Auto-Update: 2024-07-27T10:00:17.224993+00:00

CVE-2024/CVE-2024-59xx/CVE-2024-5969.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-5969",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-27T08:15:01.870",
+  "lastModified": "2024-07-27T08:15:01.870",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-64xx/CVE-2024-6458.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-6458",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-27T09:15:02.123",
+  "lastModified": "2024-07-27T09:15:02.123",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wc-product-table-lite/trunk/presets/presets.php#L120",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125858%40wc-product-table-lite&new=3125858%40wc-product-table-lite&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-65xx/CVE-2024-6569.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-6569",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-27T09:15:02.523",
+  "lastModified": "2024-07-27T09:15:02.523",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/forms-for-campaign-monitor/trunk/forms/views/admin/create.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-07-27T06:00:16.560764+00:00
+2024-07-27T10:00:17.224993+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-07-27T04:15:02.760000+00:00
+2024-07-27T09:15:02.523000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-258074
+258077
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-42029](CVE-2024/CVE-2024-420xx/CVE-2024-42029.json) (`2024-07-27T04:15:02.760`)
+- [CVE-2024-5969](CVE-2024/CVE-2024-59xx/CVE-2024-5969.json) (`2024-07-27T08:15:01.870`)
+- [CVE-2024-6458](CVE-2024/CVE-2024-64xx/CVE-2024-6458.json) (`2024-07-27T09:15:02.123`)
+- [CVE-2024-6569](CVE-2024/CVE-2024-65xx/CVE-2024-6569.json) (`2024-07-27T09:15:02.523`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -256041,7 +256041,7 @@ CVE-2024-4200,0,0,4cd240b08c44457e11ab7d0e46f05e7d4edddbc268bf54e61982ff7b6b50f3
 CVE-2024-42007,0,0,6d84e2a9d95a04e8586c8d84a03cf469cc03d2519b9c47d0f96ca65f5ba68740,2024-07-26T19:15:10.917000
 CVE-2024-4201,0,0,ee0badf63a3e9c653031fb01c45e3bab9160ffb251dc5a875d128957347bb089,2024-07-18T19:39:50.667000
 CVE-2024-4202,0,0,614a40ef1052d861451b397b9533024f5e9aecccff7f20e945fab06926a9f188,2024-05-15T18:35:11.453000
-CVE-2024-42029,1,1,7624efa481fadca294925d15a56cbfbe32c90de8b83ae40820af25b4ebeb00f5,2024-07-27T04:15:02.760000
+CVE-2024-42029,0,0,7624efa481fadca294925d15a56cbfbe32c90de8b83ae40820af25b4ebeb00f5,2024-07-27T04:15:02.760000
 CVE-2024-4203,0,0,52cf8a9be62388459acdc9c8c655685172127a00eca72ac9344c4d8920cfc78f,2024-05-02T18:00:37.360000
 CVE-2024-4204,0,0,862cae0d91d079678d989fc30b77e9abff361be6cebd83fcf5dbeecd5c0be203,2024-05-17T18:36:05.263000
 CVE-2024-4205,0,0,3bc679c8856618cb4acfda15e793a18c79adc1e7d27d459136a04f77802a5775,2024-05-31T13:01:46.727000
@@ -257482,6 +257482,7 @@ CVE-2024-5964,0,0,d6f5f38a4c6449f04f742ee04a5db3f604bc83ddff32647d9051bd1d156e71
 CVE-2024-5965,0,0,9678cf2eb18ba50e506ac9918028ddeb3c443af1b219027dc9d98541cb82736a,2024-06-24T20:00:37.057000
 CVE-2024-5966,0,0,554ab96b833511e084a1ba15972a76a5727ada41d1caccbee2c2fb11ec3339d5,2024-06-24T20:00:23.970000
 CVE-2024-5967,0,0,c675e381b6c54a17455bb64c66cffebfea8bdbd8774aa5359fba110937f85e27,2024-06-20T12:44:01.637000
+CVE-2024-5969,1,1,4bce38e89141bd32267d977e5315277bb59d3c61b84982c44c2593da2e6610a9,2024-07-27T08:15:01.870000
 CVE-2024-5970,0,0,e17a8b7d022fd70a35f0b32d2191e09c5597e5e1c83547c2cb361b6d17360bc1,2024-06-20T12:44:01.637000
 CVE-2024-5971,0,0,e4f98c6267afcbb4d9afd3329ec44a1a1f7f72e0048e7418d4a554bf5527a469,2024-07-25T21:15:11.560000
 CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000
@@ -257809,6 +257810,7 @@ CVE-2024-6452,0,0,c694c1bdf54902e69172121aae2a54d0747cfc16750499c01d3cf3c9c6ef32
 CVE-2024-6453,0,0,f8f94ef1371b1813320fb500c8f5a2a5c78562059f37a370c24f1cfd03cdaa59,2024-07-03T12:53:24.977000
 CVE-2024-6455,0,0,8630ebc1a98e741e91f009e85126d02bca9a8a2c6f3c48f74f4c74c8c868f369,2024-07-19T13:01:44.567000
 CVE-2024-6457,0,0,2021b397e47ab38cda013de2c201fe3ea53b49570246fbb65269f60be90e5ab4,2024-07-16T13:43:58.773000
+CVE-2024-6458,1,1,59e1cc26c449af8a7075e602764deabe00152e29e028157bff97e92e65f94dff,2024-07-27T09:15:02.123000
 CVE-2024-6461,0,0,86a214d0c7bd3f57cea37cd567b01f1a0e55f8d4342f6c7c46fd15b8942c8d90,2024-07-03T21:15:04.580000
 CVE-2024-6463,0,0,f8d7d80ca565804c0caafdbc8214fe1eca7dc83d43861affc813af07365c0cc0,2024-07-03T21:15:04.640000
 CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356cbf,2024-07-03T21:15:04.697000
@@ -257863,6 +257865,7 @@ CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb
 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000
 CVE-2024-6565,0,0,43def900ab0d6afe7974c0f6bcdb1952d3f11b54fce1bb808ab6238edf9d39c2,2024-07-16T13:43:58.773000
 CVE-2024-6566,0,0,38507063f40cf52a69065d313f22e6175b9750c56aafcc8d30163bf566bf50ff,2024-07-27T02:15:11.920000
+CVE-2024-6569,1,1,25dc79520645b340a3dc8eaca0ed83a5324467a44876ee3685668069ceba99a8,2024-07-27T09:15:02.523000
 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000
 CVE-2024-6571,0,0,99e28e1eec016aa2ea1a00034153b94fa7a8f3552e46398f5643f95dd38cab4e,2024-07-24T12:55:13.223000
 CVE-2024-6573,0,0,e202c92ea4b6cb9cec3c59842954c336f5290759597448badd52afbb1dc3bf95,2024-07-27T02:15:12.130000