Auto-Update: 2024-04-16T12:00:37.616877+00:00

CVE-2024/CVE-2024-13xx/CVE-2024-1357.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1357",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-16T10:15:07.273",
+  "lastModified": "2024-04-16T10:15:07.273",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "Los c\u00f3digos cortos y las funciones adicionales para el complemento de tema Phlox para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto aux_timeline del complemento en todas las versiones hasta la 2.15.5 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en atributos proporcionados por el usuario, como modo_pulgar y tipo_fecha. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/auxin-elements/trunk/includes/general-shortcodes.php#L310",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe175315-99ef-438a-b5b0-a5f190403116?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-288xx/CVE-2024-28834.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-28834",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-03-21T14:15:07.547",
-  "lastModified": "2024-04-11T23:15:09.370",
+  "lastModified": "2024-04-16T10:15:08.023",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -67,6 +67,10 @@
       "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://minerva.crocs.fi.muni.cz/",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://people.redhat.com/~hkario/marvin/",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-38xx/CVE-2024-3867.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-3867",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-16T10:15:08.163",
+  "lastModified": "2024-04-16T10:15:08.163",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    },
+    {
+      "lang": "es",
+      "value": "El tema archive-tainacan-collection para WordPress es vulnerable a Cross-Site Scripting Reflejado debido al uso de add_query_arg sin el escape apropiado en la URL en la versi\u00f3n 2.7.1. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://themes.trac.wordpress.org/changeset/224400/tainacan-interface/2.7.2/archive-tainacan-collection.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd63ca-5ea4-451c-aa97-092a754ca79f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-04-16T10:00:40.646360+00:00
+2024-04-16T12:00:37.616877+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-04-16T09:15:08.817000+00:00
+2024-04-16T10:15:08.163000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-245687
+245689
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `7`
+Recently added CVEs: `2`
 
-- [CVE-2024-32625](CVE-2024/CVE-2024-326xx/CVE-2024-32625.json) (`2024-04-16T09:15:07.167`)
-- [CVE-2024-32631](CVE-2024/CVE-2024-326xx/CVE-2024-32631.json) (`2024-04-16T09:15:07.900`)
-- [CVE-2024-32632](CVE-2024/CVE-2024-326xx/CVE-2024-32632.json) (`2024-04-16T09:15:08.080`)
-- [CVE-2024-32633](CVE-2024/CVE-2024-326xx/CVE-2024-32633.json) (`2024-04-16T09:15:08.260`)
-- [CVE-2024-32634](CVE-2024/CVE-2024-326xx/CVE-2024-32634.json) (`2024-04-16T09:15:08.460`)
-- [CVE-2024-3871](CVE-2024/CVE-2024-38xx/CVE-2024-3871.json) (`2024-04-16T09:15:08.630`)
-- [CVE-2024-3872](CVE-2024/CVE-2024-38xx/CVE-2024-3872.json) (`2024-04-16T09:15:08.817`)
+- [CVE-2024-1357](CVE-2024/CVE-2024-13xx/CVE-2024-1357.json) (`2024-04-16T10:15:07.273`)
+- [CVE-2024-3867](CVE-2024/CVE-2024-38xx/CVE-2024-3867.json) (`2024-04-16T10:15:08.163`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2024-28834](CVE-2024/CVE-2024-288xx/CVE-2024-28834.json) (`2024-04-16T10:15:08.023`)
 
 
 ## Download and Usage

_state.csv

@@ -239301,6 +239301,7 @@ CVE-2024-1353,0,0,7dc4bcc56a6ab6ae775b6111486ce2b2e99fc200a3863d36a2e31e24dc0d9d
 CVE-2024-1354,0,0,7e9a958865e30c89765260c45d4ae133e4c586a23883dff6b33b804192a001d2,2024-03-05T20:22:24.573000
 CVE-2024-1355,0,0,dd36a54ac939524c987827d5cb09797409e1063b770f9d9a2dc86b1a7287f5d9,2024-03-05T20:22:38.100000
 CVE-2024-1356,0,0,006a2f6dfff4352ae3ba24ba5214951c5372a0a8f840d4bddd3e210bc6737588,2024-03-06T15:18:08.093000
+CVE-2024-1357,1,1,86f2546c172a1b4712de16d6bc09f84c806aac6ebb777c328d0bc0178aedd701,2024-04-16T10:15:07.273000
 CVE-2024-1358,0,0,59bf1dc2789a9e992220be1d0127dfa83d08d3077a1ea92d6417d6450ac5f1b5,2024-03-13T18:16:18.563000
 CVE-2024-1359,0,0,709fa5d5f426354abf236525051c41916ab3da3c1737b61ccd8944f2befceb44,2024-03-05T20:22:49.650000
 CVE-2024-1360,0,0,c38d2c5ac11d100cefb5af1387d1e4e25b28335fbaa6d0c6e411837b2ffbcd64,2024-02-23T16:14:43.447000
@@ -244000,7 +244001,7 @@ CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedc
 CVE-2024-28823,0,0,d5aa89b5cdac6c3847ac374cba2a65b191e57c43dc618aabb1da571ab5b5e9dc,2024-03-11T12:47:42.653000
 CVE-2024-28824,0,0,5a9476ae0fdb0520e3a986c832f5f9e27a50da5cb3aa11e06910544296f0e530,2024-03-22T12:45:36.130000
 CVE-2024-2883,0,0,e66be81816608580e2e81ffcb02cca4ae9a2aa5cbea60907cc2e1d80cffbaf4a,2024-03-29T04:15:08.743000
-CVE-2024-28834,0,0,c40039b74480b3b43a27dd9c5495d3e6cdaf4c83e2b4b125a75dca11a19c90d2,2024-04-11T23:15:09.370000
+CVE-2024-28834,0,1,617326121e7c54a3f8d3016598aad088c45cb90d6701018c5def233025840695,2024-04-16T10:15:08.023000
 CVE-2024-28835,0,0,49bfbdf44145b6f468532fe63c5f22ee250837480948f586b7ece01b89ae82eb,2024-03-21T12:58:51.093000
 CVE-2024-28836,0,0,ef9665bb9a0895616f82c07b3b8f93ecbb9dcd318a88906096e3fd29af01d6df,2024-04-03T12:38:04.840000
 CVE-2024-28847,0,0,91e84a48bf06058e30212c2ac01ab493cb3959d3b6bfc21c8760687b856baf08,2024-03-17T22:38:29.433000
@@ -245481,11 +245482,11 @@ CVE-2024-3257,0,0,3c0b711c0035bcf8d4b92bcec7dfdb1ab21cf5c848bdfe1dfc7f34628ee0f7
 CVE-2024-3258,0,0,00a0a017c084aafa026269300c69a9360444c24c6a4308e5e8f072ac33cf3451,2024-04-11T01:25:57.540000
 CVE-2024-3259,0,0,3481f546c5fee878032df1d9aae401834d514bd5070dbdd69c5e7940d2e2efbe,2024-04-11T01:25:57.637000
 CVE-2024-3262,0,0,758c253f08a1135a2d383be61db9b8d36970b2087c7788f9321bc534b0b4222c,2024-04-04T12:48:22.650000
-CVE-2024-32625,1,1,6ae31424e57ebf19df10ef9f0d397f95a21de03ae69a3936024e0ae0f3ef8656,2024-04-16T09:15:07.167000
-CVE-2024-32631,1,1,c592bdbcbfc2772933c5b9e21c42c92f25f1fc80d39535db3731c4467c78975f,2024-04-16T09:15:07.900000
-CVE-2024-32632,1,1,05372bd3bdb0ea0b51850790d21bd07a89a999837658551e32a4bf9ad63d10d2,2024-04-16T09:15:08.080000
-CVE-2024-32633,1,1,d134eed6306e82e5b46ac7a6b78b669c073a4cfad4fcbf1820c3b073efe56eaa,2024-04-16T09:15:08.260000
-CVE-2024-32634,1,1,db19ea124e4e28674d4665d36c4145a89847829847fa7a82241d8c0b86b56e3e,2024-04-16T09:15:08.460000
+CVE-2024-32625,0,0,6ae31424e57ebf19df10ef9f0d397f95a21de03ae69a3936024e0ae0f3ef8656,2024-04-16T09:15:07.167000
+CVE-2024-32631,0,0,c592bdbcbfc2772933c5b9e21c42c92f25f1fc80d39535db3731c4467c78975f,2024-04-16T09:15:07.900000
+CVE-2024-32632,0,0,05372bd3bdb0ea0b51850790d21bd07a89a999837658551e32a4bf9ad63d10d2,2024-04-16T09:15:08.080000
+CVE-2024-32633,0,0,d134eed6306e82e5b46ac7a6b78b669c073a4cfad4fcbf1820c3b073efe56eaa,2024-04-16T09:15:08.260000
+CVE-2024-32634,0,0,db19ea124e4e28674d4665d36c4145a89847829847fa7a82241d8c0b86b56e3e,2024-04-16T09:15:08.460000
 CVE-2024-3266,0,0,254a5ba127b10ac48f062b62dbe4c90ef51eaba1ed741161e5a22416cbb32240,2024-04-10T13:23:38.787000
 CVE-2024-3267,0,0,00a210ede7a73ca33b64d3b8a0e382509d5bafa34ae84022125b180763aee2bd,2024-04-10T13:23:38.787000
 CVE-2024-3270,0,0,6f3801d6fa573f4a130c8a1ad393f7345008a6cf48547c2d9608d260a00cb3bb,2024-04-11T01:25:57.753000
@@ -245684,5 +245685,6 @@ CVE-2024-3797,0,0,a49e1c5a734d1a2c1373957f16247491a1198771bf616ee0ff20957d954e73
 CVE-2024-3802,0,0,5395fe7b87f4e5ca6c4397aa1001686137daab009656e2126daa68d47ebdf7e9,2024-04-15T13:15:31.997000
 CVE-2024-3803,0,0,e342744bdc63b2a58af5ae5f41d9fba8f25773aaa2122f6f6004758c91257faa,2024-04-15T19:15:10
 CVE-2024-3804,0,0,6ace1efb8bc58a0cdfa38459a30729bdc6bb242e239104ec2cc37d4346ad9b8c,2024-04-15T20:15:11.750000
-CVE-2024-3871,1,1,18fc33d03a275f960d5f9bbc78c875c2a58019ec3cf90aaff1327d511a536180,2024-04-16T09:15:08.630000
-CVE-2024-3872,1,1,ee46564a57b49a4537f1de538de5bb50bf0a5bdc7548545714dfac0afa8938fc,2024-04-16T09:15:08.817000
+CVE-2024-3867,1,1,9365023e7046cccde2d6f750559a305b9768185a579e3ff0755c60b213cb54a7,2024-04-16T10:15:08.163000
+CVE-2024-3871,0,0,18fc33d03a275f960d5f9bbc78c875c2a58019ec3cf90aaff1327d511a536180,2024-04-16T09:15:08.630000
+CVE-2024-3872,0,0,ee46564a57b49a4537f1de538de5bb50bf0a5bdc7548545714dfac0afa8938fc,2024-04-16T09:15:08.817000