From 6c398e25198020a129d613ec5f6123fd1fd3ff58 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sat, 25 May 2024 06:03:32 +0000
Subject: [PATCH] Auto-Update: 2024-05-25T06:00:38.467286+00:00

---
 CVE-2024/CVE-2024-52xx/CVE-2024-5218.json | 51 +++++++++++++++++++++++
 README.md                                 | 12 +++---
 _state.csv                                |  7 ++--
 3 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5218.json

diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5218.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5218.json
new file mode 100644
index 00000000000..30e473d3634
--- /dev/null
+++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5218.json
@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-5218",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-25T04:15:11.510",
+  "lastModified": "2024-05-25T04:15:11.510",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Reviews and Rating \u2013 Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/g-business-reviews-rating/tags/5.1/index.php#L804",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092202%40g-business-reviews-rating%2Ftrunk&old=3076444%40g-business-reviews-rating%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71408e0b-aed8-4077-add2-7f3b249e85f5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index ece3304d092..0a43ae6ab42 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-05-25T04:00:37.845495+00:00
+2024-05-25T06:00:38.467286+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-05-25T03:15:08.377000+00:00
+2024-05-25T04:15:11.510000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-251771
+251772
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `1`
 
-- [CVE-2024-4858](CVE-2024/CVE-2024-48xx/CVE-2024-4858.json) (`2024-05-25T03:15:08.150`)
-- [CVE-2024-5220](CVE-2024/CVE-2024-52xx/CVE-2024-5220.json) (`2024-05-25T02:15:41.053`)
-- [CVE-2024-5229](CVE-2024/CVE-2024-52xx/CVE-2024-5229.json) (`2024-05-25T03:15:08.377`)
+- [CVE-2024-5218](CVE-2024/CVE-2024-52xx/CVE-2024-5218.json) (`2024-05-25T04:15:11.510`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index 8395f7f0472..3fa5adbca71 100644
--- a/_state.csv
+++ b/_state.csv
@@ -251573,7 +251573,7 @@ CVE-2024-4849,0,0,511b2c9f4d511b050df67c62f8e5c632de2018429782be15ee8ee0f13ba543
 CVE-2024-4853,0,0,ba76998b2322009a736dfabc746ba873162af9769c26f75eb36eb2d2f5455f10,2024-05-14T16:11:39.510000
 CVE-2024-4854,0,0,1544f1fe7b518c3058bbfd199032e2a1672e1211474fa012cf98161e9eb1b9cb,2024-05-14T16:11:39.510000
 CVE-2024-4855,0,0,853db3435d2b017e6592b5c0a241408d5ffcf3daf060fdd7c76e2352d5ddd617,2024-05-14T16:11:39.510000
-CVE-2024-4858,1,1,865c49be8dcf436928cd5b0857b5d1a1d7f72b422f294f75f9c390619561d1f7,2024-05-25T03:15:08.150000
+CVE-2024-4858,0,0,865c49be8dcf436928cd5b0857b5d1a1d7f72b422f294f75f9c390619561d1f7,2024-05-25T03:15:08.150000
 CVE-2024-4859,0,0,3de5434b35db9344c6a8c9ff1c0891dd93d801d8510e1a23be87da56d66078a2,2024-05-14T19:17:55.627000
 CVE-2024-4860,0,0,078ece1acb5f59d15050f08de42942705925d025d9ef9dfb969c99e0b62152d4,2024-05-14T19:17:55.627000
 CVE-2024-4865,0,0,329a52916bfd6dfb743076cafa1076f06a8ce9ff30efb7c2cd8c895178c7ad64,2024-05-20T13:00:34.807000
@@ -251730,10 +251730,11 @@ CVE-2024-5196,0,0,5d3f231a43c31999680087469716ad4f3327a52b153d985ebb2cb490ce1591
 CVE-2024-5201,0,0,81f846161e431f4061849f73f284a647933a16f2dae4eac954a714561d2b5ac6,2024-05-24T01:15:30.977000
 CVE-2024-5202,0,0,1c05e157c3d14a467d804b0cdb60f2b737187a0758793a87fe251b0e49272bf0,2024-05-24T01:15:30.977000
 CVE-2024-5205,0,0,cb36ec671fed104039900e6835467ad487e54c052bb39844cd3bc6979a6fc551,2024-05-24T13:03:11.993000
-CVE-2024-5220,1,1,db5d76a16acffa422f763541aa93b6370a97c5e1e76f123c8b63b8a6f885d2e9,2024-05-25T02:15:41.053000
+CVE-2024-5218,1,1,ad5cff657c54cafa9a13e8616afcb507f70463a264137b879efaf83a5dcfce6e,2024-05-25T04:15:11.510000
+CVE-2024-5220,0,0,db5d76a16acffa422f763541aa93b6370a97c5e1e76f123c8b63b8a6f885d2e9,2024-05-25T02:15:41.053000
 CVE-2024-5227,0,0,764fb0f16b4be474e014f5b57d633ec17b38b77286d8198d7e553896bd7bbab8,2024-05-24T01:15:30.977000
 CVE-2024-5228,0,0,7fbc53a71d297b0e47d7a3142759157603a147b1ae1e469af28fd6a561b32095,2024-05-24T01:15:30.977000
-CVE-2024-5229,1,1,cfa44ef4e2e9b2e767dede80ab97f9f6ba863713fc6e5e73d118a30fb5ecf176,2024-05-25T03:15:08.377000
+CVE-2024-5229,0,0,cfa44ef4e2e9b2e767dede80ab97f9f6ba863713fc6e5e73d118a30fb5ecf176,2024-05-25T03:15:08.377000
 CVE-2024-5230,0,0,1dfdc1f75adf11a1631a2035669fccd144f45320efda1d74487ef2b2c2eb1408,2024-05-24T01:15:30.977000
 CVE-2024-5231,0,0,77aaf6c06c39e7a6957d4d84230cd96a9a7b8b69b2c092878c05a8d8a4b1142f,2024-05-24T01:15:30.977000
 CVE-2024-5232,0,0,2d619cda6223cd7544d038358d9c03578b253710cd700f688734acc51a6e3712,2024-05-24T01:15:30.977000