19T02:15:08.480000 +CVE-2024-57262,0,0,9450e719a6c12b68a90f479bb3c057c51a8162807b8fbaf825e482631247111d,2025-02-19T02:15:08.677000 CVE-2024-5727,0,0,fcb5435c7826764738326be67041da3dad875d35da2f0e0301dde5c6609d328a,2024-11-21T09:48:14.180000 CVE-2024-57272,0,0,dbc324cdb83c481b4de69dd5fc8cc4b86ee368b27cc30cc7365a1b8df8dc0a02,2025-01-28T20:15:54.870000 CVE-2024-57276,0,0,21b620c07e0e3337064dc5d61a9e1c6b46709ad965f39dbfecad11193ff5bb9d,2025-01-30T22:15:09.297000 @@ -278769,7 +278771,7 @@ CVE-2025-0104,0,0,21c4318a0d99e7fa45fcf41d38940b721a051c25e3dcd31ab0543aa8393743 CVE-2025-0105,0,0,1d92b789c4ee5a1ce8b95be14f67c2ed638278c6036b1fd20d689cfe8ca07ce7,2025-01-11T03:15:22.317000 CVE-2025-0106,0,0,297e7d67cc0892af79dd6eab9f30b7cbc802b5a94f8e51453a83d44734601e5e,2025-01-11T03:15:22.490000 CVE-2025-0107,0,0,7d7cd1b21f8fb2e090759e9bfc5c26e45f105ad47403d57bcf7a1a7c6a786b02,2025-01-15T23:15:10.273000 -CVE-2025-0108,0,1,9984445b2ca5afb1526508f1260cfbe552aa27c58dc311866cf73b702ffbbe92,2025-02-19T02:00:02 +CVE-2025-0108,0,0,9984445b2ca5afb1526508f1260cfbe552aa27c58dc311866cf73b702ffbbe92,2025-02-19T02:00:02 CVE-2025-0109,0,0,5a24ce2e009561b2fb59096b6f1ded171180346c747fdc8ee1c0182acced781c,2025-02-12T21:15:16.470000 CVE-2025-0110,0,0,b411c8390eb932e9490dd491fe7ec15b7990f1154a6a3792e2622d16f01feb5d,2025-02-12T21:15:16.630000 CVE-2025-0111,0,0,aa2258940e699552d6ad0522d6bc535ee5e05cc6ed6d0935f57d5a6bf309cd74,2025-02-12T21:15:16.793000 @@ -279435,8 +279437,8 @@ CVE-2025-1390,0,0,02ff75a3058ee51af8713fa469c7bed94932b28a55e59655029e36f100f66a CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000 CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000 CVE-2025-1414,0,0,b6f2fa5b41b9076d018bd1d274a1717bfb4b17a7162b38316b8f5f46b587bbc9,2025-02-18T21:15:25.440000 -CVE-2025-1447,1,1,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b0697,2025-02-19T01:15:09.407000 -CVE-2025-1448,1,1,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000 +CVE-2025-1447,0,0,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b0697,2025-02-19T01:15:09.407000 +CVE-2025-1448,0,0,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000 @@ -280226,6 +280228,7 @@ CVE-2025-22618,0,0,c19d0c974c1e5e33f6d26b1c1e9e7666054e0a20c6f455c24ab32d4bd2226 CVE-2025-22619,0,0,94078c2e9a44454365aeb387ac2d1c51351bb08f1b9ba4f80444a5076273dcd6,2025-02-13T19:44:19.580000 CVE-2025-22620,0,0,428c7806e74732326369c718351571848c196156b9eb9eb7ffe99ba9002a1b52,2025-01-20T16:15:28.017000 CVE-2025-22621,0,0,6ff4aa50f3e07d892cb8ed858e238d42c832836da0723e6a77be4111c28ff27e,2025-01-15T17:15:20.810000 +CVE-2025-22622,1,1,8b4c82fcbc47b89df336e33d6772dec0ee9982d3b30816e5d8a35cac0fdcc0d3,2025-02-19T04:15:10.550000 CVE-2025-22630,0,0,79b3801f8ae7e0fc2c6a6c47d25a128abd9fd0016caa673d59d6e5ab1ad69955,2025-02-14T07:15:32.750000 CVE-2025-22639,0,0,1d384823c10ffe5023799b5e360ec42a153bd848562aed6770e0af17e75e00b2,2025-02-18T20:15:26.010000 CVE-2025-22641,0,0,6bee2e22f4c2218c32261d50c3b76051122c36d8b22f1fe821f826f72b0d1ffb,2025-02-04T15:15:19.923000