From 73fae7f055020f3cbbf7554da3d3980c7c2132fd Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Tue, 22 Oct 2024 08:03:40 +0000
Subject: [PATCH] Auto-Update: 2024-10-22T08:00:40.322197+00:00

---
 CVE-2024/CVE-2024-88xx/CVE-2024-8852.json | 64 +++++++++++++++++++++++
 CVE-2024/CVE-2024-96xx/CVE-2024-9627.json | 60 +++++++++++++++++++++
 README.md                                 | 10 ++--
 _state.csv                                |  6 ++-
 4 files changed, 133 insertions(+), 7 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-88xx/CVE-2024-8852.json
 create mode 100644 CVE-2024/CVE-2024-96xx/CVE-2024-9627.json

diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json
new file mode 100644
index 00000000000..5ac51651769
--- /dev/null
+++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-8852",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-22T06:15:04.890",
+  "lastModified": "2024-10-22T06:15:04.890",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/tags/7.86/functions.php#L297",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json
new file mode 100644
index 00000000000..bb4a482b8bf
--- /dev/null
+++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9627",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-22T07:15:02.687",
+  "lastModified": "2024-10-22T07:15:02.687",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/green-wp-telegram-bot-by-teplitsa/trunk/inc/core.php?rev=1754863#L266",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/091dadcb-71ac-4321-b3aa-72b5fbbd9163?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 634c33987d0..74e8ea34c45 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-10-22T06:00:51.497030+00:00
+2024-10-22T08:00:40.322197+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-10-22T05:15:05.163000+00:00
+2024-10-22T07:15:02.687000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-266687
+266689
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-- [CVE-2024-10002](CVE-2024/CVE-2024-100xx/CVE-2024-10002.json) (`2024-10-22T05:15:03.513`)
-- [CVE-2024-10003](CVE-2024/CVE-2024-100xx/CVE-2024-10003.json) (`2024-10-22T05:15:05.163`)
+- [CVE-2024-8852](CVE-2024/CVE-2024-88xx/CVE-2024-8852.json) (`2024-10-22T06:15:04.890`)
+- [CVE-2024-9627](CVE-2024/CVE-2024-96xx/CVE-2024-9627.json) (`2024-10-22T07:15:02.687`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index dfd4460e074..32ddbaa0b96 100644
--- a/_state.csv
+++ b/_state.csv
@@ -242313,8 +242313,8 @@ CVE-2024-0997,0,0,40cbe7d07647cf304a8bc3bc11787b58a8f50582e3e8b65316a7ae7fa59c2b
 CVE-2024-0998,0,0,f7933578d5dbeb3f77563ebf1f5420d4cf36180b38c1c7cf760eedcdac974d39,2024-05-17T02:35:08.490000
 CVE-2024-0999,0,0,84034800a287889c8e66f3ba01c1d930a06538aadfe1b375cfd8893390aed6f7,2024-05-17T02:35:08.593000
 CVE-2024-1000,0,0,60c836cbd4d96144c97b06caa16452d33dc82172b5cc2c653a7406010f53b5df,2024-05-17T02:35:08.790000
-CVE-2024-10002,1,1,d9e6d9c3dadfeee65af18c96f3354f0e28813a6d08ae2b1ad0584b6cf7f1e0bf,2024-10-22T05:15:03.513000
-CVE-2024-10003,1,1,64b23dc1f174419c9d8c99f8734c8d02061ba723f84ef2d2f2fefc86eed2ca40,2024-10-22T05:15:05.163000
+CVE-2024-10002,0,0,d9e6d9c3dadfeee65af18c96f3354f0e28813a6d08ae2b1ad0584b6cf7f1e0bf,2024-10-22T05:15:03.513000
+CVE-2024-10003,0,0,64b23dc1f174419c9d8c99f8734c8d02061ba723f84ef2d2f2fefc86eed2ca40,2024-10-22T05:15:05.163000
 CVE-2024-10004,0,0,2b01ad1fe33b0387cc6ecf8ca605118100ba1eac830a494972582a4b13530ed3,2024-10-16T20:35:08.850000
 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000
 CVE-2024-10014,0,0,1395463dc1e29fd6db71d83f72260a8cd3462c205364f301260cc7f7b129af31,2024-10-18T12:52:33.507000
@@ -266105,6 +266105,7 @@ CVE-2024-8802,0,0,8bf5ff4db31e0529cbd08652ac36154d0a1e65a032bdeeb095aa4e8638ac05
 CVE-2024-8803,0,0,1e0c20c4da3042f287bedde6aa980588230b643699023347d741bb81db132ef8,2024-10-02T17:15:12.677000
 CVE-2024-8804,0,0,08d968e195b0f36220a0a723a12b9b939996510ce1ddcb52b8152a63b9728d80,2024-10-10T20:56:49.403000
 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000
+CVE-2024-8852,1,1,0b1182c776835fe068a3207b2af26f5dc7665473cb89eeae771b708ff2a9a60a,2024-10-22T06:15:04.890000
 CVE-2024-8853,0,0,b5a3b0675f8f2657c7381537f08c47ae3a3694c18acf1b18976370e35c278f0e,2024-09-25T17:49:25.653000
 CVE-2024-8858,0,0,a55a2b45b2b7a3f3c60e0d8077307a88defc4d63f2b498893a25b1463c90c22f,2024-10-02T18:41:29.067000
 CVE-2024-8861,0,0,d76e122800aa09ccce1d9be4ecd54fe7a1857f12f95213a173e1ba2fbaa723db,2024-10-01T13:41:27.213000
@@ -266544,6 +266545,7 @@ CVE-2024-9620,0,0,6bab3b47a8124e2f6e45a39c3f1a067698db02be0764fadf48434470b2bdf7
 CVE-2024-9621,0,0,9e376b0f3dfa34027ae088e771a22694180917eee238e690ac2f4896caf46a6b,2024-10-10T12:56:30.817000
 CVE-2024-9622,0,0,616f2c897f0ea8915fa743288697302d927eccd4a4b981ffaaf2224bd032869d,2024-10-10T12:56:30.817000
 CVE-2024-9623,0,0,86dd85464498f6d194e548538328537f5fc627208085718de66c1a06e69de686,2024-10-16T16:59:36.817000
+CVE-2024-9627,1,1,c53a4fffe57ddcb530aac48ba4bd57b269f2a71e63ad0678519398b89567837e,2024-10-22T07:15:02.687000
 CVE-2024-9634,0,0,d64c376a2cd176bba19f7a8121026bf8ac88c7cb95243ab4e56bfc5d5fa1c1d3,2024-10-16T16:38:14.557000
 CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615f9,2024-10-16T16:38:14.557000
 CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000