Auto-Update: 2024-11-02T09:00:19.225011+00:00

2025-07-11 16:13:34 +00:00 · 2024-11-02 09:03:18 +00:00 · 2024-11-02 09:03:18 +00:00 · 829abfb6c4
commit 829abfb6c4
parent ffb974e908
3 changed files with 74 additions and 5 deletions
--- a/CVE-2024/CVE-2024-98xx/CVE-2024-9896.json
+++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9896.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-9896",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-11-02T08:15:03.197",
+  "lastModified": "2024-11-02T08:15:03.197",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The BBP Core \u2013 Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bbp-core/trunk/includes/features/bbpc_attachments/code/front.php#L284",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3179353/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/bbp-core/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a329cf0a-8800-470a-9657-452f26112956?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-11-02T07:00:19.308300+00:00
+2024-11-02T09:00:19.225011+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-11-02T06:15:03.007000+00:00
+2024-11-02T08:15:03.197000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-268013
+268014
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-51774](CVE-2024/CVE-2024-517xx/CVE-2024-51774.json) (`2024-11-02T06:15:03.007`)
+- [CVE-2024-9896](CVE-2024/CVE-2024-98xx/CVE-2024-9896.json) (`2024-11-02T08:15:03.197`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -264356,7 +264356,7 @@ CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c812
 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000
 CVE-2024-5176,0,0,095b03ddd1cdcd739bbe8693b41d7d6e416f60f9815e0be55e0b3850508434d9,2024-06-05T15:15:12.620000
 CVE-2024-5177,0,0,4596ccdb96b84f0f6003dc91187b58acc558e0743564be9aa6ad28db4e46749c,2024-05-24T01:15:30.977000
-CVE-2024-51774,1,1,596774be6de28515ec1b421651436af5f842b86d44b3a546fb99267d554b2c28,2024-11-02T06:15:03.007000
+CVE-2024-51774,0,0,596774be6de28515ec1b421651436af5f842b86d44b3a546fb99267d554b2c28,2024-11-02T06:15:03.007000
 CVE-2024-5178,0,0,bd0c2f144426314e1167d96790d03a45b87cc8b4eeec82d66437d8c03cef924c,2024-07-11T22:15:02.467000
 CVE-2024-5179,0,0,ea665152b8c9953ad6e84eb904f7eac78af7e075a45f2a4da51451b13f6b9cb3,2024-10-09T16:57:08.317000
 CVE-2024-5181,0,0,bbf6825e1d5f360a1a58b67dff2bf4d85afbf0a93fef4d4bb8dfd7975bcf0e60,2024-06-26T12:44:29.693000
@ -267934,6 +267934,7 @@ CVE-2024-9892,0,0,467133fa57ffb28c737f61f289d5c58f570db21daea4bb6d667a876d772714
 CVE-2024-9893,0,0,d84489165ec702532da777a72a4e467826e650640db0f44ed30b8d433e32a61e,2024-10-16T16:38:14.557000
 CVE-2024-9894,0,0,32055c4142b72d0a3f9c19293b700e4df1192ff16d337368689045e8c50a9c33,2024-10-16T22:13:05.583000
 CVE-2024-9895,0,0,9f4575888232de3c29cfc8d0d4e2d5d892b3f5ec9e574dd895cb53771a8a3d74,2024-10-17T20:50:03.503000
+CVE-2024-9896,1,1,50af1852de2ceeb6ef7007469273b0df4a41cf8534b27ab37ac70aa2310c8ecc,2024-11-02T08:15:03.197000
 CVE-2024-9897,0,0,c000f038202bbdf161648c8f1d74fa0a88aad69aa13c730474d96a3fd2473014,2024-11-01T15:27:56.797000
 CVE-2024-9898,0,0,34647a8f54872789fb9d153b7e32e611f940664cb6907ab09e4df7e32cdaa8ba,2024-10-18T12:52:33.507000
 CVE-2024-9899,0,0,6c76ba1fcc7597d7958a7e74c7de009221352c8fe34414d847a1d4d85ee09e27,2024-10-23T21:15:15.050000