Auto-Update: 2025-02-23T07:00:19.532928+00:00

2025-05-08 11:37:26 +00:00 · 2025-02-23 07:03:47 +00:00 · 2025-02-23 07:03:47 +00:00 · 90d9ae33d2
commit 90d9ae33d2
parent ab7b8a69e3
4 changed files with 216 additions and 9 deletions
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13728.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13728.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13728",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-23T06:15:08.710",
+  "lastModified": "2025-02-23T06:15:08.710",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/easy-paypal-donation/tags/1.4.4/core/Base/Stripe.php#L227",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3891a807-aace-460a-ad49-6a282af16084?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-15xx/CVE-2025-1576.json
+++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1576.json
@ -0,0 +1,145 @@
+{
+  "id": "CVE-2025-1576",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-02-23T05:15:11.853",
+  "lastModified": "2025-02-23T05:15:11.853",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://code-projects.org/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/fjl1113/cve/blob/main/sql-fjl.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.296551",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.296551",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.502071",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-23T05:00:23.242915+00:00
+2025-02-23T07:00:19.532928+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-23T04:15:24.980000+00:00
+2025-02-23T06:15:08.710000+00:00
 ```

 ### Last Data Feed Release
@ -33,21 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-282089
+282091
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2025-1575](CVE-2025/CVE-2025-15xx/CVE-2025-1575.json) (`2025-02-23T04:15:24.980`)
+- [CVE-2024-13728](CVE-2024/CVE-2024-137xx/CVE-2024-13728.json) (`2025-02-23T06:15:08.710`)
+- [CVE-2025-1576](CVE-2025/CVE-2025-15xx/CVE-2025-1576.json) (`2025-02-23T05:15:11.853`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-13869](CVE-2024/CVE-2024-138xx/CVE-2024-13869.json) (`2025-02-23T04:15:23.797`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -246857,6 +246857,7 @@ CVE-2024-13722,0,0,fac6574297fad520484336a8f32a80c91be5643d31918d246727bb21994df
 CVE-2024-13723,0,0,f977680e0d30dc0600d1d9cea9477509ddf62122fdeae5be3fea5ec8d4e5f870,2025-02-06T15:15:13.050000
 CVE-2024-13725,0,0,3ae67647de598849d6499031064f2ab84aae12fe373705e9378e4edd2b924528,2025-02-21T15:56:24.220000
 CVE-2024-13726,0,0,6f933b5330ba37986acbe4c29892bcb7173ac142380eeae5f3195ee1c4836999,2025-02-19T22:15:23.043000
+CVE-2024-13728,1,1,01d933e0e8eab0f57340c80a49b41f9c133170ff123cfce5e7909b0bf26b3bfd,2025-02-23T06:15:08.710000
 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000
 CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb99ad,2025-01-31T20:22:33.503000
 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000
@ -246920,7 +246921,7 @@ CVE-2024-13854,0,0,b293d3f2f05083e98beb719565723791c5cf1a85fbf867f7cfec3a20f9286
 CVE-2024-13855,0,0,07563565d63aa0673a3108e0a48747889696d3c84d85640c1521db3b7a6edb9f,2025-02-20T10:15:11.530000
 CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c824b,2024-11-21T08:50:28.063000
 CVE-2024-13867,0,0,d1ccd3c88095b1998a7fe8f4f64aebb963278c8b08e66fe2014f445cd5f48e2a,2025-02-18T18:41:21.660000
-CVE-2024-13869,0,1,486117285d167d67f422310a61d7c3f883da6b0e1477884097893f95f3214b9c,2025-02-23T04:15:23.797000
+CVE-2024-13869,0,0,486117285d167d67f422310a61d7c3f883da6b0e1477884097893f95f3214b9c,2025-02-23T04:15:23.797000
 CVE-2024-1387,0,0,8e6bcbdaec79085616e17d0cff8f7e9074033b4370339ebb2fb375231d6ccb3f,2025-01-07T18:19:26.400000
 CVE-2024-13873,0,0,ddf058f4c75682e8cf7335d38f43094b08f172b8fcc2d656f2cc5238777fc340,2025-02-22T04:15:09.567000
 CVE-2024-13879,0,0,e61e29fd11a21511e45abef3be0c353bba4af1d6241469d18216deb18ad9be53,2025-02-17T16:15:15.950000
@ -279695,7 +279696,8 @@ CVE-2025-1553,0,0,b76c346b19ed32adbb90097d30125f53b18d6b15a685f1353673e4fcdc6363
 CVE-2025-1555,0,0,1c7a4c27ed9d1502d0e15c0e5a57e371d72228c620058c2537224f8b85248601,2025-02-21T21:15:13.703000
 CVE-2025-1556,0,0,724b13759326d4daa23c48d02c1ce795525d880ae020ac09a68b1de9594640a5,2025-02-22T13:15:12.010000
 CVE-2025-1557,0,0,49607b48e972d9fd5d215f054ea7353b084df75dff065ecc488af6c52d9e37af,2025-02-22T13:15:12.247000
-CVE-2025-1575,1,1,4f36554ed6482f45b74d35521d78ee1f8257f79829174fda75a5bd3bf6296f94,2025-02-23T04:15:24.980000
+CVE-2025-1575,0,0,4f36554ed6482f45b74d35521d78ee1f8257f79829174fda75a5bd3bf6296f94,2025-02-23T04:15:24.980000
+CVE-2025-1576,1,1,1f104649f17b82a7de320595b093dfc1101ef45ab193119cf4c9a764ae0261d6,2025-02-23T05:15:11.853000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000