diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json new file mode 100644 index 00000000000..64379aea7a3 --- /dev/null +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5969.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-5969", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-27T08:15:01.870", + "lastModified": "2024-07-27T08:15:01.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json new file mode 100644 index 00000000000..76f39eb830c --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6458.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6458", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-27T09:15:02.123", + "lastModified": "2024-07-27T09:15:02.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wc-product-table-lite/trunk/presets/presets.php#L120", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125858%40wc-product-table-lite&new=3125858%40wc-product-table-lite&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json new file mode 100644 index 00000000000..cdeb98e7ed3 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6569.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6569", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-27T09:15:02.523", + "lastModified": "2024-07-27T09:15:02.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/forms-for-campaign-monitor/trunk/forms/views/admin/create.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b8590e6c39a..15c71680e79 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-27T06:00:16.560764+00:00 +2024-07-27T10:00:17.224993+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-27T04:15:02.760000+00:00 +2024-07-27T09:15:02.523000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -258074 +258077 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-42029](CVE-2024/CVE-2024-420xx/CVE-2024-42029.json) (`2024-07-27T04:15:02.760`) +- [CVE-2024-5969](CVE-2024/CVE-2024-59xx/CVE-2024-5969.json) (`2024-07-27T08:15:01.870`) +- [CVE-2024-6458](CVE-2024/CVE-2024-64xx/CVE-2024-6458.json) (`2024-07-27T09:15:02.123`) +- [CVE-2024-6569](CVE-2024/CVE-2024-65xx/CVE-2024-6569.json) (`2024-07-27T09:15:02.523`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 5fd913d287e..77ab5b8c046 100644 --- a/_state.csv +++ b/_state.csv @@ -256041,7 +256041,7 @@ CVE-2024-4200,0,0,4cd240b08c44457e11ab7d0e46f05e7d4edddbc268bf54e61982ff7b6b50f3 CVE-2024-42007,0,0,6d84e2a9d95a04e8586c8d84a03cf469cc03d2519b9c47d0f96ca65f5ba68740,2024-07-26T19:15:10.917000 CVE-2024-4201,0,0,ee0badf63a3e9c653031fb01c45e3bab9160ffb251dc5a875d128957347bb089,2024-07-18T19:39:50.667000 CVE-2024-4202,0,0,614a40ef1052d861451b397b9533024f5e9aecccff7f20e945fab06926a9f188,2024-05-15T18:35:11.453000 -CVE-2024-42029,1,1,7624efa481fadca294925d15a56cbfbe32c90de8b83ae40820af25b4ebeb00f5,2024-07-27T04:15:02.760000 +CVE-2024-42029,0,0,7624efa481fadca294925d15a56cbfbe32c90de8b83ae40820af25b4ebeb00f5,2024-07-27T04:15:02.760000 CVE-2024-4203,0,0,52cf8a9be62388459acdc9c8c655685172127a00eca72ac9344c4d8920cfc78f,2024-05-02T18:00:37.360000 CVE-2024-4204,0,0,862cae0d91d079678d989fc30b77e9abff361be6cebd83fcf5dbeecd5c0be203,2024-05-17T18:36:05.263000 CVE-2024-4205,0,0,3bc679c8856618cb4acfda15e793a18c79adc1e7d27d459136a04f77802a5775,2024-05-31T13:01:46.727000 @@ -257482,6 +257482,7 @@ CVE-2024-5964,0,0,d6f5f38a4c6449f04f742ee04a5db3f604bc83ddff32647d9051bd1d156e71 CVE-2024-5965,0,0,9678cf2eb18ba50e506ac9918028ddeb3c443af1b219027dc9d98541cb82736a,2024-06-24T20:00:37.057000 CVE-2024-5966,0,0,554ab96b833511e084a1ba15972a76a5727ada41d1caccbee2c2fb11ec3339d5,2024-06-24T20:00:23.970000 CVE-2024-5967,0,0,c675e381b6c54a17455bb64c66cffebfea8bdbd8774aa5359fba110937f85e27,2024-06-20T12:44:01.637000 +CVE-2024-5969,1,1,4bce38e89141bd32267d977e5315277bb59d3c61b84982c44c2593da2e6610a9,2024-07-27T08:15:01.870000 CVE-2024-5970,0,0,e17a8b7d022fd70a35f0b32d2191e09c5597e5e1c83547c2cb361b6d17360bc1,2024-06-20T12:44:01.637000 CVE-2024-5971,0,0,e4f98c6267afcbb4d9afd3329ec44a1a1f7f72e0048e7418d4a554bf5527a469,2024-07-25T21:15:11.560000 CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000 @@ -257809,6 +257810,7 @@ CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef32 CVE-2024-6453,0,0,f8f94ef1371b1813320fb500c8f5a2a5c78562059f37a370c24f1cfd03cdaa59,2024-07-03T12:53:24.977000 CVE-2024-6455,0,0,8630ebc1a98e741e91f009e85126d02bca9a8a2c6f3c48f74f4c74c8c868f369,2024-07-19T13:01:44.567000 CVE-2024-6457,0,0,2021b397e47ab38cda013de2c201fe3ea53b49570246fbb65269f60be90e5ab4,2024-07-16T13:43:58.773000 +CVE-2024-6458,1,1,59e1cc26c449af8a7075e602764deabe00152e29e028157bff97e92e65f94dff,2024-07-27T09:15:02.123000 CVE-2024-6461,0,0,86a214d0c7bd3f57cea37cd567b01f1a0e55f8d4342f6c7c46fd15b8942c8d90,2024-07-03T21:15:04.580000 CVE-2024-6463,0,0,f8d7d80ca565804c0caafdbc8214fe1eca7dc83d43861affc813af07365c0cc0,2024-07-03T21:15:04.640000 CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356cbf,2024-07-03T21:15:04.697000 @@ -257863,6 +257865,7 @@ CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000 CVE-2024-6565,0,0,43def900ab0d6afe7974c0f6bcdb1952d3f11b54fce1bb808ab6238edf9d39c2,2024-07-16T13:43:58.773000 CVE-2024-6566,0,0,38507063f40cf52a69065d313f22e6175b9750c56aafcc8d30163bf566bf50ff,2024-07-27T02:15:11.920000 +CVE-2024-6569,1,1,25dc79520645b340a3dc8eaca0ed83a5324467a44876ee3685668069ceba99a8,2024-07-27T09:15:02.523000 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000 CVE-2024-6571,0,0,99e28e1eec016aa2ea1a00034153b94fa7a8f3552e46398f5643f95dd38cab4e,2024-07-24T12:55:13.223000 CVE-2024-6573,0,0,e202c92ea4b6cb9cec3c59842954c336f5290759597448badd52afbb1dc3bf95,2024-07-27T02:15:12.130000