From 7e9bc809a78690eff232be2328e1d2a4171be3f3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 10 Jan 2025 09:03:56 +0000 Subject: [PATCH] Auto-Update: 2025-01-10T09:00:31.532513+00:00 --- CVE-2024/CVE-2024-131xx/CVE-2024-13183.json | 72 +++++++++++++++++++ CVE-2025/CVE-2025-03xx/CVE-2025-0311.json | 76 +++++++++++++++++++++ README.md | 10 +-- _state.csv | 6 +- 4 files changed, 157 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-131xx/CVE-2024-13183.json create mode 100644 CVE-2025/CVE-2025-03xx/CVE-2025-0311.json diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13183.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13183.json new file mode 100644 index 00000000000..943583ac737 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13183.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-13183", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-10T08:15:25.967", + "lastModified": "2025-01-10T08:15:25.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L118", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3219568/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/themeisle-companion/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f6be2b-5eb6-4828-ae95-7f2253700ee9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0311.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0311.json new file mode 100644 index 00000000000..21dc679da61 --- /dev/null +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0311.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2025-0311", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-10T07:15:08.507", + "lastModified": "2025-01-10T07:15:08.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/Codeinwp/themeisle-companion/commit/c311050b372cf38e82d8ec9deadf4f21a8931487", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1024", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3219568/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/themeisle-companion/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 774ffda0fd0..0f8bd8252c9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-10T05:00:33.161846+00:00 +2025-01-10T09:00:31.532513+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-10T04:15:19.667000+00:00 +2025-01-10T08:15:25.967000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276616 +276618 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-12473](CVE-2024/CVE-2024-124xx/CVE-2024-12473.json) (`2025-01-10T04:15:18.623`) -- [CVE-2024-12606](CVE-2024/CVE-2024-126xx/CVE-2024-12606.json) (`2025-01-10T04:15:19.667`) +- [CVE-2024-13183](CVE-2024/CVE-2024-131xx/CVE-2024-13183.json) (`2025-01-10T08:15:25.967`) +- [CVE-2025-0311](CVE-2025/CVE-2025-03xx/CVE-2025-0311.json) (`2025-01-10T07:15:08.507`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 17af3829572..79d3b5c1811 100644 --- a/_state.csv +++ b/_state.csv @@ -245231,7 +245231,7 @@ CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000 CVE-2024-12470,0,0,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000 CVE-2024-12471,0,0,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000 -CVE-2024-12473,1,1,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000 +CVE-2024-12473,0,0,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000 CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000 CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000 CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000 @@ -245323,7 +245323,7 @@ CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f82 CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000 CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000 CVE-2024-12605,0,0,8a8c58874160061e08ecb18707aaa292a96cf368b219a0f8d84a0cbc9ee9b0b9,2025-01-09T15:15:14.150000 -CVE-2024-12606,1,1,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000 +CVE-2024-12606,0,0,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000 CVE-2024-12616,0,0,12117fcf52b11bd06f0b2df3a48b15a3d855d5a677e047656ff1ff12b92b9905,2025-01-09T11:15:14.970000 CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000 @@ -245688,6 +245688,7 @@ CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000 CVE-2024-13173,0,0,f1a33d2e3c9b2cf91c9a53b07743d77111624711ca1e4fa83f21d1b344cad8f0,2025-01-08T15:15:16.577000 CVE-2024-1318,0,0,875ffbabaf295988fe72077a5574dbe20799a2a8618e7dc53ba31731145c671a,2024-12-31T16:56:50.763000 +CVE-2024-13183,1,1,c06710e484599292530472624034ea6f4353648e49c8ce38c9e19589a75e8e8d,2025-01-10T08:15:25.967000 CVE-2024-13185,0,0,309623867cf2a365ccf0f9b8bad47d56d8813a4020c9e23dc24fdd83b6361ef7,2025-01-08T15:15:17.163000 CVE-2024-13186,0,0,ab68464e9eb8c64ef77f66273b4531bf06ac11994ab182c60b128be5d808b9b1,2025-01-08T14:15:26.227000 CVE-2024-13187,0,0,22a296a0fc204e7fb6d468d261ef96cb75ee85392fddddbfd453c9e83d5a5443,2025-01-08T21:15:11.973000 @@ -276377,6 +276378,7 @@ CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000 CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000 CVE-2025-0306,0,0,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13 +CVE-2025-0311,1,1,de58302344eaf2d5f19c5a918661bf308f3794fc22c5bdd8fec6bf58451dfe49,2025-01-10T07:15:08.507000 CVE-2025-0328,0,0,511489195998b544d95e473f59edc225df3f03b898b8949ae54b7be85757b835,2025-01-09T17:15:17.330000 CVE-2025-0331,0,0,5d1653aab10b087569df4f8a29838e92935196f68c8f8116069a88ef7b3aacf8,2025-01-09T17:15:17.933000 CVE-2025-0333,0,0,2629a2f610016a17e720ebc1880354665b0ae5926a217965d584deca7c3f405b,2025-01-09T17:15:18.077000