From 829abfb6c49d8da21548c464a3023d6c6c93d357 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 2 Nov 2024 09:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-11-02T09:00:19.225011+00:00 --- CVE-2024/CVE-2024-98xx/CVE-2024-9896.json | 68 +++++++++++++++++++++++ README.md | 8 +-- _state.csv | 3 +- 3 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-98xx/CVE-2024-9896.json diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9896.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9896.json new file mode 100644 index 00000000000..5f7d4ad822c --- /dev/null +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9896.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9896", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-02T08:15:03.197", + "lastModified": "2024-11-02T08:15:03.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BBP Core \u2013 Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bbp-core/trunk/includes/features/bbpc_attachments/code/front.php#L284", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3179353/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/bbp-core/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a329cf0a-8800-470a-9657-452f26112956?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 94f46bcf503..e783455ac06 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-02T07:00:19.308300+00:00 +2024-11-02T09:00:19.225011+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-02T06:15:03.007000+00:00 +2024-11-02T08:15:03.197000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -268013 +268014 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-51774](CVE-2024/CVE-2024-517xx/CVE-2024-51774.json) (`2024-11-02T06:15:03.007`) +- [CVE-2024-9896](CVE-2024/CVE-2024-98xx/CVE-2024-9896.json) (`2024-11-02T08:15:03.197`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 8267920a851..4a8a533fb85 100644 --- a/_state.csv +++ b/_state.csv @@ -264356,7 +264356,7 @@ CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c812 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 CVE-2024-5176,0,0,095b03ddd1cdcd739bbe8693b41d7d6e416f60f9815e0be55e0b3850508434d9,2024-06-05T15:15:12.620000 CVE-2024-5177,0,0,4596ccdb96b84f0f6003dc91187b58acc558e0743564be9aa6ad28db4e46749c,2024-05-24T01:15:30.977000 -CVE-2024-51774,1,1,596774be6de28515ec1b421651436af5f842b86d44b3a546fb99267d554b2c28,2024-11-02T06:15:03.007000 +CVE-2024-51774,0,0,596774be6de28515ec1b421651436af5f842b86d44b3a546fb99267d554b2c28,2024-11-02T06:15:03.007000 CVE-2024-5178,0,0,bd0c2f144426314e1167d96790d03a45b87cc8b4eeec82d66437d8c03cef924c,2024-07-11T22:15:02.467000 CVE-2024-5179,0,0,ea665152b8c9953ad6e84eb904f7eac78af7e075a45f2a4da51451b13f6b9cb3,2024-10-09T16:57:08.317000 CVE-2024-5181,0,0,bbf6825e1d5f360a1a58b67dff2bf4d85afbf0a93fef4d4bb8dfd7975bcf0e60,2024-06-26T12:44:29.693000 @@ -267934,6 +267934,7 @@ CVE-2024-9892,0,0,467133fa57ffb28c737f61f289d5c58f570db21daea4bb6d667a876d772714 CVE-2024-9893,0,0,d84489165ec702532da777a72a4e467826e650640db0f44ed30b8d433e32a61e,2024-10-16T16:38:14.557000 CVE-2024-9894,0,0,32055c4142b72d0a3f9c19293b700e4df1192ff16d337368689045e8c50a9c33,2024-10-16T22:13:05.583000 CVE-2024-9895,0,0,9f4575888232de3c29cfc8d0d4e2d5d892b3f5ec9e574dd895cb53771a8a3d74,2024-10-17T20:50:03.503000 +CVE-2024-9896,1,1,50af1852de2ceeb6ef7007469273b0df4a41cf8534b27ab37ac70aa2310c8ecc,2024-11-02T08:15:03.197000 CVE-2024-9897,0,0,c000f038202bbdf161648c8f1d74fa0a88aad69aa13c730474d96a3fd2473014,2024-11-01T15:27:56.797000 CVE-2024-9898,0,0,34647a8f54872789fb9d153b7e32e611f940664cb6907ab09e4df7e32cdaa8ba,2024-10-18T12:52:33.507000 CVE-2024-9899,0,0,6c76ba1fcc7597d7958a7e74c7de009221352c8fe34414d847a1d4d85ee09e27,2024-10-23T21:15:15.050000