Auto-Update: 2024-11-19T09:00:21.888938+00:00

CVE-2024/CVE-2024-102xx/CVE-2024-10268.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-10268",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-19T08:15:15.883",
+  "lastModified": "2024-11-19T08:15:15.883",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3188034/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/mp3-music-player-by-sonaar/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/861d0218-0f0f-4299-a0ff-854832348457?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-103xx/CVE-2024-10388.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10388",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-19T08:15:16.293",
+  "lastModified": "2024-11-19T08:15:16.293",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-110xx/CVE-2024-11069.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11069",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-19T08:15:16.577",
+  "lastModified": "2024-11-19T08:15:16.577",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-110xx/CVE-2024-11098.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-11098",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-19T08:15:16.833",
+  "lastModified": "2024-11-19T08:15:16.833",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3188270/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/svg-block/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc1f11-9b53-4e71-b0cc-8f8ebd4a5f32?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-11-19T07:00:20.072979+00:00
+2024-11-19T09:00:21.888938+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-11-19T06:15:17.873000+00:00
+2024-11-19T08:15:16.833000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-270302
+270306
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `4`
 
-- [CVE-2024-10103](CVE-2024/CVE-2024-101xx/CVE-2024-10103.json) (`2024-11-19T06:15:17.740`)
-- [CVE-2024-21539](CVE-2024/CVE-2024-215xx/CVE-2024-21539.json) (`2024-11-19T05:15:16.453`)
-- [CVE-2024-8403](CVE-2024/CVE-2024-84xx/CVE-2024-8403.json) (`2024-11-19T06:15:17.873`)
+- [CVE-2024-10268](CVE-2024/CVE-2024-102xx/CVE-2024-10268.json) (`2024-11-19T08:15:15.883`)
+- [CVE-2024-10388](CVE-2024/CVE-2024-103xx/CVE-2024-10388.json) (`2024-11-19T08:15:16.293`)
+- [CVE-2024-11069](CVE-2024/CVE-2024-110xx/CVE-2024-11069.json) (`2024-11-19T08:15:16.577`)
+- [CVE-2024-11098](CVE-2024/CVE-2024-110xx/CVE-2024-11098.json) (`2024-11-19T08:15:16.833`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -242602,7 +242602,7 @@ CVE-2024-10099,0,0,f14bdb99d2ca7956ea9400330266332303014dc510bc6e629dc22733e615a
 CVE-2024-1010,0,0,b9c2292e551f86bb732084025c958f6307d4b05614efbc31206ace678efe61b8,2024-05-17T02:35:09.883000
 CVE-2024-10100,0,0,f9d8653b0b809755807a27c91859fa59733e823c9baf33fbd9ba6460baccb9d4,2024-11-04T19:15:05.297000
 CVE-2024-10101,0,0,e3896c5d7db68c5b786b00b58edff142c65dff97c0f85c49d64d1701e59c4a4a,2024-11-04T19:15:05.527000
-CVE-2024-10103,1,1,4259a45e1665318ed535f7305838a4cb3abef1b7dc3496a387dfd27ceff4334f,2024-11-19T06:15:17.740000
+CVE-2024-10103,0,0,4259a45e1665318ed535f7305838a4cb3abef1b7dc3496a387dfd27ceff4334f,2024-11-19T06:15:17.740000
 CVE-2024-10104,0,0,72cf69759458c44313ae635dcdff8a669fdc4ab81a7522ae21a712b6681cb93c,2024-11-15T19:35:04.683000
 CVE-2024-10108,0,0,f3f4ad009417795f18debc95373d890db3250e635fff4006fa4ef1bc9580626c,2024-11-01T12:57:03.417000
 CVE-2024-1011,0,0,a83b664837c33e7f0f4cec42868f7bdd93765cacc9e6b97b43804e8b07af65f2,2024-05-17T02:35:09.987000
@@ -242715,6 +242715,7 @@ CVE-2024-10262,0,0,b25951f7fcc5631ad4155b91ad809e634024513fda623a2bac7141bab57d5
 CVE-2024-10263,0,0,d8274159492686a2b3c754959bfc4509f9c9201a502006a3dee5515647626798,2024-11-08T15:59:41.633000
 CVE-2024-10265,0,0,f3110d4f544093035d0a9b2f7bbeb2aefd9a822ae90a8974b8e692b012c9f1eb,2024-11-14T15:17:47.947000
 CVE-2024-10266,0,0,c93db2a67de792a64ad3b8f3ae10accf6f21ac600e94cc18aca994ed95268502,2024-10-29T14:34:04.427000
+CVE-2024-10268,1,1,27c5b1ce8872d5fc213df09447b64c06daeee0d01f3e5b8645d32b090b77d36c,2024-11-19T08:15:15.883000
 CVE-2024-10269,0,0,bfeaf8d939f903a9745c05ccdf0b7972355de998c5dbb79eabed8a663d484515,2024-11-13T17:59:27.717000
 CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000
 CVE-2024-10276,0,0,913e45b2b0c4a67a031924d52b79fd99196e0bfd1eaceb610aead0724000ee9a,2024-10-29T18:15:05.140000
@@ -242803,6 +242804,7 @@ CVE-2024-10380,0,0,251c7695ebdffe14f2a561bb3be22f7946019d2ec5c5cf9081e853969f103
 CVE-2024-10381,0,0,c0308fe75631e6e478c4bb91d489e96b1c2dde80a7b938a5a315dee1135c5bea,2024-11-14T21:44:53.280000
 CVE-2024-10386,0,0,92094aeb70b25026044a453c13f522af4eb391b2229044481dc021518acdc439,2024-11-05T20:07:59.487000
 CVE-2024-10387,0,0,5a1f42d28f618e614b5301c0b94be55a535432bf7194e0692256ccf6aa332018,2024-11-05T20:05:55.323000
+CVE-2024-10388,1,1,c2960cbbc2e5161c0463a02ee44fa68a529103c55fa798af351a15b4f21da7fe,2024-11-19T08:15:16.293000
 CVE-2024-10389,0,0,5c3e383a622dd2c962c1328ad97e7119997516337f3c204f5e02dea9bf077b56,2024-11-04T18:50:05.607000
 CVE-2024-1039,0,0,823ba846a6d7c1759f085b54cf23829cdbadd28135927175e007d2b5df85a6ad,2024-02-07T14:09:47.017000
 CVE-2024-10390,0,0,0f765d0806cdf9196d329bdcf23025ca64b02fa3979afe4c4c743c1ebcd10d41,2024-11-18T17:15:10.897000
@@ -243218,6 +243220,7 @@ CVE-2024-11065,0,0,07ecc20a5dd82ce3ecccd8bd16ce6c9c834a7ee14450b7b733f59e01e4d5a
 CVE-2024-11066,0,0,e16818aa9ce80078f2734ac486cf4eb542ac5bd17e4c391662d4998111e3a483,2024-11-15T18:22:45.323000
 CVE-2024-11067,0,0,56467501c947edd55cd4613fd2ef381247159c27f7d35a83af06c94b6a86acf3,2024-11-15T18:23:32.557000
 CVE-2024-11068,0,0,f7e9062074774d089c911b3e1747ffd8f63444b7d0cb3b7ce8ded4e6fed69b57,2024-11-15T18:24:25.127000
+CVE-2024-11069,1,1,a172cc54d01dc6b8855201d4b16e878d8ae4ef189281e0ed7da7ecf00cc67c55,2024-11-19T08:15:16.577000
 CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000
 CVE-2024-11070,0,0,3b497257d1d87e8089d11256275eff956cb64bd2c8e5b58c0672dafc5015efdc,2024-11-12T13:55:21.227000
 CVE-2024-11073,0,0,ef922d07a39eeb6c1fcac9a877724098fbbee23a8a49829a797889d4fd66dae6,2024-11-18T17:21:19.557000
@@ -243233,6 +243236,7 @@ CVE-2024-11092,0,0,e9f7e804f043cae81931fc37547f9a5b6c886cc0c38e1290ab1e0b94e6cf7
 CVE-2024-11094,0,0,96d31b5c75c99258f7a77fadd259d6f2363d98a6ce11e212a75b9e3f71f6de55,2024-11-18T17:11:17.393000
 CVE-2024-11096,0,0,c3ff544a53c1563b81fded1ba3057d9b03d9b4212c24283ee7f8f621c81cae5e,2024-11-12T13:55:21.227000
 CVE-2024-11097,0,0,42c24fe7e0f8ce5adf3737634dc818886f4840c68e0d42aa533b9f6a8bbe1a75,2024-11-14T15:14:40.767000
+CVE-2024-11098,1,1,c21df5fdfc60ff949c7010ca716fb5ee06a857cecf964ce98fff0dc8269a7e28,2024-11-19T08:15:16.833000
 CVE-2024-11099,0,0,b02ba7425ae521b4e61975a45bff8e8ecb52a8a9c6c1cb2a6953e7ebe403b20e,2024-11-14T14:37:45.570000
 CVE-2024-1110,0,0,2a7a998b7b1ccd0c64d40f28b7bfefdfe0681031ac010f23e86b81b22a7f4df6,2024-02-10T04:13:13.260000
 CVE-2024-11100,0,0,f07ccb7cc897bda2a057cc3519e9430aab72a4403683b1022f65cd547ed95dbc,2024-11-18T18:52:35.447000
@@ -245513,7 +245517,7 @@ CVE-2024-21535,0,0,2e7744380a1db7060122e5ae23002590579ae07efcc1f1beb06e6a3a8350e
 CVE-2024-21536,0,0,4f914cfe6666bcd465a58ac4926a267d85d3e48bad9af0623e3ff24aeb06f5b5,2024-11-01T18:03:15.897000
 CVE-2024-21537,0,0,b5c780dab93a9075b9d24d6af4e9f73fa194b201a9c6953f660e67892e16f17b,2024-11-01T12:57:03.417000
 CVE-2024-21538,0,0,e8cdab9c6756d7f91f4358b51c5fdc4acd8293095dfa14f99a5a2ff2dfe3d783,2024-11-08T19:01:03.880000
-CVE-2024-21539,1,1,dfd9359e0c564c537268368db999f7713955785d7a4a9df91fee71b6b45e0530,2024-11-19T05:15:16.453000
+CVE-2024-21539,0,0,dfd9359e0c564c537268368db999f7713955785d7a4a9df91fee71b6b45e0530,2024-11-19T05:15:16.453000
 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000
 CVE-2024-21540,0,0,ca361900c1eaa9a3b1242a94b8aed82eaba7c8170c10a4efa35cbfaad6b1984c,2024-11-17T09:15:11.853000
 CVE-2024-21541,0,0,373acd5e14ddf4ee5ebb476557660e01f865be6144d1960555899268f402376b,2024-11-13T17:01:16.850000
@@ -269231,7 +269235,7 @@ CVE-2024-8392,0,0,3343898f56ebc4a1eaf8cb14372686dd9582e66846077d475563fa9697365b
 CVE-2024-8394,0,0,537ec046b9d95c9c611478000abd6dd7551041a1f2ea81cd7e79459ae0e45ad8,2024-09-11T16:25:44.833000
 CVE-2024-8395,0,0,7904c0b52ace758f0078aaf5623dc08c2f22d70190a82ab855b84d88ee4995e4,2024-09-19T17:53:45.753000
 CVE-2024-8399,0,0,ff5a0b61b9891ed649233268ce0fa37bd0b7c79ba8aa2863ea2ecc61c35c709c,2024-09-12T19:45:07.347000
-CVE-2024-8403,1,1,76051fc12bd0333a7606f6cf01a867d2aa1e21c6ea793b04145849a57407d57c,2024-11-19T06:15:17.873000
+CVE-2024-8403,0,0,76051fc12bd0333a7606f6cf01a867d2aa1e21c6ea793b04145849a57407d57c,2024-11-19T06:15:17.873000
 CVE-2024-8404,0,0,945e9eec22e9214ed455520b695d919afbd1adaf6153f6675337e3115aa9e84c,2024-10-03T15:19:28.293000
 CVE-2024-8405,0,0,b5a88bc76e184307ddd2beb081f39e50ae83f9779c678cc8991166da3c096aa9,2024-10-03T00:51:18.313000
 CVE-2024-8407,0,0,190893f5b3da05c3b04f6347e8d36e88eb22b5329ec3a82949674ad3abb1a15d,2024-09-05T14:48:28.513000