Auto-Update: 2024-09-05T04:00:16.988855+00:00

2025-05-07 19:16:29 +00:00 · 2024-09-05 04:03:16 +00:00 · 2024-09-05 04:03:16 +00:00 · 9a8e879286
commit 9a8e879286
parent 80578f1aa2
3 changed files with 83 additions and 20 deletions
--- a/CVE-2024/CVE-2024-76xx/CVE-2024-7627.json
+++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7627.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-7627",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-05T03:15:03.560",
+  "lastModified": "2024-09-05T03:15:03.560",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L39",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L88",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3138710/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-04T23:55:17.241251+00:00
+2024-09-05T04:00:16.988855+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-04T23:15:13.100000+00:00
+2024-09-05T03:15:03.560000+00:00
 ```

 ### Last Data Feed Release
@ -27,32 +27,26 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-09-04T00:00:08.671105+00:00
+2024-09-05T00:00:08.654914+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-261970
+261971
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `1`

- [CVE-2024-20505](CVE-2024/CVE-2024-205xx/CVE-2024-20505.json) (`2024-09-04T22:15:03.887`)
- [CVE-2024-20506](CVE-2024/CVE-2024-205xx/CVE-2024-20506.json) (`2024-09-04T22:15:04.083`)
- [CVE-2024-2166](CVE-2024/CVE-2024-21xx/CVE-2024-2166.json) (`2024-09-04T22:15:04.260`)
- [CVE-2024-45429](CVE-2024/CVE-2024-454xx/CVE-2024-45429.json) (`2024-09-04T23:15:12.803`)
- [CVE-2024-45692](CVE-2024/CVE-2024-456xx/CVE-2024-45692.json) (`2024-09-04T23:15:12.887`)
+- [CVE-2024-7627](CVE-2024/CVE-2024-76xx/CVE-2024-7627.json) (`2024-09-05T03:15:03.560`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2024-7006](CVE-2024/CVE-2024-70xx/CVE-2024-7006.json) (`2024-09-04T23:15:12.977`)
- [CVE-2024-8088](CVE-2024/CVE-2024-80xx/CVE-2024-8088.json) (`2024-09-04T23:15:13.100`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243190,8 +243190,8 @@ CVE-2024-2049,0,0,398a9eaf0287296877598afba029844504bbde28a3270479d8cbbb594cc11b
 CVE-2024-20497,0,0,f5c62cddf3b4c33041f9a7259cb5d257fc47efeaf18f188937e8f66cc8d5e6a2,2024-09-04T17:15:13.970000
 CVE-2024-2050,0,0,309a92deb7dc6d1c9b389273f8521ce493fa3e8c536f740883081c4cdf858e77,2024-03-18T19:40:00.173000
 CVE-2024-20503,0,0,46b2afa18068952c700112e20999b1b43e12a1420d6d9c2e21b937db590db312,2024-09-04T17:15:14.200000
-CVE-2024-20505,1,1,06f331d71cb5931c6287272adb221d2efbebad20ffeb2224035f46bcfac7f179,2024-09-04T22:15:03.887000
-CVE-2024-20506,1,1,b4323cbd3a12880438ad4d37c85ff20ab68003e216b3b831e98a6103a352f4bc,2024-09-04T22:15:04.083000
+CVE-2024-20505,0,0,06f331d71cb5931c6287272adb221d2efbebad20ffeb2224035f46bcfac7f179,2024-09-04T22:15:03.887000
+CVE-2024-20506,0,0,b4323cbd3a12880438ad4d37c85ff20ab68003e216b3b831e98a6103a352f4bc,2024-09-04T22:15:04.083000
 CVE-2024-2051,0,0,7b283f8057b783b668166a17f1e1ff3c63b74d0e0fa3f6b8acdcd7e3ce5a09c9,2024-03-18T19:40:00.173000
 CVE-2024-2052,0,0,b3dd7173b956ed9ab7dfaa381fa39b77e63aea1f604a72f8ac014b370895d6ab,2024-03-18T19:40:00.173000
 CVE-2024-2053,0,0,0d41c4e474c0960eb5e2399ded25845c51347c47ec843b53809f61d1e3d8fe3e,2024-08-06T15:35:13.397000
@ -244093,7 +244093,7 @@ CVE-2024-21653,0,0,ce4af85c3427e8e239faa818c1af79d7b1adc1dc1f140ac9db4d80e88fa50
 CVE-2024-21654,0,0,ff7ec2b8812a327818c17013b24cdd0ef431c4abd14d7dd5a8537adb8ccd1d32,2024-01-22T19:45:11.213000
 CVE-2024-21655,0,0,e05ae57984fd3423a83e9c7cb5d50a52bb4d06f33337e122d8d866553309143d,2024-01-25T15:36:21.337000
 CVE-2024-21658,0,0,18c2a51afb00aaffed8c0666318b89d67efb8a61f32dfa57925c396be04b5e10,2024-09-03T12:59:02.453000
-CVE-2024-2166,1,1,e6356ea64a22f33ad611c8ab85bb8ce0bb75906e04f60bf7a1f9639224cee6cb,2024-09-04T22:15:04.260000
+CVE-2024-2166,0,0,e6356ea64a22f33ad611c8ab85bb8ce0bb75906e04f60bf7a1f9639224cee6cb,2024-09-04T22:15:04.260000
 CVE-2024-21661,0,0,d5e0d946b3d41760ea6570a14473ae0108c9da74849db85d955568f34a0a7e8b,2024-03-18T19:40:00.173000
 CVE-2024-21662,0,0,6c6f15e19e16a5ef9a32b04238e6288a5bcabd1c5ac78c1dc5b6aa6699d17dcf,2024-03-18T19:40:00.173000
 CVE-2024-21663,0,0,722c9f68e0462dda2a873b80565815f1b1146bfc9206245ea518f4fde9529f1f,2024-01-12T15:22:42.607000
@ -259087,7 +259087,7 @@ CVE-2024-45399,0,0,a30ccec61901cf4020c44300f3c41bd6429ddbc536b4f381353ceaac22a63
 CVE-2024-4540,0,0,56ac6cff101cc91d96d8daf4bfda0c052b655471dc0698e77d798366d59b9124,2024-06-03T23:15:08.930000
 CVE-2024-4541,0,0,3195b1a81526d9da93cf28b1e1f763238ece2897561011f493b9a3c77f12398c,2024-06-20T12:44:01.637000
 CVE-2024-4542,0,0,188546ca483f93e7131261a5bd57b93b03491de5e62247759ac8c05b93c8f51b,2024-05-16T14:15:08.980000
-CVE-2024-45429,1,1,b972bc8cc9a7c4266e7930bda8704953c8efd3af4614703e3299db19b61a3e2d,2024-09-04T23:15:12.803000
+CVE-2024-45429,0,0,b972bc8cc9a7c4266e7930bda8704953c8efd3af4614703e3299db19b61a3e2d,2024-09-04T23:15:12.803000
 CVE-2024-4543,0,0,cda17786b919b03cc3eee3c735d905916723b9b88a929a8c3a419843d78bdd6c,2024-07-03T18:23:54.237000
 CVE-2024-45435,0,0,927041b8e7c5f8f0713d2961d74ba13597912bf3d79d8a6803fd6f88a7797c28,2024-09-03T17:23:36.073000
 CVE-2024-45436,0,0,285ce8c7d8a1a73359dbcdd8ed12fdef35f675e020b230adf62e4aee88352a8c,2024-08-30T16:08:54.840000
@ -259151,7 +259151,7 @@ CVE-2024-4567,0,0,55b6508070b71672e22c57660afab28e7ebc1a40a37655965c41825cdc3bc1
 CVE-2024-45678,0,0,693ea2059e5782af88748cb6a47ab17c5e2b747f0badd3c534ee2c1a86fd5624,2024-09-04T13:05:36.067000
 CVE-2024-4568,0,0,950b62937f2f303cb16f164d002be64527131317e5dfff26daecb96b6bec4236,2024-05-07T13:39:32.710000
 CVE-2024-4569,0,0,2e4b27b05be8561bd3f260b3ccf0eed0d11ea74483878f5df5227737faa1c038,2024-06-28T13:10:05.153000
-CVE-2024-45692,1,1,d086420a1633a8c93bdd779d04038d7625613297106495fa8f7fbf0dd2439557,2024-09-04T23:15:12.887000
+CVE-2024-45692,0,0,d086420a1633a8c93bdd779d04038d7625613297106495fa8f7fbf0dd2439557,2024-09-04T23:15:12.887000
 CVE-2024-4570,0,0,c1cc5ae154200d1c8cbc554d2bd91b7f0d0e2fb1c25faf550303ad23eb2c106c,2024-06-28T13:38:13.630000
 CVE-2024-4571,0,0,76823bb120333d1d68e24e57a18868a62bd826931cb118db3f1630877d1250ae,2024-05-14T15:44:05.750000
 CVE-2024-4572,0,0,6754f54e88e479a744a4367c8d1d2577fd697a90d0783dabcb9fc508df61090e,2024-05-14T15:44:06.153000
@ -261131,7 +261131,7 @@ CVE-2024-7001,0,0,c36cc44ed743aca43eac7951b6662bd893691f9a45d57142d09098c4fe318e
 CVE-2024-7003,0,0,c2f51c1b71164a15818ef9209a48a467e859077ffdde417023c4b7a222f91993,2024-08-07T19:52:18.500000
 CVE-2024-7004,0,0,579c7092925f522b24930d2f858d246e2f0e8b8814ade95b044da8929a9fa444,2024-08-07T21:32:44.190000
 CVE-2024-7005,0,0,50047c6e5a9aa1663d251a4f8d2f7feee05d4f308668b613173701adaf5c68b3,2024-08-07T19:56:48.777000
-CVE-2024-7006,0,1,8bd270169275c3a939797d8747668648b93c090c3795f1c0651d8a42df1da8fb,2024-09-04T23:15:12.977000
+CVE-2024-7006,0,0,8bd270169275c3a939797d8747668648b93c090c3795f1c0651d8a42df1da8fb,2024-09-04T23:15:12.977000
 CVE-2024-7007,0,0,6c2603aae32d52f56620cb62e82bb337e026d3d4a4716b72dab9674c5cf4b216,2024-08-26T16:40:44.500000
 CVE-2024-7008,0,0,e9008eac80639f6b75fc8244a6b0baab3d6a7fa095b7e9aa58d7626a117a490a,2024-08-19T17:19:25.390000
 CVE-2024-7009,0,0,63b067a161bbf9c0630f63b1d51ac801565652e58cd58fdd4516392106a400e2,2024-08-19T17:18:50.290000
@ -261545,6 +261545,7 @@ CVE-2024-7619,0,0,52e157835f9b49014d03653876a6177ba54feacc6eb580f7a52506ce1aa54b
 CVE-2024-7621,0,0,07161284faa2eb0637370b6ff462e631787a37850cefb6ac5fa6750545dd7050,2024-08-12T13:41:36.517000
 CVE-2024-7624,0,0,c87cdcd90fb34d1c79e4bedcfe521cd45a7c97d88fc176665ac59544b2fffb63,2024-08-15T13:01:10.150000
 CVE-2024-7625,0,0,cf7951ec684c41cac7f2f6e12b1507a1eac20d5a4914135abea68670c2031228,2024-08-15T13:01:10.150000
+CVE-2024-7627,1,1,0ae1c3ec00321904deb3ff3d3a9aaac19870bd3ea8c0d28c7aaf2d7a2d48887d,2024-09-05T03:15:03.560000
 CVE-2024-7628,0,0,13c6e75993fc4e0ea638854e2c037e11703f2e05b1bb0a7d2173b121da5472cd,2024-08-15T13:01:10.150000
 CVE-2024-7629,0,0,45eb45459388d6798e88edee38a7dd2ceac912098ce5cc3a42af5f252bb2fbc1,2024-08-21T12:30:33.697000
 CVE-2024-7630,0,0,418e383b03350a1fa5d21be50b8eebc36b3c165fb7c794a3b77aa7313e9af0aa,2024-08-19T13:00:23.117000
@ -261804,7 +261805,7 @@ CVE-2024-8083,0,0,132ff33ed62a0570cfdbcc24775ef89bd874f9ae2d6b782cd1fd9309d1bcaa
 CVE-2024-8084,0,0,800f6f0fe2093be3327a671bc62389e5ecd680550a19025f92dbb7c739b52793,2024-08-27T16:11:11.460000
 CVE-2024-8086,0,0,1db8fbbbc3b8bbc355402aca80f0447c54000b25360ca3b1fa582aada4800dfb,2024-08-27T13:17:34.187000
 CVE-2024-8087,0,0,9e47ad2dfed1c8a4045274b6d757cb5a75d1e05917b45ee6f1489b72f67b871b,2024-08-27T13:19:35.530000
-CVE-2024-8088,0,1,8ddda94d9e5d462484d35576871f82a931bed67f85a71db29ea75a996b1d19a4,2024-09-04T23:15:13.100000
+CVE-2024-8088,0,0,8ddda94d9e5d462484d35576871f82a931bed67f85a71db29ea75a996b1d19a4,2024-09-04T23:15:13.100000
 CVE-2024-8089,0,0,e6e12db9d845890df3284b8f9ed104fa7a1183d91532c3c72d090f8235aedb4e,2024-08-27T13:21:22.927000
 CVE-2024-8102,0,0,b248349fbfc7dc91a8cfc6b19ccb236f9e343d641f8d646df8f93156d2650dcc,2024-09-04T13:05:36.067000
 CVE-2024-8104,0,0,84b5ca88c3348bad2756ea80feacbfeef298cd2f3fb9043558081353a7574b54,2024-09-04T13:05:36.067000