Auto-Update: 2024-06-18T04:00:18.229731+00:00

2025-07-09 16:05:11 +00:00 · 2024-06-18 04:03:09 +00:00 · 2024-06-18 04:03:09 +00:00 · 8b2536b0a9
commit 8b2536b0a9
parent bd33726b61
7 changed files with 226 additions and 11 deletions
--- a/CVE-2024/CVE-2024-08xx/CVE-2024-0845.json
+++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0845.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0845",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-18T03:15:09.330",
+  "lastModified": "2024-06-18T03:15:09.330",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1634.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1634.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1634",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-18T03:15:09.580",
+  "lastModified": "2024-06-18T03:15:09.580",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Scheduling Plugin \u2013 Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/calendar-booking/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json
+++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-21096",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2024-04-16T22:15:30.207",
-  "lastModified": "2024-06-10T18:15:25.143",
+  "lastModified": "2024-06-18T02:15:09.823",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -39,6 +39,10 @@
    ]
  },
  "references": [
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/",
+      "source": "secalert_us@oracle.com"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/",
      "source": "secalert_us@oracle.com"
--- a/CVE-2024/CVE-2024-43xx/CVE-2024-4375.json
+++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4375.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-4375",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-18T03:15:09.797",
+  "lastModified": "2024-06-18T03:15:09.797",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L817",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-55xx/CVE-2024-5541.json
+++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5541.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-5541",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-18T03:15:10.020",
+  "lastModified": "2024-06-18T03:15:10.020",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/admin/settings.php#L9",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/dist/blocks.build.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e022febe-7295-493d-afa7-185f55b4d3b9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-18T02:00:18.426605+00:00
+2024-06-18T04:00:18.229731+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-18T01:15:20.333000+00:00
+2024-06-18T03:15:10.020000+00:00
 ```

 ### Last Data Feed Release
@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-254324
+254328
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `4`

- [CVE-2024-6083](CVE-2024/CVE-2024-60xx/CVE-2024-6083.json) (`2024-06-18T00:15:09.853`)
- [CVE-2024-6084](CVE-2024/CVE-2024-60xx/CVE-2024-6084.json) (`2024-06-18T01:15:20.333`)
+- [CVE-2024-0845](CVE-2024/CVE-2024-08xx/CVE-2024-0845.json) (`2024-06-18T03:15:09.330`)
+- [CVE-2024-1634](CVE-2024/CVE-2024-16xx/CVE-2024-1634.json) (`2024-06-18T03:15:09.580`)
+- [CVE-2024-4375](CVE-2024/CVE-2024-43xx/CVE-2024-4375.json) (`2024-06-18T03:15:09.797`)
+- [CVE-2024-5541](CVE-2024/CVE-2024-55xx/CVE-2024-5541.json) (`2024-06-18T03:15:10.020`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2024-21096](CVE-2024/CVE-2024-210xx/CVE-2024-21096.json) (`2024-06-18T02:15:09.823`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -241089,6 +241089,7 @@ CVE-2024-0840,0,0,a29fd729ffdb30a11acea1b506301229e907e8ea6ce7fdfdd44e196863c898
 CVE-2024-0841,0,0,9e65cbfff7725abca8b3bb8d47238fadc1759ba27b260df301bbf9206f25aa46,2024-05-22T17:16:11.667000
 CVE-2024-0842,0,0,2d4febcc0a5bd3f6b5f6eeeb222e1bdadfd7499df5c95fd0f9cc7e2a10a87dbd,2024-02-15T19:11:14.253000
 CVE-2024-0844,0,0,9b0ede7ee0379ed34aa516e6f2cba464e96d05ae45278d47c03f7b0b4baaf7d5,2024-02-08T16:15:39.903000
+CVE-2024-0845,1,1,f5157ada9c80be62143fc3b476b2c597f2f65b6c0952aac15a121512f61d89f1,2024-06-18T03:15:09.330000
 CVE-2024-0847,0,0,2423a45a83c68ee77ea1657795a6b4f742f1b905ef7ab47fbb7c37fbc6c3b67d,2024-05-02T18:00:37.360000
 CVE-2024-0848,0,0,31e58640f306446653f67bc78198fcff39c93c6b22a4398146342d7991ad8c6a,2024-05-02T18:00:37.360000
 CVE-2024-0849,0,0,ab143b9a0b5d37d266faac9cd54f50fee666b57f962e8e1bec5db73357a455f9,2024-02-13T19:16:30.810000
@ -241791,6 +241792,7 @@ CVE-2024-1630,0,0,b3e63ab3fca2f57c425774ec83616f21b44473c1f5570d1282d02bf599e377
 CVE-2024-1631,0,0,fc2893d5d84aff0551fae290d2fe3cfb3246f815cc3e85e7be8cb7a443e59ea9,2024-02-22T19:07:37.840000
 CVE-2024-1632,0,0,6e1c47780d96ad6fcb59ec0ca790b51a445b7ba6bfe735fc687e801fa4e9fa24,2024-02-28T14:06:45.783000
 CVE-2024-1633,0,0,38fdaaa081cb72684e8a3a7c24003a4981094738f4cb62580982692842e12368,2024-02-20T19:50:53.960000
+CVE-2024-1634,1,1,78175d9e4bf293beda410596616055bfefd86fe734d011e12eb7dad6e0525eeb,2024-06-18T03:15:09.580000
 CVE-2024-1635,0,0,df1dd81e97ec5df9995721a1f269c745906d52047fd48e8691457cab01d3dbf8,2024-04-17T16:15:07.720000
 CVE-2024-1636,0,0,110561fc2d8220a09cd098605d5d9c82332c44e2266859d6f751e2ed66576fc3,2024-02-28T14:06:45.783000
 CVE-2024-1637,0,0,ad9b5ab8aa7d33952d11bf9f2ca328427186899a35864ba9221fa2bbd849dc16,2024-04-10T13:24:00.070000
@ -242782,7 +242784,7 @@ CVE-2024-21092,0,0,a96f28afb2f79eb08be708f78284cdf08500da8888a0d9699ed9e4b0d6e8e
 CVE-2024-21093,0,0,3d565421d62fe80376ef2125e9dfb06fdc2a836fda042dda6ad1a1534f2a4f7d,2024-04-17T12:48:31.863000
 CVE-2024-21094,0,0,45dda780f642e6a4bed8a6906d75e79d99e2cd6f95b5c06d841ff6133c98a162,2024-04-26T09:15:11.613000
 CVE-2024-21095,0,0,5ad9583e4e50b36f664407f6f6164a53dc891483d679c27c4541f930caca17b4,2024-04-17T12:48:31.863000
-CVE-2024-21096,0,0,146ff4a38a4261159d6accf3efdfd780cdd584d34a8524d9f2a6ff246748b553,2024-06-10T18:15:25.143000
+CVE-2024-21096,0,1,f886e9f1346c46c50df462685f956aa1271b364c94bcf6ac8ddc7ccf2fe96a82,2024-06-18T02:15:09.823000
 CVE-2024-21097,0,0,8349406a296787533db135239586ab1e354af73ee7e59b17b17098f82af1b697,2024-04-17T12:48:31.863000
 CVE-2024-21098,0,0,831ff7ad8d2c7af64e56d89acbf46d4cc91ab5d8748a94e6b6ad4c192afd1308,2024-04-17T12:48:31.863000
 CVE-2024-21099,0,0,a8cfc88916a19c4050e2f5c67f5f573e697d20587d6396cec4852563c2a2b6c3,2024-04-17T12:48:31.863000
@ -253330,6 +253332,7 @@ CVE-2024-4371,0,0,6cec3438f9da16aaaf81036d5252f279057c04fa33a9a5b8c9aee6667c7b57
 CVE-2024-4372,0,0,88e318f3c277cb3db68d033332d7a1ea039944347227497506fc7085644cb64e,2024-05-21T12:37:59.687000
 CVE-2024-4373,0,0,f38def9014d5248f107e6bba87e0f735d485b9410ddb561204173488b0ad462b,2024-05-15T16:40:19.330000
 CVE-2024-4374,0,0,d60604ecf379bdaaec2b6706393723f20191611e78669219836ffafca51bb0b7,2024-05-20T13:00:34.807000
+CVE-2024-4375,1,1,0c05d2181d27372e2e73037a21c8284a668309e752ea21705c58e83f5006338b,2024-06-18T03:15:09.797000
 CVE-2024-4376,0,0,a37f8f2c30013a9ce99cf3397e8919ec44dbe48bf70335aec6d3a9f3c4d5ff1f,2024-05-31T13:01:46.727000
 CVE-2024-4378,0,0,3d00b0a6c1463c84b18edbc3f37b735155a12d4e83c941a4e59e5c575fc8dda7,2024-05-24T01:15:30.977000
 CVE-2024-4379,0,0,4d59152fb4b73c11db800a656f5856d441c43de1bb0066c24dea588b8283a5e6,2024-05-31T13:01:46.727000
@ -254130,6 +254133,7 @@ CVE-2024-5531,0,0,aff596c4345d9e9649e4107c993c40fc7416a56fa205089ee8692b6e8ba6ce
 CVE-2024-5536,0,0,d892d63cd79e6d462fe4485ce154b4e3b14e14d416b8b4d67114661d27280a01,2024-06-11T17:28:37.343000
 CVE-2024-5537,0,0,071475eb8c0f92cc8ea9522d658283ad0e8213ba6740ff46ee05e5b24c18c3d8,2024-05-30T17:15:34.583000
 CVE-2024-5538,0,0,183cea799fa9410e329e72f326a10b8369aedcea9a5b7583a44bf33ecc305070,2024-05-31T11:15:09.923000
+CVE-2024-5541,1,1,abee97a7911b8ced43e1d9fd59bbf81c997c44a26dd0413a404147eb4da33232,2024-06-18T03:15:10.020000
 CVE-2024-5542,0,0,77ae3f3a7c4ffc662d4e5625f82b1efcc56a12c39abbd3546ebc6e9e7e619033,2024-06-11T18:25:51.200000
 CVE-2024-5543,0,0,8e93e3d42337fd51f8d8d19b50b3f68377ba39e905a95b2594b9c3824c59b9ee,2024-06-13T18:36:09.013000
 CVE-2024-5550,0,0,e4fc13aea5b719d7c555043aa9a8be47a59e2f4d5eac2e9fa0d5ff8a8edb892f,2024-06-07T14:56:05.647000
@ -254321,5 +254325,5 @@ CVE-2024-6066,0,0,4be16afb26a67eeaa99325b278e1eb15007f8629556d5972406c66487d6fe7
 CVE-2024-6067,0,0,917ec11acc59771cd289e02ed472e235338a36350e131e2242624c6b5a660576,2024-06-17T22:15:10.657000
 CVE-2024-6080,0,0,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2ed,2024-06-17T23:15:51.583000
 CVE-2024-6082,0,0,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000
-CVE-2024-6083,1,1,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000
-CVE-2024-6084,1,1,8f1263f1fd5f68ce001ded5ef625a4f2157c36b7cc48c52db74013e47bd8c7ad,2024-06-18T01:15:20.333000
+CVE-2024-6083,0,0,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000
+CVE-2024-6084,0,0,8f1263f1fd5f68ce001ded5ef625a4f2157c36b7cc48c52db74013e47bd8c7ad,2024-06-18T01:15:20.333000