Auto-Update: 2025-01-10T09:00:31.532513+00:00

CVE-2024/CVE-2024-131xx/CVE-2024-13183.json

@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-13183",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-10T08:15:25.967",
+  "lastModified": "2025-01-10T08:15:25.967",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L118",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3219568/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/themeisle-companion/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f6be2b-5eb6-4828-ae95-7f2253700ee9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-03xx/CVE-2025-0311.json

@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2025-0311",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-10T07:15:08.507",
+  "lastModified": "2025-01-10T07:15:08.507",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://github.com/Codeinwp/themeisle-companion/commit/c311050b372cf38e82d8ec9deadf4f21a8931487",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1024",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3219568/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/themeisle-companion/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-10T05:00:33.161846+00:00
+2025-01-10T09:00:31.532513+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-10T04:15:19.667000+00:00
+2025-01-10T08:15:25.967000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-276616
+276618
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-- [CVE-2024-12473](CVE-2024/CVE-2024-124xx/CVE-2024-12473.json) (`2025-01-10T04:15:18.623`)
-- [CVE-2024-12606](CVE-2024/CVE-2024-126xx/CVE-2024-12606.json) (`2025-01-10T04:15:19.667`)
+- [CVE-2024-13183](CVE-2024/CVE-2024-131xx/CVE-2024-13183.json) (`2025-01-10T08:15:25.967`)
+- [CVE-2025-0311](CVE-2025/CVE-2025-03xx/CVE-2025-0311.json) (`2025-01-10T07:15:08.507`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -245231,7 +245231,7 @@ CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab
 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
 CVE-2024-12470,0,0,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000
 CVE-2024-12471,0,0,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000
-CVE-2024-12473,1,1,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000
+CVE-2024-12473,0,0,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000
 CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000
 CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000
 CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000
@@ -245323,7 +245323,7 @@ CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f82
 CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000
 CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000
 CVE-2024-12605,0,0,8a8c58874160061e08ecb18707aaa292a96cf368b219a0f8d84a0cbc9ee9b0b9,2025-01-09T15:15:14.150000
-CVE-2024-12606,1,1,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000
+CVE-2024-12606,0,0,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000
 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000
 CVE-2024-12616,0,0,12117fcf52b11bd06f0b2df3a48b15a3d855d5a677e047656ff1ff12b92b9905,2025-01-09T11:15:14.970000
 CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000
@@ -245688,6 +245688,7 @@ CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa
 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000
 CVE-2024-13173,0,0,f1a33d2e3c9b2cf91c9a53b07743d77111624711ca1e4fa83f21d1b344cad8f0,2025-01-08T15:15:16.577000
 CVE-2024-1318,0,0,875ffbabaf295988fe72077a5574dbe20799a2a8618e7dc53ba31731145c671a,2024-12-31T16:56:50.763000
+CVE-2024-13183,1,1,c06710e484599292530472624034ea6f4353648e49c8ce38c9e19589a75e8e8d,2025-01-10T08:15:25.967000
 CVE-2024-13185,0,0,309623867cf2a365ccf0f9b8bad47d56d8813a4020c9e23dc24fdd83b6361ef7,2025-01-08T15:15:17.163000
 CVE-2024-13186,0,0,ab68464e9eb8c64ef77f66273b4531bf06ac11994ab182c60b128be5d808b9b1,2025-01-08T14:15:26.227000
 CVE-2024-13187,0,0,22a296a0fc204e7fb6d468d261ef96cb75ee85392fddddbfd453c9e83d5a5443,2025-01-08T21:15:11.973000
@@ -276377,6 +276378,7 @@ CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb
 CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000
 CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000
 CVE-2025-0306,0,0,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13
+CVE-2025-0311,1,1,de58302344eaf2d5f19c5a918661bf308f3794fc22c5bdd8fec6bf58451dfe49,2025-01-10T07:15:08.507000
 CVE-2025-0328,0,0,511489195998b544d95e473f59edc225df3f03b898b8949ae54b7be85757b835,2025-01-09T17:15:17.330000
 CVE-2025-0331,0,0,5d1653aab10b087569df4f8a29838e92935196f68c8f8116069a88ef7b3aacf8,2025-01-09T17:15:17.933000
 CVE-2025-0333,0,0,2629a2f610016a17e720ebc1880354665b0ae5926a217965d584deca7c3f405b,2025-01-09T17:15:18.077000