diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6557.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6557.json new file mode 100644 index 00000000000..4dfdd6f65fd --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6557.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-6557", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-16T05:15:15.073", + "lastModified": "2024-07-16T05:15:15.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and leaving the demo files in place with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-scheduled-posts/trunk/vendor/wpdevelopers/pinterest-api-php/demo/boot.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117736%40wp-scheduled-posts&new=3117736%40wp-scheduled-posts&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b34ba1a0623..09d6bbc27a0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-16T04:00:18.633009+00:00 +2024-07-16T06:00:18.488324+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-16T02:15:12.640000+00:00 +2024-07-16T05:15:15.073000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257076 +257077 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-6780](CVE-2024/CVE-2024-67xx/CVE-2024-6780.json) (`2024-07-16T02:15:12.640`) +- [CVE-2024-6557](CVE-2024/CVE-2024-65xx/CVE-2024-6557.json) (`2024-07-16T05:15:15.073`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2023-3495](CVE-2023/CVE-2023-34xx/CVE-2023-3495.json) (`2024-07-16T02:15:12.237`) -- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-16T02:15:12.500`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e6c5b23e3b2..39176d24079 100644 --- a/_state.csv +++ b/_state.csv @@ -226018,7 +226018,7 @@ CVE-2023-34940,0,0,4a5364cbfb7cb9991141ec6117f43f851f288b954b645bf331020e3b22deb CVE-2023-34941,0,0,fbfb5cb4d50893c3ea084f3b9525dd656c7c13323ffa7c5305088913f9dad1a8,2024-05-17T02:25:15.707000 CVE-2023-34942,0,0,bc38430b324f4d6fa97a15db74bb235ef2ec4ba8e75109ba22107855f2bcd999,2024-05-17T02:25:15.790000 CVE-2023-34944,0,0,e59241f87b806e0b1153bd688e3912e7fa6ad77b1c067e43f7fa12a3ef19e5f3,2023-06-20T17:15:27.857000 -CVE-2023-3495,0,1,f35aaf4d01597a3c4217e11e85e2cea7d3e8a0a4acf57be6a4298d07d30466cd,2024-07-16T02:15:12.237000 +CVE-2023-3495,0,0,f35aaf4d01597a3c4217e11e85e2cea7d3e8a0a4acf57be6a4298d07d30466cd,2024-07-16T02:15:12.237000 CVE-2023-34958,0,0,48265b996e07e2ac2c9d39ab151191a71a0f566e59bc304b3f38a09f4eedcc62,2023-06-15T17:30:29.973000 CVE-2023-34959,0,0,ebeba9603494ec488fc947b325a51da6ef7f2c6aec7a316a1676067cdeb7fa9f,2023-06-15T18:58:27.980000 CVE-2023-3496,0,0,0bedc0cbc6df2fdaab7936acc6be001e0a9d66c1fa08915af0c810d8cf0dd837,2023-11-07T04:18:50.800000 @@ -246665,7 +246665,7 @@ CVE-2024-26618,0,0,60b49f9e86fa8f37acfeac63f8f4575f9654dbd2ab502c8b6c5996ed00c24 CVE-2024-26619,0,0,3a172888bab0a927d52b4fdd413d891b072fc341af639a3741034834064d6310,2024-03-12T12:40:13.500000 CVE-2024-2662,0,0,a2a94c73f74aa4424a4c3682e7ac78c6136565b797b4f728bf1a976cab864da5,2024-05-14T16:13:02.773000 CVE-2024-26620,0,0,65e5941945418b21a4c03b7b48584bf25732d23092fb7ebb20991b07ac64fe5a,2024-03-12T12:40:13.500000 -CVE-2024-26621,0,1,62ddb14eaa79da39c16cb8648c9e4220c813aa1e1923a6f6fff34b8b90a8da4f,2024-07-16T02:15:12.500000 +CVE-2024-26621,0,0,62ddb14eaa79da39c16cb8648c9e4220c813aa1e1923a6f6fff34b8b90a8da4f,2024-07-16T02:15:12.500000 CVE-2024-26622,0,0,4cd7d655a251310c444f077e2df4271fb89c449a25650c0bd38a0c088f0ade16,2024-06-25T22:15:19.240000 CVE-2024-26623,0,0,072badb03b6dfd11f30eaa3dc91549de4bb838c1b1cb59508b9c081211145520,2024-03-06T15:18:08.093000 CVE-2024-26624,0,0,dfec722c86cb19deabe85be0fdccacdcf71bc34ee8cead4ebe6ca2d88e75d73c,2024-03-27T14:15:10.163000 @@ -257009,6 +257009,7 @@ CVE-2024-6550,0,0,6c4bb046e65a00df1f67c81af4edc0fc3847fdca60c1beea606bf943b58513 CVE-2024-6554,0,0,c39b715167392909a130cc6479af2acca1cb23375ca0bdab5b0fb951f0bce662,2024-07-12T17:01:48.353000 CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a0b,2024-07-12T12:49:07.030000 CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000 +CVE-2024-6557,1,1,e9ee209561e99679c20203ca6d94da1a0bb55042ea3baa698cb80a889557bbdd,2024-07-16T05:15:15.073000 CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000 CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000 @@ -257074,4 +257075,4 @@ CVE-2024-6743,0,0,b5bdcf763424df0a669d5c15bdbbb7bec10bf081127f25ce533177712f64e5 CVE-2024-6744,0,0,020949a2024aa3b85b7509fdaf1fbd77d6aac4fbeecfbc8876f4d901482584cb,2024-07-15T13:00:34.853000 CVE-2024-6745,0,0,707134dd0252b920cb08895baec52c5557bd805c744814b8ecb19c1d5a8e997c,2024-07-15T13:00:34.853000 CVE-2024-6746,0,0,5be3956d6b4bf01a386e4ceaf78307e768b453c5db30b63143d293a79513dc46,2024-07-15T13:00:34.853000 -CVE-2024-6780,1,1,9627600403339b12f4027ae13eb8fa0cdae837b554cb7f47b8dfe2ebd054c159,2024-07-16T02:15:12.640000 +CVE-2024-6780,0,0,9627600403339b12f4027ae13eb8fa0cdae837b554cb7f47b8dfe2ebd054c159,2024-07-16T02:15:12.640000