Auto-Update: 2024-04-06T04:00:38.666720+00:00

2025-07-11 16:13:34 +00:00 · 2024-04-06 04:03:28 +00:00 · 2024-04-06 04:03:28 +00:00 · 86dc006c4a
commit 86dc006c4a
parent ceead18160
5 changed files with 114 additions and 15 deletions
--- a/CVE-2024/CVE-2024-19xx/CVE-2024-1994.json
+++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1994.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1994",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-06T02:15:07.493",
+  "lastModified": "2024-04-06T02:15:07.493",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3064501%40image-watermark&new=3064501%40image-watermark&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a66e30-972b-4a7b-9d47-ad7abd574e36?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json
+++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3209.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-3209",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-04-02T23:15:55.083",
-  "lastModified": "2024-04-03T12:38:04.840",
+  "lastModified": "2024-04-06T03:15:07.983",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -80,6 +80,10 @@
      "url": "https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing",
      "source": "cna@vuldb.com"
    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/",
+      "source": "cna@vuldb.com"
+    },
    {
      "url": "https://vuldb.com/?ctiid.259055",
      "source": "cna@vuldb.com"
--- a/CVE-2024/CVE-2024-32xx/CVE-2024-3245.json
+++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3245.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3245",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-06T03:15:08.103",
+  "lastModified": "2024-04-06T03:15:08.103",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3064544/embedpress/tags/3.9.15/Gutenberg/dist/blocks.build.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a427c798-f546-4ca1-98ab-32b433ee5b59?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-06T02:00:30.559601+00:00
+2024-04-06T04:00:38.666720+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-06T01:15:45.400000+00:00
+2024-04-06T03:15:08.103000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-244258
+244260
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2024-1994](CVE-2024/CVE-2024-19xx/CVE-2024-1994.json) (`2024-04-06T02:15:07.493`)
+- [CVE-2024-3245](CVE-2024/CVE-2024-32xx/CVE-2024-3245.json) (`2024-04-06T03:15:08.103`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `4`
+Recently modified CVEs: `1`

- [CVE-2023-7152](CVE-2023/CVE-2023-71xx/CVE-2023-7152.json) (`2024-04-06T01:15:45.233`)
- [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2024-04-06T01:15:45.400`)
- [CVE-2024-29745](CVE-2024/CVE-2024-297xx/CVE-2024-29745.json) (`2024-04-06T01:00:01.457`)
- [CVE-2024-29748](CVE-2024/CVE-2024-297xx/CVE-2024-29748.json) (`2024-04-06T01:00:01.457`)
+- [CVE-2024-3209](CVE-2024/CVE-2024-32xx/CVE-2024-3209.json) (`2024-04-06T03:15:07.983`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -237955,13 +237955,13 @@ CVE-2023-7148,0,0,a8be9b042606ddbe08f78257f07987021d93f188bbdbe3bee89d64b666a19c
 CVE-2023-7149,0,0,ca416e5e70e38b7495b0b747b2dc7b931cc8953e7b176d36b81769ecf62c4ee4,2024-03-21T02:50:56.743000
 CVE-2023-7150,0,0,b6f897157147c70205cdd64e696497c8c5eb8cad933d57519ff89024cb3c95f0,2024-03-21T02:50:56.820000
 CVE-2023-7151,0,0,bb32bdd519a1a50b8c5ab4a323d30cc39a75571831ac8e58df336f69b7cfff53,2024-01-23T15:40:52.973000
-CVE-2023-7152,0,1,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000
+CVE-2023-7152,0,0,f71049911247b5f48bb9ff01c432ee6f2fc7deb5b6fb0b5d19b4da1b23c702c6,2024-04-06T01:15:45.233000
 CVE-2023-7153,0,0,e011618db3076d02be0d1ef8dfe51744f3234f2e36498aa2346c160b31a75578,2024-01-24T21:43:31.700000
 CVE-2023-7154,0,0,076d7cbaa09541993347ce9e0a30d4438c72b1ebd3caf4aa248135ca6dfc7806,2024-01-23T15:45:39.513000
 CVE-2023-7155,0,0,2c4a910ee915766a4997b8baa8551f7532d0761b7c421d119c9e58611e87894e,2024-03-21T02:50:57.017000
 CVE-2023-7156,0,0,9b143d48e59b9a06e97c0691c424f9c191a50d6af31ed90dc82638c9c59a00f4,2024-03-21T02:50:57.100000
 CVE-2023-7157,0,0,085718248145b3910cb7f5275b79909f7d5d52c6d35d62db614b0f16c4e4f070,2024-03-21T02:50:57.180000
-CVE-2023-7158,0,1,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000
+CVE-2023-7158,0,0,a2ad87bc94f435638b7ffdea2c2395b764e4e256f992ceaa10b7f5ea94800837,2024-04-06T01:15:45.400000
 CVE-2023-7159,0,0,8d5e7e4e57c83d9d1d76429e1dd1433b725bde4bf31c777d13caf26d913c9e88,2024-03-21T02:50:57.347000
 CVE-2023-7160,0,0,57a4883751b56355696f40cda7c15e6f0148ae11f808040b9849296f5ea9baa1,2024-03-21T02:50:57.423000
 CVE-2023-7161,0,0,28c67d3d8e220f9d2201938311d118238f730177c4b708ae4f1cc3bf111518c5,2024-03-21T02:50:57.503000
@ -239471,6 +239471,7 @@ CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a50
 CVE-2024-1987,0,0,51b6353c7487197fcf85dba32dd0017998b1425a36ba707e32269bf4afb531af,2024-03-08T14:02:57.420000
 CVE-2024-1989,0,0,e603d4bdfbac73448a418c09b573178507e96a797a5be54fa1a78504bbf887da,2024-03-06T15:18:08.093000
 CVE-2024-1992,0,0,5414f0dcecaa73989b0a42a4479c3faccff7f0923e4cfe603f1f9c3c287083d8,2024-03-20T17:15:07.307000
+CVE-2024-1994,1,1,2d320061e2c6e529463ce81ef236173e7a49dd141485fa7a01f610922097b56e,2024-04-06T02:15:07.493000
 CVE-2024-1995,0,0,941755b4b854fdf87f18ab79194bcc08291f96cbab42350512c28358afffef58,2024-03-20T13:00:16.367000
 CVE-2024-1996,0,0,5966bad552d6bc038d1a2d91bc8f9a32839c685a6932cffdc232ba52d55e3b88,2024-03-13T18:15:58.530000
 CVE-2024-1997,0,0,b02f2b8fcf27f075ede3d31ab90af2f1a113a308252f819da806cdcb7ece15d4,2024-03-13T18:15:58.530000
@ -243591,10 +243592,10 @@ CVE-2024-29741,0,0,5287e10912b70bb061f53de5b83b003317f0455c1e6e8382ca56aea272ded
 CVE-2024-29742,0,0,f2bc3ea7d601e3d2f89366bc3bf789f7dff9d33d7b969d0681ff0702c8c803ee,2024-04-05T20:15:08.107000
 CVE-2024-29743,0,0,c449523fdbfed70e93eb5db09bb0072175dcc5ddecf792b0802f1d6b3e48b44c,2024-04-05T20:15:08.153000
 CVE-2024-29744,0,0,648f768a13bd9fd094226fb33743af4a7accff23b8393394010a398a2bf9faf7,2024-04-05T20:15:08.207000
-CVE-2024-29745,0,1,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000
+CVE-2024-29745,0,0,24f41921889efc59aaa402736c6df0e952e96c4f842ce54c13a55a7b3d2be851,2024-04-06T01:00:01.457000
 CVE-2024-29746,0,0,f387564f14fa535ea564257d7225ec27fec8b4e39ff6f86e757de7acb23d8e1e,2024-04-05T20:15:08.303000
 CVE-2024-29747,0,0,0548417396958cc0ffb5d57a429a647040bc882fc6a141dfeabf96110c8e560c,2024-04-05T20:15:08.357000
-CVE-2024-29748,0,1,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000
+CVE-2024-29748,0,0,7732ad9a1de8b45d96de54d0487bb91ac44da9f878960006692d24ae4eceaf54,2024-04-06T01:00:01.457000
 CVE-2024-29749,0,0,013121f5f2cf9fc7d35fb3733cc7a973426593dc74f4252d96fe96b1177b73b1,2024-04-05T20:15:08.457000
 CVE-2024-29750,0,0,1d1c2c89d3a1e4369128e0b96b6eea44ed888a0866ddcc895f3f878c4d78c9f8,2024-04-05T20:15:08.507000
 CVE-2024-29751,0,0,8771fda4f10da37042d80e537d9a6c45d11e384af07f52c7e0558da9a6e89d31,2024-04-05T20:15:08.560000
@ -244209,7 +244210,7 @@ CVE-2024-3203,0,0,697bde31fba6d3c5a0e2d11da403a2e3b16828faac086b66cd78b0527d17b9
 CVE-2024-3204,0,0,a9dea1ca01b499632a34af3ee57c461ecd8a21787537da790c2ae8f833a61142,2024-04-03T12:38:04.840000
 CVE-2024-3205,0,0,b2f3ceb1bf38a09a954460b526a18eba5a5a22a0c7181b9f1de158755c6153d4,2024-04-03T12:38:04.840000
 CVE-2024-3207,0,0,5c9ae7819818cf69391317769652edafe7eb5058db1623e7c6299d6d13471791,2024-04-03T12:38:04.840000
-CVE-2024-3209,0,0,30868cdb47dd928f589dfe2abcfe897db3e1f5f5372f4956ca12525c6828bcc3,2024-04-03T12:38:04.840000
+CVE-2024-3209,0,1,cbfab2641f7deaa26fa0bc09801c52aa5b55dcac193d132dc1556c423a22c65d,2024-04-06T03:15:07.983000
 CVE-2024-3217,0,0,4de075781ed27d9af99ed393e165df2d285dc08a6ed9934e378886c989fa51ff,2024-04-05T12:40:52.763000
 CVE-2024-3218,0,0,2efa792f2f422ae3d499fd8bd729cdb1e057c75ae9cfbaccf7a66bc466210399,2024-04-03T12:38:04.840000
 CVE-2024-3221,0,0,265e838721fb682684198a7086d104f84e57519a8c4d6ef772db38592eb6bf44,2024-04-03T12:38:04.840000
@ -244219,6 +244220,7 @@ CVE-2024-3224,0,0,df4c497061254d88e30845f005326a0e8dcc0160759089f479b7881ad8ceac
 CVE-2024-3225,0,0,c811644d786446dc903ce63beb97b40688ffdfe279f9ae136fe25e53360310ab,2024-04-03T12:38:04.840000
 CVE-2024-3226,0,0,0d9ebebedadf244922f8385228c3d640f57a5f4e2e40a7b8124aa06fa756c486,2024-04-03T12:38:04.840000
 CVE-2024-3227,0,0,5e86de506c0356caace938eb3ddc76daf74ee07964bebbed2f3824e6fdb4ef31,2024-04-03T12:38:04.840000
+CVE-2024-3245,1,1,f4ace3e27e90324ae2d6a62ba6dc26be58efe872e0e8b571a9ab725be446fd07,2024-04-06T03:15:08.103000
 CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000
 CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000
 CVE-2024-3250,0,0,2d6e4fa76cca7b8e01352ea4b54b7151a6b9e9608e9608dee225853dfeeb2f71,2024-04-04T22:15:09.350000