Auto-Update: 2025-03-10T07:00:24.609539+00:00

CVE-2024/CVE-2024-116xx/CVE-2024-11638.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-11638",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2025-03-10T06:15:20.797",
+  "lastModified": "2025-03-10T06:15:20.797",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/2f20336f-e12e-4b09-bcaf-45f7249f6495/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-19xx/CVE-2025-1926.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-1926",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-10T05:15:35.347",
+  "lastModified": "2025-03-10T05:15:35.347",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/pagelayer/tags/1.9.8/init.php#L477",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542b6312-b264-49d5-882a-454427c60c8a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-03-10T05:00:19.788317+00:00
+2025-03-10T07:00:24.609539+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-03-10T03:15:26.750000+00:00
+2025-03-10T06:15:20.797000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-284586
+284588
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-- [CVE-2024-41724](CVE-2024/CVE-2024-417xx/CVE-2024-41724.json) (`2025-03-10T03:15:26.413`)
-- [CVE-2024-43107](CVE-2024/CVE-2024-431xx/CVE-2024-43107.json) (`2025-03-10T03:15:26.750`)
+- [CVE-2024-11638](CVE-2024/CVE-2024-116xx/CVE-2024-11638.json) (`2025-03-10T06:15:20.797`)
+- [CVE-2025-1926](CVE-2025/CVE-2025-19xx/CVE-2025-1926.json) (`2025-03-10T05:15:35.347`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -245757,6 +245757,7 @@ CVE-2024-11634,0,0,14627ed8cbf95632caf8b74a22783ca02eb0bf7651aea5ed85be227c49580
 CVE-2024-11635,0,0,ffacee27dce2a3419b3aa106b350e83d5585d5dcfe645774b0023dac2c389ee8,2025-01-08T08:15:24.117000
 CVE-2024-11636,0,0,477a215831f10296b9ea3788441fcca038078cee1d80a9e966a40e92f5b59df4,2025-01-13T15:15:07.560000
 CVE-2024-11637,0,0,5348ca65261140ae16ec15332c773ee06343664939e89530c0d5541b934692f4,2025-01-14T02:15:07.907000
+CVE-2024-11638,1,1,552649984b67f5b1ef18257a0d06eb421eca6da700aa98bde360d18a4c898d04,2025-03-10T06:15:20.797000
 CVE-2024-11639,0,0,b0b1970767477e87b7cf619e96fa5cb2fbca7d53895c7bdaf49d93303071061e,2025-01-17T19:40:09.763000
 CVE-2024-1164,0,0,d6b3223f31512976ce37113225736cbf014a2aac3d8c295ef68c5d3e3fda5f16,2025-01-16T15:08:00.773000
 CVE-2024-11640,0,0,703b195ff151c253fbe91a68928542f3fce11ad9103611204a13abf98a6770f0,2025-03-08T12:15:34.510000
@@ -265152,7 +265153,7 @@ CVE-2024-41720,0,0,bf5caaca1d1c0f9c7639ac2e1a39cd9b2520bfe388b5fa56d6221ad980dba
 CVE-2024-41721,0,0,7f76b2819dc96136f1439ee00033d6c65dd7e088f9d1945c138673cd979cf120,2024-11-21T09:33:03.463000
 CVE-2024-41722,0,0,3545357ca4cf0733ba3a03ead3658e160a6402ae8d95909ac1278d94b7906585,2024-10-17T17:15:11.667000
 CVE-2024-41723,0,0,d9b662665d6689abd8fad15aad73e5cccc07ff290e5d3363e7616d9cd67dea5f,2024-08-20T19:26:24.033000
-CVE-2024-41724,1,1,d1c99ae1e32cc7e05eabc5a9e7716a4da80bcb079c939f868e6a36e07aa75a54,2025-03-10T03:15:26.413000
+CVE-2024-41724,0,0,d1c99ae1e32cc7e05eabc5a9e7716a4da80bcb079c939f868e6a36e07aa75a54,2025-03-10T03:15:26.413000
 CVE-2024-41725,0,0,22730b96c52ac656b3629e583fbd4eff8680f06218cdfc247d9daaa25af29f18,2024-09-30T19:55:49.267000
 CVE-2024-41726,0,0,1634589ac3ac4ec4129067b4ba8087d1381f27ca1092297eaee5f918681fec2f,2024-11-21T09:33:03.933000
 CVE-2024-41727,0,0,2a9ac21ada02bd8c51a7f31c03f4791d147a723aaaec3e3fd9c0454ee54c14af,2024-08-20T19:25:12.490000
@@ -266224,7 +266225,7 @@ CVE-2024-4310,0,0,dd5cf151edf7d2cd055572eb00e97620ec8e8024a5783f50f0a1b0ae59db4b
 CVE-2024-43102,0,0,b6aa6225bd8ed19c424a914e97c361ac2900c128d3e8c90742dfa8fa3a85a13f,2024-11-21T09:35:00.713000
 CVE-2024-43105,0,0,e347f7b09a6bd72c4cce9575828cf84dd0078060fb85e7c631ae4a4f65e5a4e2,2024-08-23T16:18:28.547000
 CVE-2024-43106,0,0,e3c8c338effb078ab073dae4e3b62f1cd076ce9d2249064b9c8efa466fd26d13,2024-12-19T17:15:09.350000
-CVE-2024-43107,1,1,059d7076ab810bc8a36ffd0e2e6d66850d8a9d76e1d9da3211cd08d0c3735a50,2025-03-10T03:15:26.750000
+CVE-2024-43107,0,0,059d7076ab810bc8a36ffd0e2e6d66850d8a9d76e1d9da3211cd08d0c3735a50,2025-03-10T03:15:26.750000
 CVE-2024-43108,0,0,5e287d64c49b83289e98ec106ef0b469b4085c0a0512abb918ff03d24d77772e,2024-10-17T17:15:11.883000
 CVE-2024-4311,0,0,76e51b82bcf102c4a7a18c5b03d4ba2a6e78929354b4c7d54c7e39e256fd7ef3,2024-11-18T16:35:13.737000
 CVE-2024-43110,0,0,51650deb7aee7ab0cf914391f943f7fe2c91b657e3cdae3cff1f5f569194dcba,2024-09-05T21:22:04.810000
@@ -281253,6 +281254,7 @@ CVE-2025-1921,0,0,52bb07cc9f6cf05de10de265c3df2b2725a17528bd0219c2e259fa5ff16cca
 CVE-2025-1922,0,0,de1e1ca67fdc901d18061c6676a386188acf9c3e5652956afbc8bfc4df588be3,2025-03-05T15:15:16.700000
 CVE-2025-1923,0,0,fb6bb796e915c4eb19c73c083cba3d2b11c3c2b6d1b2cce8fa809b77f776c071,2025-03-05T15:15:16.857000
 CVE-2025-1925,0,0,89ec5e399eff8562ba7e03e6894b43f8413799ce819ad10dde1cb15895d5ace1,2025-03-04T14:15:36.717000
+CVE-2025-1926,1,1,3fd383620155bc700a1d424e89a4dd95e4a6ba03a5a74627a122d5ca83dd4aff,2025-03-10T05:15:35.347000
 CVE-2025-1930,0,0,e0eeca60a40599b41d4e2503f5a7e0f6e6ab961d2b56420baaf24ed1ff9b0d96,2025-03-05T17:15:13.583000
 CVE-2025-1931,0,0,f3d2bb31d03f02113b6a4ed220650cd525ede36c0527a7d65dba0bfc00331a6b,2025-03-05T00:15:36.227000
 CVE-2025-1932,0,0,7d5e9706440df74109c0e84082a12ded8a21dcc94be932d0427a55e38803d4ce,2025-03-05T00:15:36.320000