Auto-Update: 2025-03-08T15:00:19.377969+00:00

2025-05-07 19:16:29 +00:00 · 2025-03-08 15:03:47 +00:00 · 2025-03-08 15:03:47 +00:00 · b070c999b6
commit b070c999b6
parent 8bf36d3533
4 changed files with 136 additions and 12 deletions
--- a/CVE-2024/CVE-2024-103xx/CVE-2024-10326.json
+++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10326.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-10326",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-08T13:15:11.050",
+  "lastModified": "2025-03-08T13:15:11.050",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3231792/rometheme-for-elementor",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-139xx/CVE-2024-13924.json
+++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13924.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13924",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-08T13:15:12.160",
+  "lastModified": "2025-03-08T13:15:12.160",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/starter-templates/trunk/classess/class-export.php#L3",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9355b100-08a9-4640-a91b-e56ba1ab9b07?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-08T13:00:19.756740+00:00
+2025-03-08T15:00:19.377969+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-08T12:15:36.010000+00:00
+2025-03-08T13:15:12.160000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-284550
+284552
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

- [CVE-2024-11640](CVE-2024/CVE-2024-116xx/CVE-2024-11640.json) (`2025-03-08T12:15:34.510`)
- [CVE-2024-13649](CVE-2024/CVE-2024-136xx/CVE-2024-13649.json) (`2025-03-08T12:15:35.667`)
- [CVE-2024-13675](CVE-2024/CVE-2024-136xx/CVE-2024-13675.json) (`2025-03-08T12:15:35.847`)
- [CVE-2025-1664](CVE-2025/CVE-2025-16xx/CVE-2025-1664.json) (`2025-03-08T12:15:36.010`)
+- [CVE-2024-10326](CVE-2024/CVE-2024-103xx/CVE-2024-10326.json) (`2025-03-08T13:15:11.050`)
+- [CVE-2024-13924](CVE-2024/CVE-2024-139xx/CVE-2024-13924.json) (`2025-03-08T13:15:12.160`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -244539,6 +244539,7 @@ CVE-2024-10322,0,0,65e160abc627e6b2fb9f1eeeb2a4000315ec9c0044ac5b8e323b66f8d27f2
 CVE-2024-10323,0,0,74c01ce4124a9449f0a3de143c2d6269eaaed2dcc05dfdfdac09c2b033a02614,2025-02-05T17:18:49.550000
 CVE-2024-10324,0,0,cfaeca60a4f0aa309330a37a66e2005b2fce423bc7c33f12b5f1c3188e784a63,2025-02-04T19:41:41.250000
 CVE-2024-10325,0,0,50164109bc79e97836e82121f62c8560adaed8b05d99b6cbe7e736c6f6cb196a,2024-11-13T20:01:05.097000
+CVE-2024-10326,1,1,865cac4c5f128a162fae56a41197e6ba059255f74496ec3837cfd36e082fceff,2025-03-08T13:15:11.050000
 CVE-2024-10327,0,0,617a4d395486d23ce50d5a586c94c2ff3daf8827139e812231380168dcff8e94,2024-10-25T12:56:07.750000
 CVE-2024-10329,0,0,94fb4c89783f4f56c3fde9a354774d639a28f26feb5034ca8d1df1766578ff46,2024-11-08T15:59:16.407000
 CVE-2024-1033,0,0,0ebd094b5e36eb84c86356f7abcaa085e713213c3f39a08a73759a5dc273336c,2024-11-21T08:49:38.737000
@ -245754,7 +245755,7 @@ CVE-2024-11636,0,0,477a215831f10296b9ea3788441fcca038078cee1d80a9e966a40e92f5b59
 CVE-2024-11637,0,0,5348ca65261140ae16ec15332c773ee06343664939e89530c0d5541b934692f4,2025-01-14T02:15:07.907000
 CVE-2024-11639,0,0,b0b1970767477e87b7cf619e96fa5cb2fbca7d53895c7bdaf49d93303071061e,2025-01-17T19:40:09.763000
 CVE-2024-1164,0,0,d6b3223f31512976ce37113225736cbf014a2aac3d8c295ef68c5d3e3fda5f16,2025-01-16T15:08:00.773000
-CVE-2024-11640,1,1,703b195ff151c253fbe91a68928542f3fce11ad9103611204a13abf98a6770f0,2025-03-08T12:15:34.510000
+CVE-2024-11640,0,0,703b195ff151c253fbe91a68928542f3fce11ad9103611204a13abf98a6770f0,2025-03-08T12:15:34.510000
 CVE-2024-11641,0,0,20719e3ee976283b9a7934c37bbd4612fa4737b57cfa3f2de0d4ef1980cb2d44,2025-02-04T19:53:14.457000
 CVE-2024-11642,0,0,e083dfd7b8388b09206f810c50ef0061b39601a9804b6746591b0dd89f756ab4,2025-01-09T11:15:10.187000
 CVE-2024-11643,0,0,ae78ce4f54b48c77ffb4df12d001ddabc5e672affe5a377c6c988d0deb6a52af,2024-12-04T16:15:24.177000
@ -247625,7 +247626,7 @@ CVE-2024-13644,0,0,64cef7310d19b282392436c6941be53a7496c3c7abf46493750d161d9bcf2
 CVE-2024-13646,0,0,df579ebc80f166383afd2bf72cceedaa012995a592dad78c8758f9a4e2dd62bd,2025-01-31T18:19:45.780000
 CVE-2024-13647,0,0,c9197efb87fe127cac62694e00d56e11ef557d975a1d54b713426e595b9b17b8,2025-02-27T05:15:13.430000
 CVE-2024-13648,0,0,8f62ea1c5007901a89b064138ec6b8d294bdb0d08cd28f0fa62f3f5d12de0925,2025-02-25T03:30:34.843000
-CVE-2024-13649,1,1,69f827e36195313f8971dd7132db8083572da975614b246ff81ed5b71b1449af,2025-03-08T12:15:35.667000
+CVE-2024-13649,0,0,69f827e36195313f8971dd7132db8083572da975614b246ff81ed5b71b1449af,2025-03-08T12:15:35.667000
 CVE-2024-1365,0,0,0f6156fbf2b7d3a217bf5d4ee39b3ca345099663b38e102dcb249b872d4e92ab,2024-11-21T08:50:25.350000
 CVE-2024-13651,0,0,3106185ed2d2390fe0c7db6d51838d5c676d3b37bd6958033551790a08b59a48,2025-02-21T15:55:18.263000
 CVE-2024-13652,0,0,ed8d8236d1a3115f336400cbdd4ac56e250a414778c3b1c32835210395f1f04d,2025-01-31T18:21:53.167000
@ -247651,7 +247652,7 @@ CVE-2024-13670,0,0,690ebcbb95d3f98eab9f8ee4f1517c6db5063e5d1de1041c36e188175dd1f
 CVE-2024-13671,0,0,ae3f820669c60d968ca7475f09981b5aa31ebc6a060e50869f9d2043fe693b44,2025-01-31T17:50:24.757000
 CVE-2024-13672,0,0,b657627b836aff961dfe7c8e7190f58e40cb21b24e74a86e6fd4400f2deb3828,2025-02-25T17:25:28.947000
 CVE-2024-13674,0,0,54ae91efb964a97c020a56c0dc911089c6453b2f94aff9911e1183d8467fcb56,2025-02-19T08:15:18.823000
-CVE-2024-13675,1,1,6f70dc84bab2e05ec212aff9c800c39bd3adc6852a83a38ccfc63dc9e432001b,2025-03-08T12:15:35.847000
+CVE-2024-13675,0,0,6f70dc84bab2e05ec212aff9c800c39bd3adc6852a83a38ccfc63dc9e432001b,2025-03-08T12:15:35.847000
 CVE-2024-13676,0,0,0ccce7847f88b81e769d1f66635bc0e63798d789429624b628d16cdf7698272c,2025-02-19T08:15:19.190000
 CVE-2024-13677,0,0,13401c1b73282722904b75cd499f0a3bc9825602c732ed33fda81e11a6c0d93a,2025-02-21T16:03:44.037000
 CVE-2024-13678,0,0,4c2eb6970d44a6b1de676249027719a3b828f4d665df355d620115c9fb619d76,2025-02-26T15:15:23.433000
@ -247830,6 +247831,7 @@ CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7
 CVE-2024-13910,0,0,1da974c8b4278339ddaf4e1b70396d7d0139387963424ab28e0cb7907c842a5e,2025-03-01T09:15:09.517000
 CVE-2024-13911,0,0,5c6ec30a98a23b22a75401ffb9290b39df569bd0f5609894fc8fdc52c5d0d4f8,2025-03-01T08:15:33.803000
 CVE-2024-1392,0,0,7d376d426c7bde42291bb43e543815dd80a04cb004b570eb44a0e5840366c498,2025-01-17T19:53:57.010000
+CVE-2024-13924,1,1,623f22e67c236278ca920e96a81e7b261b9ec578974ede6c7601d32ce0e02517,2025-03-08T13:15:12.160000
 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000
 CVE-2024-1394,0,0,3bfb4bdf7cbd2e83903d52b6ed8359606dbe1ee24d71dfdae11060be7f14efdb,2024-11-21T08:50:29.120000
 CVE-2024-1395,0,0,aa14344d5f3c417e75370dfad240218276bccf85a1cff8add87ecef1ce7213df,2024-11-21T08:50:29.483000
@ -281094,7 +281096,7 @@ CVE-2025-1645,0,0,04ec87d98beb60cc953f9d19acf54f139fb80161a3db0460324c4b28ab5996
 CVE-2025-1646,0,0,82269c59d8fff978173814c505cbeb09d268e21305971283c38395c7897fc304,2025-02-25T14:15:31.320000
 CVE-2025-1648,0,0,01be54e92ee6583d4b180477f3f82c99c2017256ad3257671bbc83775fcbe841,2025-02-28T01:30:32.830000
 CVE-2025-1662,0,0,f747ba4edfe81f2cc6bd228a54a69ac8ef31e80bbf16aa2517aaed153638e887,2025-03-06T15:00:16.447000
-CVE-2025-1664,1,1,928cb3965a19577a81242a6eb1ec59c4bb6442769e32edf43d299744e6de1a44,2025-03-08T12:15:36.010000
+CVE-2025-1664,0,0,928cb3965a19577a81242a6eb1ec59c4bb6442769e32edf43d299744e6de1a44,2025-03-08T12:15:36.010000
 CVE-2025-1666,0,0,ea2a7fe153b3bd999a528b5a5c12f9cc09134d2f6112f43b8b3a66a17753fd12,2025-03-06T12:15:36.117000
 CVE-2025-1671,0,0,dfe1ff393d446d4a55c0e76e273c07a93a52c6ac6df15c5814731fbc40a9a1ea,2025-03-01T08:15:34.320000
 CVE-2025-1672,0,0,7a20675a12af4d2fa4d4625b3c2a44c55632de2b78981cd05f1c08d4059e6b7d,2025-03-06T10:15:11.897000