Auto-Update: 2024-11-20T09:00:35.339384+00:00

2025-07-11 16:13:34 +00:00 · 2024-11-20 09:03:38 +00:00 · 2024-11-20 09:03:38 +00:00 · 9bf0580d5f
commit 9bf0580d5f
parent ba209ee6e6
13 changed files with 674 additions and 17 deletions
--- a/CVE-2024/CVE-2024-103xx/CVE-2024-10365.json
+++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10365.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-10365",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:06.870",
  "lastModified": "2024-11-20T07:15:06.870",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3186482/the-plus-addons-for-elementor-page-builder",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ce1d19-25fa-434d-943b-d10c5cb2ec51?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-108xx/CVE-2024-10855.json
+++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10855.json
@ -0,0 +1,64 @@
 {
  "id": "CVE-2024-10855",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:07.853",
  "lastModified": "2024-11-20T07:15:07.853",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of  in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.8/sirv.php#L4691",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3186406%40sirv&new=3186406%40sirv&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ec09e5-4994-4d23-bf8e-26b64d5303fa?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-108xx/CVE-2024-10899.json
+++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10899.json
@ -0,0 +1,64 @@
 {
  "id": "CVE-2024-10899",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:08.260",
  "lastModified": "2024-11-20T07:15:08.260",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wc-product-table-lite/tags/3.8.6/main.php#L1778",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190789%40wc-product-table-lite&new=3190789%40wc-product-table-lite&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9b010ff-8a4a-4553-bb2b-d58a254d7ee4?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json
@ -0,0 +1,64 @@
 {
  "id": "CVE-2024-10900",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:08.690",
  "lastModified": "2024-11-20T07:15:08.690",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. ."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L1902",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-112xx/CVE-2024-11277.json
+++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11277.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-11277",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:09.117",
  "lastModified": "2024-11-20T07:15:09.117",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3191597%40404-solution&new=3191597%40404-solution&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json
+++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-11319",
  "sourceIdentifier": "iletisim@usom.gov.tr",
  "published": "2024-11-18T12:15:17.853",
-  "lastModified": "2024-11-18T17:11:17.393",
+  "lastModified": "2024-11-20T08:15:14.350",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Undergoing Analysis",
  "cveTags": [],
  "descriptions": [
    {
@ -61,9 +61,29 @@
      }
    ],
    "cvssMetricV31": [
      {
        "source": "iletisim@usom.gov.tr",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5
      },
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-        "type": "Secondary",
+        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
--- a/CVE-2024/CVE-2024-478xx/CVE-2024-47865.json
+++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47865.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-47865",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-11-20T08:15:14.890",
  "lastModified": "2024-11-20T08:15:14.890",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "vultures@jpcert.or.jp",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://jvn.jp/en/vu/JVNVU90667116/",
      "source": "vultures@jpcert.or.jp"
    },
    {
      "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/",
      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-488xx/CVE-2024-48895.json
+++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48895.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-48895",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-11-20T08:15:15.190",
  "lastModified": "2024-11-20T08:15:15.190",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "vultures@jpcert.or.jp",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://jvn.jp/en/vu/JVNVU90667116/",
      "source": "vultures@jpcert.or.jp"
    },
    {
      "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/",
      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-520xx/CVE-2024-52033.json
+++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52033.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-52033",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-11-20T08:15:15.433",
  "lastModified": "2024-11-20T08:15:15.433",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "vultures@jpcert.or.jp",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-497"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://jvn.jp/en/vu/JVNVU90667116/",
      "source": "vultures@jpcert.or.jp"
    },
    {
      "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/",
      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json
+++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-8726",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:09.580",
  "lastModified": "2024-11-20T07:15:09.580",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-92xx/CVE-2024-9239.json
+++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9239.json
@ -0,0 +1,68 @@
 {
  "id": "CVE-2024-9239",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-20T07:15:10.070",
  "lastModified": "2024-11-20T07:15:10.070",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.2.3/includes/settings/wcj-settings-pdf-invoicing-advanced.php#L53",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.2.3/includes/tools/class-wcj-order-statuses-tool.php#L319",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3187178%40woocommerce-jetpack&new=3187178%40woocommerce-jetpack&sfp_email=&sfph_mail=#file5",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4665b87-e1f8-4a73-b6d6-1d5c14067b3a?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-11-20T07:00:20.422284+00:00
+2024-11-20T09:00:35.339384+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-11-20T06:15:16.603000+00:00
+2024-11-20T08:15:15.433000+00:00
 ```
 ### Last Data Feed Release
@ -33,23 +33,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-270653
+270663
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `4`
+Recently added CVEs: `10`
- [CVE-2024-10515](CVE-2024/CVE-2024-105xx/CVE-2024-10515.json) (`2024-11-20T06:15:15.777`)
+- [CVE-2024-10365](CVE-2024/CVE-2024-103xx/CVE-2024-10365.json) (`2024-11-20T07:15:06.870`)
- [CVE-2024-11278](CVE-2024/CVE-2024-112xx/CVE-2024-11278.json) (`2024-11-20T05:15:16.530`)
+- [CVE-2024-10855](CVE-2024/CVE-2024-108xx/CVE-2024-10855.json) (`2024-11-20T07:15:07.853`)
- [CVE-2024-52614](CVE-2024/CVE-2024-526xx/CVE-2024-52614.json) (`2024-11-20T06:15:16.023`)
+- [CVE-2024-10899](CVE-2024/CVE-2024-108xx/CVE-2024-10899.json) (`2024-11-20T07:15:08.260`)
- [CVE-2024-9653](CVE-2024/CVE-2024-96xx/CVE-2024-9653.json) (`2024-11-20T06:15:16.603`)
+- [CVE-2024-10900](CVE-2024/CVE-2024-109xx/CVE-2024-10900.json) (`2024-11-20T07:15:08.690`)
 - [CVE-2024-11277](CVE-2024/CVE-2024-112xx/CVE-2024-11277.json) (`2024-11-20T07:15:09.117`)
 - [CVE-2024-47865](CVE-2024/CVE-2024-478xx/CVE-2024-47865.json) (`2024-11-20T08:15:14.890`)
 - [CVE-2024-48895](CVE-2024/CVE-2024-488xx/CVE-2024-48895.json) (`2024-11-20T08:15:15.190`)
 - [CVE-2024-52033](CVE-2024/CVE-2024-520xx/CVE-2024-52033.json) (`2024-11-20T08:15:15.433`)
 - [CVE-2024-8726](CVE-2024/CVE-2024-87xx/CVE-2024-8726.json) (`2024-11-20T07:15:09.580`)
 - [CVE-2024-9239](CVE-2024/CVE-2024-92xx/CVE-2024-9239.json) (`2024-11-20T07:15:10.070`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 - [CVE-2024-11319](CVE-2024/CVE-2024-113xx/CVE-2024-11319.json) (`2024-11-20T08:15:14.350`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -242826,6 +242826,7 @@ CVE-2024-10355,0,0,2602c2076153349e7adf5f2683fe39bdc0cb3abdcbf15a26de13daaf9ad9d
 CVE-2024-10357,0,0,c001d8d64b65c4e55da5d7861409d0c563d6d1b141b88d9a7700fd93b48c7a3c,2024-10-28T13:58:09.230000
 CVE-2024-1036,0,0,aa65a53beadc56e4dda3efe9acb5802f242935c19973e66e0ff7f62d01b276fd,2024-05-17T02:35:12.357000
 CVE-2024-10360,0,0,3576dc079f058e2dd67b489fd947e85df4509a4862ebce17e71112c47cb76c6c,2024-10-29T14:34:04.427000
 CVE-2024-10365,1,1,4cef235b4bf39b0881a7b2396164712fd06bc9f0f3be6f110d0900a15ff2853a,2024-11-20T07:15:06.870000
 CVE-2024-10367,0,0,547b3c1385167e643f44f204c281f5898850caa0e5c0b7e1f18c8aec4af5d4c6,2024-11-01T12:57:03.417000
 CVE-2024-10368,0,0,c8e0d6969c93ffe96acf5e0ee7b5c26394eeb4c801dc04ebad8a62cf1ce3fd82,2024-10-30T16:46:30.783000
 CVE-2024-10369,0,0,5a59dc320150c27565cde3d9105528beaf16a536e1981e9f54165bf31963ac02,2024-10-30T16:50:32.567000
@ -242939,7 +242940,7 @@ CVE-2024-10507,0,0,f18494a65f96198598cd9275318405539a3d8636ddbe0a37967ba2288eae0
 CVE-2024-10508,0,0,af9f95e5d7d630b3cf33e7ae9f2d3118be1f7da09e31e6491ee65e4e58c1137c,2024-11-12T13:56:24.513000
 CVE-2024-10509,0,0,a9d05e50f1563ceed5339878fa8c2329eea9e28284f4c0c86984d14b77803f94,2024-11-01T20:52:15.573000
 CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000
-CVE-2024-10515,1,1,95b093829d5f65eddf31cc2d74b4687e2e05262ee824501db195970644d9d2ed,2024-11-20T06:15:15.777000
+CVE-2024-10515,0,0,95b093829d5f65eddf31cc2d74b4687e2e05262ee824501db195970644d9d2ed,2024-11-20T06:15:15.777000
 CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000
 CVE-2024-10523,0,0,a761a52195ca091ecc100fefe31fd4eadda4d831fe94860e2a159923b6d0d68d,2024-11-08T15:14:30.070000
 CVE-2024-10524,0,0,d6a77c8f99978db429152e8948353f8166b552c9c91594d95f4a0f83de9c3b77,2024-11-19T21:57:32.967000
@ -243149,6 +243150,7 @@ CVE-2024-10851,0,0,bb060e17bfcaee979e3c022ab213f6f8185e0d32d9334f9a45831591a3ac5
 CVE-2024-10852,0,0,f6b203b7b939235aa255ffed248e8cf068dd3b791229b609e430feca6cc83541,2024-11-13T17:01:16.850000
 CVE-2024-10853,0,0,02830723c1cfc34942045c33ee361ea42546311dacb0cff9be0a3634be59c448,2024-11-13T17:01:16.850000
 CVE-2024-10854,0,0,15cfe2e17b56db5e0c11761ae38ecac4069d0ddad2bb05d2f72a443bc2fa6485,2024-11-13T17:01:16.850000
 CVE-2024-10855,1,1,d7cd537c8ddc42e8b381daa2ada926e04d761570bdc3c7ecb9c761ce484fc4db,2024-11-20T07:15:07.853000
 CVE-2024-1086,0,0,3e819e2fff80149e3f377751fd1fb28a52f8791d9e5d08990c549613b15214b2,2024-08-14T19:41:08.673000
 CVE-2024-10861,0,0,0e475116cbc916b1684eb819921303de89576e8768786550a96cf2c67b7dbecb,2024-11-18T17:11:17.393000
 CVE-2024-1087,0,0,9751a2fe52b8f14e0fc1c9d86ee656c42465ba61ef03201895b6c1868f5679fd,2024-01-31T13:15:11.030000
@ -243163,7 +243165,9 @@ CVE-2024-10884,0,0,af8d0f69b33cc9c8b5f395f0e60a6b7ec1fd0ec15994d8ada3cc1ff2f49e0
 CVE-2024-10887,0,0,6f1c620112f0531885feb58bf605da1bdf3e2be3ee69e7f92d5d01d446076f44,2024-11-13T17:01:16.850000
 CVE-2024-1089,0,0,9442709e929187c1b992d082c3eaeec9226480f80fc28198e3a73f4a684640d5,2024-02-29T13:49:29.390000
 CVE-2024-10897,0,0,a06583b49e979e6c2e08d66a731da16126991a206b79119172b9152aecec155d,2024-11-15T13:58:08.913000
 CVE-2024-10899,1,1,4368cb3772d2f8c2a1f35ff550289018215916506b0b69e65d8983cd35dad906,2024-11-20T07:15:08.260000
 CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000
 CVE-2024-10900,1,1,f0a1068a03da92137242d5778d1db0773cba2fb63def13779ff35e3410d8f989,2024-11-20T07:15:08.690000
 CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000
 CVE-2024-10914,0,0,a19349a4797c04ddb77f70975a0145b559e2c17ff8d6db53557df6669e0449a1,2024-11-08T19:53:04.793000
 CVE-2024-10915,0,0,b06bfc4427bf3f30a98b7ce390941759d780f67755e284354baa2af5087ffe27,2024-11-08T20:11:10.973000
@ -243368,7 +243372,8 @@ CVE-2024-11261,0,0,03149363d80a7f7d2ba3cb3b58f89eedadeed254dd34f2f03686fd1f44616
 CVE-2024-11262,0,0,5bda125849c583f0ebaa29ca4d26cf0dcf9667997688ed2241531b87cb595dbb,2024-11-18T17:11:17.393000
 CVE-2024-11263,0,0,6a1ac9d3a12801a9f848747b946a0ac459e1982e45197319659c04e5ba98bfce,2024-11-18T17:11:17.393000
 CVE-2024-1127,0,0,fc004f13d69dd65990588f481257d3c8dd60a3804cfac37ac389768e5b88f08c,2024-03-13T18:16:18.563000
-CVE-2024-11278,1,1,cc19a6be7ba80ee301c92f54c29f2c5c95b3da6dd7918df5b7b1d59f8e31a90e,2024-11-20T05:15:16.530000
+CVE-2024-11277,1,1,76940494f90eb6b11156e64b77f8ee92c381226ff02c0d64d7bcc10a173873be,2024-11-20T07:15:09.117000
 CVE-2024-11278,0,0,cc19a6be7ba80ee301c92f54c29f2c5c95b3da6dd7918df5b7b1d59f8e31a90e,2024-11-20T05:15:16.530000
 CVE-2024-1128,0,0,de5352d9c421a908307277eb7da3f5f6fcfc08a095ea033ab740d4804aa5ccea,2024-02-29T13:49:29.390000
 CVE-2024-1129,0,0,bb6d36851ed2d72741a575302302ac57d511f2bf349c6ca7db7385fd53c3529a,2024-02-29T13:49:29.390000
 CVE-2024-1130,0,0,19461582000c347e1c07ca83a1d00e23feee8e20532d52fc093ba50686691b5b,2024-02-29T13:49:29.390000
@ -243385,7 +243390,7 @@ CVE-2024-11313,0,0,53f6d870fb2b566376144eec19fd000dcd1bbd56287bcfae6e64830305fb2
 CVE-2024-11314,0,0,fd61a9a66be641c7049e49341e5fdeb338e9cb7eca6b01cbdfb607612f91e206,2024-11-18T17:11:17.393000
 CVE-2024-11315,0,0,6b86b9992261d4d3decee865ca7eb6d2eb680713a5739af8b2abb878a6176443,2024-11-18T17:11:17.393000
 CVE-2024-11318,0,0,9febe7cf088687dfbeb6d2d8f74590e0f8059ffca33de9b68ad34437f87d2118,2024-11-18T17:11:17.393000
-CVE-2024-11319,0,0,18c7ff655c51b7d411dffcaaa233052ab9a57102746d3e3dff83135d350dbcdf,2024-11-18T17:11:17.393000
+CVE-2024-11319,0,1,ff0c95c473ba86d1f66245794d17080f6ea8b5ebf358a4bdd279d07b1075e1d0,2024-11-20T08:15:14.350000
 CVE-2024-1132,0,0,3de6e62885ac8497a4c1d8f4950ebedc171b13b33dfedd6a9eea9ae164fd993a,2024-07-03T01:45:01.507000
 CVE-2024-1133,0,0,b8b851364368259dd533f1c71b437f741276dcf99770b03558b5d9cd5d3f095a,2024-02-29T13:49:29.390000
 CVE-2024-1134,0,0,92ca7b611a6a52333e888fa3a581b5dbc5c29b22a5e7e62eb553cb40e2cb6d77,2024-05-24T13:03:05.093000
@ -264242,6 +264247,7 @@ CVE-2024-47850,0,0,9d437471ee4f1be7fe8d8f91eb2162f8d4a45526c516c7abe8fcc5930f99b
 CVE-2024-47854,0,0,cef81393ed48661f146b05190eb5cd22e800b4711975bd0fc685986ac16438cf,2024-11-13T15:25:13.953000
 CVE-2024-47855,0,0,55506bc59fb300d34c632b3a5f880b3df3b3b2206fd15f460c6853ba7eb245ef,2024-11-07T20:35:11.733000
 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000
 CVE-2024-47865,1,1,0970b7f6df3012fb0bc3443a9670f4f21476c8c3b81acc6e6b7a63f9648b2853,2024-11-20T08:15:14.890000
 CVE-2024-47867,0,0,61f4df5a4a08eee13ad627f16450273fdbebcbdee4534b2d49b7e1adc602b8a3,2024-11-15T16:44:54.783000
 CVE-2024-47868,0,0,b1d3ae34e95c1b5cdfd4777e6cf22588fee5fb92f1e32bee19fdee66c93a7d46,2024-10-17T17:04:35.547000
 CVE-2024-47869,0,0,d239f8cdf446e03965c640dcef85e018494089ffa7953a4e5e2539ab04b057de,2024-10-17T16:59:04.703000
@ -264654,6 +264660,7 @@ CVE-2024-48870,0,0,b84b2a0a996d006ee4f5fea8401898b5086223eb9bced7a7565798c7f43b1
 CVE-2024-48878,0,0,2b15f82c5be65c88d261c3882a75397babc580305d6a252ad1dbf2de5b50020f,2024-11-05T19:44:58.650000
 CVE-2024-4888,0,0,ad5e456877e6c4225b3f983ebfcea1f0af64a03667e43f1cd6a0842bed4216c0,2024-11-03T17:15:14.137000
 CVE-2024-4889,0,0,98c988bc305180dfde4233cdb25b83940a2a23ecd5fc7825e58f1cc0fbfe5628,2024-10-15T19:00:09.633000
 CVE-2024-48895,1,1,11f1b544314db3e7a2e2f0ae6118cf9681d6a4928b5a8a68633e1e42e5369cf1,2024-11-20T08:15:15.190000
 CVE-2024-48896,0,0,b992316378dc674c4f86c74292b7b1938dedf579a456c4b81377a2d803cc86e3,2024-11-18T17:11:17.393000
 CVE-2024-48897,0,0,fb7520e1e59589ecdc201007a2560e0bbe0080044e959003906b061ba053cf71,2024-11-19T15:35:09.867000
 CVE-2024-48898,0,0,8529d519dd40a302fbe6ba08ef52420551e621ec79dd55c48ad2c7b84db09711,2024-11-18T17:11:17.393000
@ -266646,6 +266653,7 @@ CVE-2024-52029,0,0,45a0bf857ef5def84cf99a7ced23782d689f019eff53b1ace413b47c193dc
 CVE-2024-5203,0,0,e867d44b31fa735ecaef1844aba382841138e742c9b7e957e6089969316cab00,2024-09-13T11:15:10.197000
 CVE-2024-52030,0,0,dbd783f66b9834ef61aedd9eab2874c798fdd9f590b76fb0f940976162a98a15,2024-11-05T16:35:58.320000
 CVE-2024-52032,0,0,da112202e6072c5a1a7e2129bd4436f282e51f9a3ec6c9d1de2c9375ce190177,2024-11-14T16:47:21.583000
 CVE-2024-52033,1,1,b41517367ba8ddc466f49fb7313d5c113944c21c48631154c4aa07301d8f50b9,2024-11-20T08:15:15.433000
 CVE-2024-5204,0,0,87eb5b753d379a1bd1ef79b260f2b73c84b7ff9a4b79082cf351323e04c98a6d,2024-05-29T13:02:09.280000
 CVE-2024-52043,0,0,f628a95ee6f27b518880b39a2d7b1dea019d91185e307729da648217b18fdef9,2024-11-08T20:39:36.233000
 CVE-2024-5205,0,0,4921ed356d4f56252ffbf3c608cb3301846a77ee8cc9c08ec7f0a543467e385d,2024-05-24T13:03:11.993000
@ -266870,7 +266878,7 @@ CVE-2024-5260,0,0,1ea9956e2812efb1ad02a50e6e15b3c5419e86ea96923b6afc83449c655115
 CVE-2024-52600,0,0,889882d763fff118298a79c0992b9d094668285ba42b3979d1acce7319312517,2024-11-19T21:56:45.533000
 CVE-2024-5261,0,0,0592ac8c89e0cb8027f6648912b9536cab36db7fb70868109d4e1f51168ecc2f,2024-06-25T18:50:42.040000
 CVE-2024-52613,0,0,459074184075f7287395d99f0f5a393f7f6f3bf8fc38dc9383b0dd34b217716c,2024-11-19T20:39:42.197000
-CVE-2024-52614,1,1,691c38d1248080ff09180daa940a0ea35464380839e23dd93b5188ae19dfbdb8,2024-11-20T06:15:16.023000
+CVE-2024-52614,0,0,691c38d1248080ff09180daa940a0ea35464380839e23dd93b5188ae19dfbdb8,2024-11-20T06:15:16.023000
 CVE-2024-5262,0,0,83603483afb7387d019b476baa2cae004e6d4e7f9b65a5997b6545bcd7a41b63,2024-06-11T17:18:50.600000
 CVE-2024-5263,0,0,997be873c6f28955b5d0d8cb5df3c06ebeb17c50a7068003806eac08a0ed2846,2024-08-07T16:01:35.217000
 CVE-2024-5264,0,0,7660c1edaddd779c29789898410be8f6784b9b682f1b3f0cb339e7e58b29768e,2024-06-21T17:18:00.973000
@ -269831,6 +269839,7 @@ CVE-2024-8720,0,0,2f0e821428fb20df24eeb1115d6165ec35266f54d9cfaa09a98cadbec3449f
 CVE-2024-8723,0,0,730229d7deadc7b514e5d898656fee12ba111958411cb7eec6e86089a429ce7e,2024-10-02T17:00:23.603000
 CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c49676,2024-09-27T15:56:00.073000
 CVE-2024-8725,0,0,bda4a6515a704fa51f2d759f535270e57676d8c1b87d3a5cc5dc6f9e3d99ebf6,2024-10-01T14:16:42.727000
 CVE-2024-8726,1,1,0345452338a158fa01c96af5ebb22f409ba75fe205cc5596278e081210a150a5,2024-11-20T07:15:09.580000
 CVE-2024-8727,0,0,cb79e2fb4f4e8ddff2e3cdbb1cbb30b7c8fce0689b3d497e10ebbff2e74dd2da,2024-10-04T13:51:25.567000
 CVE-2024-8728,0,0,d061a0a3e4a793bdc334c9b032908af2152405a24e9b06b2723d960e58ba5c92,2024-10-04T13:51:25.567000
 CVE-2024-8729,0,0,d5e2470679c3739002ae67f8937e40f51aaa077d58da9fcd25b709dc6eb342aa,2024-10-15T13:40:37.917000
@ -270163,6 +270172,7 @@ CVE-2024-9232,0,0,a07f526496bb68b184ee001c7d6cd9744d3cb563b91260e8d60bd9b70cac4b
 CVE-2024-9234,0,0,304bee6ceb91eca0cdc00d7cdc49b4c339c82fe3a2287348525c06a570d629da,2024-10-15T12:58:51.050000
 CVE-2024-9235,0,0,4f73449b7d1553fccb55b8820de730a2455ac1745d1cb3bfdcd477eacea3e8a8,2024-11-05T17:36:01.270000
 CVE-2024-9237,0,0,fb69e6f6fcfba2cfafb660a24001833586540d01b0ed897e2ee22df678729e15,2024-10-16T15:10:08.390000
 CVE-2024-9239,1,1,d86a5771a66b30aba935030c74b5d361f6c7cbe3962e519bfa6ec1487c74b18c,2024-11-20T07:15:10.070000
 CVE-2024-9240,0,0,64e490409dd599c74da5a2492515b43ccd4793b118bdb242162550231e348320,2024-10-18T12:53:04.627000
 CVE-2024-9241,0,0,6c5cc70c23164aeead7a2ffa985d7e69869a7cd0428a8503a9e9f624c0c87b24,2024-10-07T18:51:20.950000
 CVE-2024-9242,0,0,2931ce38d642cfa320383051a5a41609f3e037ff0fe51760f16b233825fad051,2024-10-08T16:26:06.147000
@ -270443,7 +270453,7 @@ CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615
 CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000
 CVE-2024-9650,0,0,c785e5c8b40ec3a7d0b9a0e25f6978363c5dcc2fc6507b9c6a2c03a208ac34e9,2024-10-25T12:56:07.750000
 CVE-2024-9652,0,0,096af9c07df6f24ff5a9459bed95d6ce45b4a430b6f907d5bc85c0d2be3b93b5,2024-10-16T16:38:14.557000
-CVE-2024-9653,1,1,314aa9151832f5b91f237551c59d6e3c03b51963edf571db083af473f6355f36,2024-11-20T06:15:16.603000
+CVE-2024-9653,0,0,314aa9151832f5b91f237551c59d6e3c03b51963edf571db083af473f6355f36,2024-11-20T06:15:16.603000
 CVE-2024-9655,0,0,5f64b0ed215cc4c47eaa212ce6a6578c092759946c6128b0f32509f44691e359,2024-11-01T12:57:03.417000
 CVE-2024-9656,0,0,0baa2843f7043c4ebd829d23f2741f972b762b755442a0f0f83539eb7761035b,2024-10-15T12:57:46.880000
 CVE-2024-9657,0,0,fb687953042b10eb922558cb840c65de9e3c4da22e7016c1d2e6ab79c6132615,2024-11-08T16:00:28.320000