Auto-Update: 2025-01-10T09:00:31.532513+00:00

This commit is contained in:
cad-safe-bot 2025-01-10 09:03:56 +00:00
parent f9494d5b52
commit 7e9bc809a7
4 changed files with 157 additions and 7 deletions

View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-13183",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-10T08:15:25.967",
"lastModified": "2025-01-10T08:15:25.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L118",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3219568/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/themeisle-companion/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f6be2b-5eb6-4828-ae95-7f2253700ee9?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,76 @@
{
"id": "CVE-2025-0311",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-10T07:15:08.507",
"lastModified": "2025-01-10T07:15:08.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Codeinwp/themeisle-companion/commit/47a17c86934cebbfc3f1a812f1afcaa20515c1f7",
"source": "security@wordfence.com"
},
{
"url": "https://github.com/Codeinwp/themeisle-companion/commit/c311050b372cf38e82d8ec9deadf4f21a8931487",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1024",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3219568/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/themeisle-companion/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-10T05:00:33.161846+00:00
2025-01-10T09:00:31.532513+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-10T04:15:19.667000+00:00
2025-01-10T08:15:25.967000+00:00
```
### Last Data Feed Release
@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
276616
276618
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2024-12473](CVE-2024/CVE-2024-124xx/CVE-2024-12473.json) (`2025-01-10T04:15:18.623`)
- [CVE-2024-12606](CVE-2024/CVE-2024-126xx/CVE-2024-12606.json) (`2025-01-10T04:15:19.667`)
- [CVE-2024-13183](CVE-2024/CVE-2024-131xx/CVE-2024-13183.json) (`2025-01-10T08:15:25.967`)
- [CVE-2025-0311](CVE-2025/CVE-2025-03xx/CVE-2025-0311.json) (`2025-01-10T07:15:08.507`)
### CVEs modified in the last Commit

View File

@ -245231,7 +245231,7 @@ CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab
CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
CVE-2024-12470,0,0,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000
CVE-2024-12471,0,0,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000
CVE-2024-12473,1,1,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000
CVE-2024-12473,0,0,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000
CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000
CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000
CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000
@ -245323,7 +245323,7 @@ CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f82
CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000
CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000
CVE-2024-12605,0,0,8a8c58874160061e08ecb18707aaa292a96cf368b219a0f8d84a0cbc9ee9b0b9,2025-01-09T15:15:14.150000
CVE-2024-12606,1,1,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000
CVE-2024-12606,0,0,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000
CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000
CVE-2024-12616,0,0,12117fcf52b11bd06f0b2df3a48b15a3d855d5a677e047656ff1ff12b92b9905,2025-01-09T11:15:14.970000
CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000
@ -245688,6 +245688,7 @@ CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa
CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000
CVE-2024-13173,0,0,f1a33d2e3c9b2cf91c9a53b07743d77111624711ca1e4fa83f21d1b344cad8f0,2025-01-08T15:15:16.577000
CVE-2024-1318,0,0,875ffbabaf295988fe72077a5574dbe20799a2a8618e7dc53ba31731145c671a,2024-12-31T16:56:50.763000
CVE-2024-13183,1,1,c06710e484599292530472624034ea6f4353648e49c8ce38c9e19589a75e8e8d,2025-01-10T08:15:25.967000
CVE-2024-13185,0,0,309623867cf2a365ccf0f9b8bad47d56d8813a4020c9e23dc24fdd83b6361ef7,2025-01-08T15:15:17.163000
CVE-2024-13186,0,0,ab68464e9eb8c64ef77f66273b4531bf06ac11994ab182c60b128be5d808b9b1,2025-01-08T14:15:26.227000
CVE-2024-13187,0,0,22a296a0fc204e7fb6d468d261ef96cb75ee85392fddddbfd453c9e83d5a5443,2025-01-08T21:15:11.973000
@ -276377,6 +276378,7 @@ CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb
CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000
CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000
CVE-2025-0306,0,0,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13
CVE-2025-0311,1,1,de58302344eaf2d5f19c5a918661bf308f3794fc22c5bdd8fec6bf58451dfe49,2025-01-10T07:15:08.507000
CVE-2025-0328,0,0,511489195998b544d95e473f59edc225df3f03b898b8949ae54b7be85757b835,2025-01-09T17:15:17.330000
CVE-2025-0331,0,0,5d1653aab10b087569df4f8a29838e92935196f68c8f8116069a88ef7b3aacf8,2025-01-09T17:15:17.933000
CVE-2025-0333,0,0,2629a2f610016a17e720ebc1880354665b0ae5926a217965d584deca7c3f405b,2025-01-09T17:15:18.077000

Can't render this file because it is too large.