Auto-Update: 2024-06-27T10:00:17.976834+00:00

2025-05-08 19:47:09 +00:00 · 2024-06-27 10:03:10 +00:00 · 2024-06-27 10:03:10 +00:00 · 9f3c7b7ef3
commit 9f3c7b7ef3
parent e061209ee7
4 changed files with 124 additions and 16 deletions
--- a/CVE-2024/CVE-2024-49xx/CVE-2024-4983.json
+++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4983.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-4983",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-27T09:15:09.840",
+  "lastModified": "2024-06-27T09:15:09.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018video_color\u2019 parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.3/modules/widgets/tp_video_player.php#L1302",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3107776/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f0a20b-d572-4040-b5b6-ede0aec4e2b0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-56xx/CVE-2024-5601.json
+++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5601.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-5601",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-27T08:15:09.703",
+  "lastModified": "2024-06-27T08:15:09.703",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Create by Mediavine para WordPress es vulnerable a Cross Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto Schema Meta del complemento en todas las versiones hasta la 1.9.7 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficiente en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/mediavine-create/trunk/class-plugin.php#L575",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3108144/#file794",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/mediavine-create/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d04d8c1-75c0-447c-a26a-c2724c0a6618?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-27T08:00:19.659598+00:00
+2024-06-27T10:00:17.976834+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-27T07:15:54.227000+00:00
+2024-06-27T09:15:09.840000+00:00
 ```

 ### Last Data Feed Release
@ -33,19 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255300
+255302
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `2`

- [CVE-2024-1330](CVE-2024/CVE-2024-13xx/CVE-2024-1330.json) (`2024-06-27T06:15:09.800`)
- [CVE-2024-22231](CVE-2024/CVE-2024-222xx/CVE-2024-22231.json) (`2024-06-27T07:15:52.623`)
- [CVE-2024-22232](CVE-2024/CVE-2024-222xx/CVE-2024-22232.json) (`2024-06-27T07:15:54.227`)
- [CVE-2024-3111](CVE-2024/CVE-2024-31xx/CVE-2024-3111.json) (`2024-06-27T06:15:11.643`)
- [CVE-2024-4664](CVE-2024/CVE-2024-46xx/CVE-2024-4664.json) (`2024-06-27T06:15:13.627`)
- [CVE-2024-4704](CVE-2024/CVE-2024-47xx/CVE-2024-4704.json) (`2024-06-27T06:15:14.697`)
+- [CVE-2024-4983](CVE-2024/CVE-2024-49xx/CVE-2024-4983.json) (`2024-06-27T09:15:09.840`)
+- [CVE-2024-5601](CVE-2024/CVE-2024-56xx/CVE-2024-5601.json) (`2024-06-27T08:15:09.703`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -241737,7 +241737,7 @@ CVE-2024-1326,0,0,f742b2e1b0f964f5a5861c38f5d4ab056095ec8f5957f404653a524040bbf1
 CVE-2024-1327,0,0,1b6e3f0296467e9f6b424925712e479dea0088dc2698e1adadd7f96bd6f1e88d,2024-04-03T12:38:04.840000
 CVE-2024-1328,0,0,1e360ec5f794b47c3c1949d058d4dcab1ca058a0302ffe54a63801cf38181f90,2024-03-12T12:40:13.500000
 CVE-2024-1329,0,0,c251ab89131ed5db620ce7b9371daf5508a26377e3f0f0d0996003e3074e8cd1,2024-02-15T18:27:28.837000
-CVE-2024-1330,1,1,a740093dca39e13810ec35c068f9ffe0efbcf6132f835d103eff2dd191f136ab,2024-06-27T06:15:09.800000
+CVE-2024-1330,0,0,a740093dca39e13810ec35c068f9ffe0efbcf6132f835d103eff2dd191f136ab,2024-06-27T06:15:09.800000
 CVE-2024-1331,0,0,1deb1e21efa47891bffcfc0f7c5a5a4e56a2cce5d50551f8ec8837f30ffffb10,2024-03-18T19:40:00.173000
 CVE-2024-1332,0,0,ce91a247ee20b5086ffc922000a1236f0f0a17c39483df8ffb3ea515e6b84e26,2024-05-24T13:03:05.093000
 CVE-2024-1333,0,0,258128469d54cc44538629ab13a661542f0353cc3076e7f49f79a63a3b1847c4,2024-03-18T19:40:00.173000
@ -243689,8 +243689,8 @@ CVE-2024-22228,0,0,78d2b6e91237b41440665215c9b4e77ccc8811641b8c3516a01f9391d6778
 CVE-2024-22229,0,0,942079f7535239209609b5cbc34a85ff0a40c69533135771fdb6410ce1778e0c,2024-01-30T23:01:36.513000
 CVE-2024-2223,0,0,1b410a9ed5d5a5d32a9a4408c4dbc25d2dfc4cd58665c0d802a4cb2c5e3cd9dc,2024-04-10T13:24:22.187000
 CVE-2024-22230,0,0,1dba8e437bacd8d1f2a5a22c03d0799f6c41b12fb7346ebf5256856880ee3b1a,2024-02-15T06:25:53.660000
-CVE-2024-22231,1,1,6298a3ca64f578a8f1720ebd2ab9b15c71121a26361fca74842f3ff377e614ad,2024-06-27T07:15:52.623000
-CVE-2024-22232,1,1,bca65f55698eb2209bcae54188205b4e34fadb7a2ddf6dee37dc10cd8196a28a,2024-06-27T07:15:54.227000
+CVE-2024-22231,0,0,6298a3ca64f578a8f1720ebd2ab9b15c71121a26361fca74842f3ff377e614ad,2024-06-27T07:15:52.623000
+CVE-2024-22232,0,0,bca65f55698eb2209bcae54188205b4e34fadb7a2ddf6dee37dc10cd8196a28a,2024-06-27T07:15:54.227000
 CVE-2024-22233,0,0,bff21a41ba975275ac98e274ec31aa2a57df5ec476a78347e5182122669daf71,2024-06-14T13:15:50.443000
 CVE-2024-22234,0,0,ed66ea75d4f91bd4cf760a873ffa711eec74e184d0ed1b507bd27dedbdd28669,2024-03-15T11:15:08.857000
 CVE-2024-22235,0,0,94dcf649455ce66e40f15519944aa08c6281ad01f157b931cb45eb28dc8bde92,2024-02-22T19:07:37.840000
@ -249501,7 +249501,7 @@ CVE-2024-31106,0,0,7cb1f35daa18e527942f97955d4cdc7012d7a5e8bc61668cb848c91352d21
 CVE-2024-31107,0,0,b69b8308dca1c03345bc5c4ddd842b58a0a34c0913dd806068e33a5a7ea13d89,2024-04-01T01:12:59.077000
 CVE-2024-31108,0,0,e198cb5e9a429619e29a035a74c1776abb842099061e8ee67790619ad5916e5b,2024-04-01T01:12:59.077000
 CVE-2024-31109,0,0,3766de0285c03422fb77f1fd2a4106a3e09e42f3bd086e20e704d883507e7c67,2024-04-02T20:31:58.463000
-CVE-2024-3111,1,1,b8f1e3d57f83d08308894e03473c9e4b4f6ccc5a78fb1c4d7a4b443b63eeb58c,2024-06-27T06:15:11.643000
+CVE-2024-3111,0,0,b8f1e3d57f83d08308894e03473c9e4b4f6ccc5a78fb1c4d7a4b443b63eeb58c,2024-06-27T06:15:11.643000
 CVE-2024-31110,0,0,cc696090cfd929541a1ca3b42d624a66dc89644b2049217890247603bee15f04,2024-04-01T01:12:59.077000
 CVE-2024-31111,0,0,20d45ac72a8dd6f4bc57646746c10654f3c9393a1d038c4ffdb0368f82ed7ab9,2024-06-25T18:50:42.040000
 CVE-2024-31112,0,0,4c0b6d124815c5fbc71413fa9db9ceb5adb5efe4d3f57754f8397ffa9f3c1ac9,2024-04-01T01:12:59.077000
@ -254301,7 +254301,7 @@ CVE-2024-4656,0,0,23093c7ec18a8f42da4c8fc1c86b9aa6984d979cf63954576e1d3325484051
 CVE-2024-4661,0,0,e86145aa3dfc1a1e846a3970af65d72463f2a51aba17ea6b9d5a34de37b2fc53,2024-06-10T02:52:08.267000
 CVE-2024-4662,0,0,271820e0248036cdcfeea2da470b958f93caba3600263b2df375c674d931507f,2024-05-24T01:15:30.977000
 CVE-2024-4663,0,0,ac32c04a2cae0071224eeefc80f9a000b8618e2f1af1abc8eb33d3a9321c7d70,2024-06-20T12:44:01.637000
-CVE-2024-4664,1,1,38cf0eebbebc442a207c38063fc526843b13e1f6da677c69de1b54e3af17491d,2024-06-27T06:15:13.627000
+CVE-2024-4664,0,0,38cf0eebbebc442a207c38063fc526843b13e1f6da677c69de1b54e3af17491d,2024-06-27T06:15:13.627000
 CVE-2024-4666,0,0,dde8d66c76bdf850b898b9f95df0d92f0ac3da730c1f32826d61843a6ef06bf5,2024-05-15T16:40:19.330000
 CVE-2024-4668,0,0,3c2f34d91ee8c9aacf0f125fe94ffbbe9a611b8f1a54ab65e0473cea71baad6f,2024-05-30T13:15:41.297000
 CVE-2024-4669,0,0,cb3ea770e599714f2de5e50bc4195c130850e813b58882b88bfe234ded1dcd7f,2024-06-13T18:36:09.013000
@ -254334,7 +254334,7 @@ CVE-2024-4700,0,0,fd7d4a078191a1c31b5f2cfdfc5bd65709b727d250ddf2b831fd6aa84ec620
 CVE-2024-4701,0,0,31c0f40927cc6a1a9aece611ec4491a5435df4e5c3a9daffc9dfb7710658ca96,2024-05-14T16:11:39.510000
 CVE-2024-4702,0,0,391d02c5718dd442c026ca8f3973c4fe10894f8eeb54175158dc44cd7ef50d4a,2024-05-15T16:40:19.330000
 CVE-2024-4703,0,0,2d052263ca03efcceae6f1a9b5190b0e61a795b9eb986321f967eeb0b20da62b,2024-06-11T18:06:31.967000
-CVE-2024-4704,1,1,b35b347197593851ca07d1980ca3cbaa70b0cdac8bccfe11a0cb661c9fdff9b8,2024-06-27T06:15:14.697000
+CVE-2024-4704,0,0,b35b347197593851ca07d1980ca3cbaa70b0cdac8bccfe11a0cb661c9fdff9b8,2024-06-27T06:15:14.697000
 CVE-2024-4705,0,0,b45f335ad46575e30510e82573f02b490faa16d9b6ee89b66a9844ff390b53aa,2024-06-06T14:17:35.017000
 CVE-2024-4706,0,0,a959e13293b1a5966007eb60c79cb973f34e4d1d8bd1c12986cac54d81ac9a3d,2024-05-24T01:15:30.977000
 CVE-2024-4707,0,0,d6a01a1a459dfd9ab21945d56af40919cce44b311e282118c993194b130db955,2024-06-06T14:17:35.017000
@ -254559,6 +254559,7 @@ CVE-2024-4975,0,0,4fcd809ef3c247b89e3904878b1809671315d1a438027411bf1e1fc09d5e83
 CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000
 CVE-2024-4978,0,0,da55fe81f202b0e5309a26be3ab7a8c7197ff6f40533e0aebba1988f8f75f5d4,2024-05-31T16:03:52.247000
 CVE-2024-4980,0,0,b5b93d089fa3d245393b7cb268984100664e9544bf4ff7971c072bbdebb0992d,2024-05-22T12:46:53.887000
+CVE-2024-4983,1,1,c435471b59d2f2fe8b4cc5a1c1c6b9ebb51e5df670931cfe09848f7fda7e7ed4,2024-06-27T09:15:09.840000
 CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000
 CVE-2024-4985,0,0,8a1d7360ecb0b336e479fb881fdc484ef9fe33bf7265e6809734a732fb238e9f,2024-05-21T12:37:59.687000
 CVE-2024-4988,0,0,e3e46f66e9019adcefc7fde3cb6b9482628a866ff50189a1fb9c695c9d061184,2024-05-21T12:37:59.687000
@ -254992,6 +254993,7 @@ CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da
 CVE-2024-5596,0,0,c69cbcadf0a7f1e5940d842c2c9e90907cbda728581a745e7acd494576e03c9c,2024-06-24T12:57:36.513000
 CVE-2024-5597,0,0,652827ff26b80eabae5b3eddf519a61b0da7de181ce61fd257911ec48c45cdb0,2024-06-12T18:10:47.080000
 CVE-2024-5599,0,0,e4d8d3217ca804a33354b51b54e1f3f41ce0e1fc1f554dedfe90ad1a46a87370,2024-06-11T18:24:39.057000
+CVE-2024-5601,1,1,5e42e2333a3735579cc3b92f75384afe160719cf3fcd855e0cf5fd3cd744d22b,2024-06-27T08:15:09.703000
 CVE-2024-5605,0,0,4bb70fac398eb5e1fc6a3b8761dcfee9993510711b196c5d9f90dc1e34c785a3,2024-06-20T12:43:25.663000
 CVE-2024-5607,0,0,9601597658129a089207c1a0e7e7267aceda952302ad39754d738e7307549543,2024-06-07T14:56:05.647000
 CVE-2024-5609,0,0,f28c83e3e9d04345913d36de3bfdbd0d644d73b3d20045d9399b3368319c8d47,2024-06-06T19:16:09.920000