Auto-Update: 2025-02-19T05:01:06.410035+00:00

CVE-2024/CVE-2024-115xx/CVE-2024-11582.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11582",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-19T04:15:10.200",
+  "lastModified": "2025-02-19T04:15:10.200",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/subscribe2/tags/10.43/classes/class-s2-list-table.php#L72",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36777e39-be45-41f2-beca-2971e15b77cd?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-134xx/CVE-2024-13443.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13443",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-19T04:15:10.360",
+  "lastModified": "2025-02-19T04:15:10.360",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/easypromos/tags/1.3.8/includes/functions.php#L93",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81998d01-8ae7-44ac-a22e-7bdbebee6c49?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-226xx/CVE-2025-22622.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-22622",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2025-02-19T04:15:10.550",
+  "lastModified": "2025-02-19T04:15:10.550",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/skims-5/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/agecheckernet/#developers",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-02-19T03:02:54.694460+00:00
+2025-02-19T05:01:06.410035+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-02-19T02:15:08.833000+00:00
+2025-02-19T04:15:10.550000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,28 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-281731
+281734
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `3`
 
-- [CVE-2024-57261](CVE-2024/CVE-2024-572xx/CVE-2024-57261.json) (`2025-02-19T02:15:08.480`)
-- [CVE-2024-57262](CVE-2024/CVE-2024-572xx/CVE-2024-57262.json) (`2025-02-19T02:15:08.677`)
-- [CVE-2025-1447](CVE-2025/CVE-2025-14xx/CVE-2025-1447.json) (`2025-02-19T01:15:09.407`)
-- [CVE-2025-1448](CVE-2025/CVE-2025-14xx/CVE-2025-1448.json) (`2025-02-19T02:15:08.833`)
+- [CVE-2024-11582](CVE-2024/CVE-2024-115xx/CVE-2024-11582.json) (`2025-02-19T04:15:10.200`)
+- [CVE-2024-13443](CVE-2024/CVE-2024-134xx/CVE-2024-13443.json) (`2025-02-19T04:15:10.360`)
+- [CVE-2025-22622](CVE-2025/CVE-2025-226xx/CVE-2025-22622.json) (`2025-02-19T04:15:10.550`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `5`
+Recently modified CVEs: `0`
 
-- [CVE-2024-53704](CVE-2024/CVE-2024-537xx/CVE-2024-53704.json) (`2025-02-19T02:00:02.000`)
-- [CVE-2024-57257](CVE-2024/CVE-2024-572xx/CVE-2024-57257.json) (`2025-02-19T01:15:08.963`)
-- [CVE-2024-57258](CVE-2024/CVE-2024-572xx/CVE-2024-57258.json) (`2025-02-19T01:15:09.117`)
-- [CVE-2024-57259](CVE-2024/CVE-2024-572xx/CVE-2024-57259.json) (`2025-02-19T01:15:09.257`)
-- [CVE-2025-0108](CVE-2025/CVE-2025-01xx/CVE-2025-0108.json) (`2025-02-19T02:00:02.000`)
 
 
 ## Download and Usage

_state.csv

@@ -244892,6 +244892,7 @@ CVE-2024-11579,0,0,a0e8ebe7e9d438299b2b08bfdc182fcceaa66df7c647d83ef69f75c205558
 CVE-2024-1158,0,0,cc758ded81eb4716575c03ddb54fc317f50917a2b43ee2a36cb438fc8fb74732,2024-11-21T08:49:55.723000
 CVE-2024-11580,0,0,2902a2896d70a09162eab174719b1f937a00063abe723be1bb8861e8aaeb5891,2024-12-20T17:35:39.513000
 CVE-2024-11581,0,0,54519437e00f96c23a8c70641ca6b3fe6fa4bcc79e1443a9a5c2a0ca7b114449,2024-12-20T17:32:03.967000
+CVE-2024-11582,1,1,f9ff8eb2d12ec0bbd7818a1709287484b4780b4422c883d3ad5ed537bbf3d553,2025-02-19T04:15:10.200000
 CVE-2024-11583,0,0,0b07441a5ea7c52db00cfe826d700b0c0eb6984d5bc925e0a246fd9c511bc36e,2025-01-31T20:03:24.500000
 CVE-2024-11585,0,0,d73bc146050e187d4f7b957a4961cb8470ba9ebdf69a5843cdfa9e686c284b8e,2024-12-06T06:15:22.723000
 CVE-2024-11586,0,0,acbb89c7a73edeb9af616fbe1a7bbf2dff72a4d1c23f19e17196df7c7df36053,2024-11-25T18:15:10.123000
@@ -246541,6 +246542,7 @@ CVE-2024-13439,0,0,9977a2cc02f20b148bdbeb2cb70da6b957cfc1fa7b049bde9614c22678a63
 CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000
 CVE-2024-13440,0,0,5766e7a438a8e4269354aacca2cf4360d814b2b0ba936161bc318042a1e4abc8,2025-02-13T17:17:19.413000
 CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000
+CVE-2024-13443,1,1,5e0554feb4a2f4dbf6619974907598a97160af25d67a3f0cb251733bc39feede,2025-02-19T04:15:10.360000
 CVE-2024-13444,0,0,f559be4a09d3b0d4718253e232ed1d6b01b700beffd4896c1d6f62eac4116d3c,2025-01-21T11:15:09.450000
 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000
 CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6b70,2025-01-30T18:01:07.080000
@@ -272676,7 +272678,7 @@ CVE-2024-5370,0,0,48c7315107625a479797e074526b223c8b52af346ac3d015ac5eeb0155616f
 CVE-2024-53701,0,0,1a2bc4566eec18c70c1090c86f62c17b18dd370d9f36bbeea87f735f0b867519,2024-11-29T06:15:07.327000
 CVE-2024-53702,0,0,df4acdecd1eceade8b04c1e8f2d0208a2fb87f2140d6e9f86d0b91986c09f3f5,2024-12-05T16:15:26.077000
 CVE-2024-53703,0,0,fb9cc5fb637d3f614eb88b1748740fd2dceb8edefd36486bf6555b6ace1738fb,2024-12-05T15:15:11.270000
-CVE-2024-53704,0,1,5a29d0026803cfefd80daeb2effed8634f8ef892ba81f5bbfbab498237e4d8ea,2025-02-19T02:00:02
+CVE-2024-53704,0,0,5a29d0026803cfefd80daeb2effed8634f8ef892ba81f5bbfbab498237e4d8ea,2025-02-19T02:00:02
 CVE-2024-53705,0,0,cb2aece8a5d68261ccbbe06bdcbef5f15dc8b4b71fbf212b281c5c2102470ea9,2025-01-09T15:15:18.800000
 CVE-2024-53706,0,0,df37bc87068a5b2ce03429b7e89276c6f6c8ca589f496366856bc396d49be328,2025-01-09T16:16:21.743000
 CVE-2024-53707,0,0,4163d5321b4bf42492ee17d3e3420b9e06f0f632230aa0e5ae79c446b00e1993,2024-12-02T14:15:13.323000
@@ -274691,12 +274693,12 @@ CVE-2024-57252,0,0,1934cc1672f51074e73fec8f79c8c1a0c2b2ef217ce3d8eb4ed233f3d5050
 CVE-2024-57254,0,0,78f3756f504d64aafe3c7fe030d998338c4f68eeebca5a88a1ee7746dcf3b080,2025-02-19T00:15:10.243000
 CVE-2024-57255,0,0,47d85e6c518447f6b2398d380509ce606bb346706e2218bb1c2ffeae53aec47c,2025-02-19T00:15:10.397000
 CVE-2024-57256,0,0,04cbb17411d01c78be02ff0e779795e92b0782215dfab979123c37fbfd98ae11,2025-02-19T00:15:10.550000
-CVE-2024-57257,0,1,0f11b41937fa4627d73472deb52deae8f6bc85d7966ebb62d9c4447ed3649650,2025-02-19T01:15:08.963000
-CVE-2024-57258,0,1,22fe56d0f81aba8abf95644ff85b0581abf3fa4849ede72d307ace4cb2da41cb,2025-02-19T01:15:09.117000
-CVE-2024-57259,0,1,7a6eb23f5e3eaefce3e01258346d6c3c63f7f8eb3b1eabb3adf0a779bd3162ae,2025-02-19T01:15:09.257000
+CVE-2024-57257,0,0,0f11b41937fa4627d73472deb52deae8f6bc85d7966ebb62d9c4447ed3649650,2025-02-19T01:15:08.963000
+CVE-2024-57258,0,0,22fe56d0f81aba8abf95644ff85b0581abf3fa4849ede72d307ace4cb2da41cb,2025-02-19T01:15:09.117000
+CVE-2024-57259,0,0,7a6eb23f5e3eaefce3e01258346d6c3c63f7f8eb3b1eabb3adf0a779bd3162ae,2025-02-19T01:15:09.257000
 CVE-2024-5726,0,0,4ceeef37c455f852012651a7e920e126aeb659ebe7ba7b011f93539db03748f1,2024-11-21T09:48:14.060000
-CVE-2024-57261,1,1,ca42f68e153d0be6e9cb0cd79e10c17f8af4df029f55193e9ee3cebd8e1524d1,2025-02-19T02:15:08.480000
-CVE-2024-57262,1,1,9450e719a6c12b68a90f479bb3c057c51a8162807b8fbaf825e482631247111d,2025-02-19T02:15:08.677000
+CVE-2024-57261,0,0,ca42f68e153d0be6e9cb0cd79e10c17f8af4df029f55193e9ee3cebd8e1524d1,2025-02-19T02:15:08.480000
+CVE-2024-57262,0,0,9450e719a6c12b68a90f479bb3c057c51a8162807b8fbaf825e482631247111d,2025-02-19T02:15:08.677000
 CVE-2024-5727,0,0,fcb5435c7826764738326be67041da3dad875d35da2f0e0301dde5c6609d328a,2024-11-21T09:48:14.180000
 CVE-2024-57272,0,0,dbc324cdb83c481b4de69dd5fc8cc4b86ee368b27cc30cc7365a1b8df8dc0a02,2025-01-28T20:15:54.870000
 CVE-2024-57276,0,0,21b620c07e0e3337064dc5d61a9e1c6b46709ad965f39dbfecad11193ff5bb9d,2025-01-30T22:15:09.297000
@@ -278769,7 +278771,7 @@ CVE-2025-0104,0,0,21c4318a0d99e7fa45fcf41d38940b721a051c25e3dcd31ab0543aa8393743
 CVE-2025-0105,0,0,1d92b789c4ee5a1ce8b95be14f67c2ed638278c6036b1fd20d689cfe8ca07ce7,2025-01-11T03:15:22.317000
 CVE-2025-0106,0,0,297e7d67cc0892af79dd6eab9f30b7cbc802b5a94f8e51453a83d44734601e5e,2025-01-11T03:15:22.490000
 CVE-2025-0107,0,0,7d7cd1b21f8fb2e090759e9bfc5c26e45f105ad47403d57bcf7a1a7c6a786b02,2025-01-15T23:15:10.273000
-CVE-2025-0108,0,1,9984445b2ca5afb1526508f1260cfbe552aa27c58dc311866cf73b702ffbbe92,2025-02-19T02:00:02
+CVE-2025-0108,0,0,9984445b2ca5afb1526508f1260cfbe552aa27c58dc311866cf73b702ffbbe92,2025-02-19T02:00:02
 CVE-2025-0109,0,0,5a24ce2e009561b2fb59096b6f1ded171180346c747fdc8ee1c0182acced781c,2025-02-12T21:15:16.470000
 CVE-2025-0110,0,0,b411c8390eb932e9490dd491fe7ec15b7990f1154a6a3792e2622d16f01feb5d,2025-02-12T21:15:16.630000
 CVE-2025-0111,0,0,aa2258940e699552d6ad0522d6bc535ee5e05cc6ed6d0935f57d5a6bf309cd74,2025-02-12T21:15:16.793000
@@ -279435,8 +279437,8 @@ CVE-2025-1390,0,0,02ff75a3058ee51af8713fa469c7bed94932b28a55e59655029e36f100f66a
 CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000
 CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000
 CVE-2025-1414,0,0,b6f2fa5b41b9076d018bd1d274a1717bfb4b17a7162b38316b8f5f46b587bbc9,2025-02-18T21:15:25.440000
-CVE-2025-1447,1,1,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b0697,2025-02-19T01:15:09.407000
-CVE-2025-1448,1,1,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000
+CVE-2025-1447,0,0,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b0697,2025-02-19T01:15:09.407000
+CVE-2025-1448,0,0,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000
@@ -280226,6 +280228,7 @@ CVE-2025-22618,0,0,c19d0c974c1e5e33f6d26b1c1e9e7666054e0a20c6f455c24ab32d4bd2226
 CVE-2025-22619,0,0,94078c2e9a44454365aeb387ac2d1c51351bb08f1b9ba4f80444a5076273dcd6,2025-02-13T19:44:19.580000
 CVE-2025-22620,0,0,428c7806e74732326369c718351571848c196156b9eb9eb7ffe99ba9002a1b52,2025-01-20T16:15:28.017000
 CVE-2025-22621,0,0,6ff4aa50f3e07d892cb8ed858e238d42c832836da0723e6a77be4111c28ff27e,2025-01-15T17:15:20.810000
+CVE-2025-22622,1,1,8b4c82fcbc47b89df336e33d6772dec0ee9982d3b30816e5d8a35cac0fdcc0d3,2025-02-19T04:15:10.550000
 CVE-2025-22630,0,0,79b3801f8ae7e0fc2c6a6c47d25a128abd9fd0016caa673d59d6e5ab1ad69955,2025-02-14T07:15:32.750000
 CVE-2025-22639,0,0,1d384823c10ffe5023799b5e360ec42a153bd848562aed6770e0af17e75e00b2,2025-02-18T20:15:26.010000
 CVE-2025-22641,0,0,6bee2e22f4c2218c32261d50c3b76051122c36d8b22f1fe821f826f72b0d1ffb,2025-02-04T15:15:19.923000