Auto-Update: 2024-10-12T12:00:17.468626+00:00

2025-07-11 16:13:34 +00:00 · 2024-10-12 12:03:18 +00:00 · 2024-10-12 12:03:18 +00:00 · bc20592d67
commit bc20592d67
parent 7c3ec47245
4 changed files with 140 additions and 12 deletions
--- a/CVE-2024/CVE-2024-87xx/CVE-2024-8757.json
+++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8757.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-8757",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-12T10:15:02.687",
+  "lastModified": "2024-10-12T10:15:02.687",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Post Author \u2013 Boost Your Blog&#039;s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/GumGumZz/wordpress/blob/main/wp-post-author.md",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-post-author/trunk/includes/multi-authors/wpa-multi-authors.php#L182",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3166002/wp-post-author/trunk/includes/multi-authors/wpa-multi-authors.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-89xx/CVE-2024-8902.json
+++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8902.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8902",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-12T10:15:03.810",
+  "lastModified": "2024-10-12T10:15:03.810",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3163899/addon-elements-for-elementor-page-builder",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-12T10:00:16.620153+00:00
+2024-10-12T12:00:17.468626+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-12T09:15:03.590000+00:00
+2024-10-12T10:15:03.810000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-265437
+265439
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

- [CVE-2024-8760](CVE-2024/CVE-2024-87xx/CVE-2024-8760.json) (`2024-10-12T09:15:02.677`)
- [CVE-2024-8915](CVE-2024/CVE-2024-89xx/CVE-2024-8915.json) (`2024-10-12T09:15:02.950`)
- [CVE-2024-9595](CVE-2024/CVE-2024-95xx/CVE-2024-9595.json) (`2024-10-12T09:15:03.230`)
- [CVE-2024-9696](CVE-2024/CVE-2024-96xx/CVE-2024-9696.json) (`2024-10-12T09:15:03.590`)
+- [CVE-2024-8757](CVE-2024/CVE-2024-87xx/CVE-2024-8757.json) (`2024-10-12T10:15:02.687`)
+- [CVE-2024-8902](CVE-2024/CVE-2024-89xx/CVE-2024-8902.json) (`2024-10-12T10:15:03.810`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -264955,8 +264955,9 @@ CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f99
 CVE-2024-8752,0,0,be5f97c0edf8e6ac8b5e8514ff7047e0f4fcd958517cc5377fbff739f62f1969,2024-09-20T22:42:20.367000
 CVE-2024-8754,0,0,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000
 CVE-2024-8755,0,0,d48cd781a066209d88f0be43bcbea7039d3c727125dd2ea2d4b21d6a406c14cf,2024-10-11T15:15:06.150000
+CVE-2024-8757,1,1,3a84789f1983e99dbc7bc6577d5feb00e16e25314b27dd6c28a4a95ab66898ef,2024-10-12T10:15:02.687000
 CVE-2024-8758,0,0,fea72da3ec447aa80df355b080e42aa6b936f28594d975635bc512eef8e85985,2024-10-07T21:35:03.193000
-CVE-2024-8760,1,1,03352c1eb2ac9432712a82db712313c58c37383e2280bbd1ef44383c1d23d33f,2024-10-12T09:15:02.677000
+CVE-2024-8760,0,0,03352c1eb2ac9432712a82db712313c58c37383e2280bbd1ef44383c1d23d33f,2024-10-12T09:15:02.677000
 CVE-2024-8761,0,0,848a595fd57d8370e05b835997d27866b56b6fe7dc68e418780d166762e6c8fc,2024-09-27T18:41:43.043000
 CVE-2024-8762,0,0,2877f4481d10e26d4e6bf50e010d02152cab4d90b2c2329689bb4edd4b768ea9,2024-09-14T15:54:10.687000
 CVE-2024-8766,0,0,b5c86feebeb7f4c2ef3d57aeff024553a8b8afab58619c1ddcc92e275588dfe2,2024-09-20T12:31:20.110000
@ -265016,6 +265017,7 @@ CVE-2024-8891,0,0,aa12a440054ffbd9bbb7dd25787b2c9efe1fc6e33a09eaeb1daa5594da775b
 CVE-2024-8892,0,0,b5404a9c6df12d8f66b57eddda13f138d35d7b48bdd71ae1e8b3a805c49716e0,2024-10-07T17:10:26.673000
 CVE-2024-8897,0,0,73bf9affb964d11dd95d3adbb34f86a16b9ae0fd786e64b4bbd48b1e4387bb49,2024-09-25T19:49:02.493000
 CVE-2024-8900,0,0,7e1ef63767445d80c050e52e96753e1c9a46fb23d2b1e0137f2a2c5bdcba53e3,2024-10-01T16:15:10.293000
+CVE-2024-8902,1,1,20bd308a683d9cf61f2fe6b88a2625f78a9616f8f272c8988dc5e56b8501fced,2024-10-12T10:15:03.810000
 CVE-2024-8903,0,0,2ce54562e46551a15b98a64a6437d41656e447939ac76ef855f5d59decf764b8,2024-09-26T13:32:55.343000
 CVE-2024-8904,0,0,d8dcf25b3cbae62dbf75fa5380e6989346805c7240b139b8d28c46adffd353f1,2024-09-20T12:30:51.220000
 CVE-2024-8905,0,0,625d5bb69a9f76fcb9a2cd22498ac865437c911f131708c6085adf66bce9c960,2024-09-20T12:30:51.220000
@ -265028,7 +265030,7 @@ CVE-2024-8911,0,0,3e740b3cf92ecc1f17356bd7912ea5093c6c60b7cb91fb7bff5c155129d89d
 CVE-2024-8912,0,0,cc754920a66c9505b940e8219b2e4d1d89e8006fc7a2b380aec11b363ea547b9,2024-10-11T19:15:11.110000
 CVE-2024-8913,0,0,a55fc5932b647838acfa904d967ecbcbbf1a8451e2d81f1f3b7968e9aadf354c,2024-10-11T13:15:17.040000
 CVE-2024-8914,0,0,c67ce2c8d24044b482c9bbb33384856203ff5bb870309850d7df3d6267c1b679,2024-09-26T13:32:02.803000
-CVE-2024-8915,1,1,3d7924a02140bffa633b7bd8d59b4b3fbe9f92ae6bde22761e2a4adcfdb52420,2024-10-12T09:15:02.950000
+CVE-2024-8915,0,0,3d7924a02140bffa633b7bd8d59b4b3fbe9f92ae6bde22761e2a4adcfdb52420,2024-10-12T09:15:02.950000
 CVE-2024-8917,0,0,32a69b030ac61cd4e144a233fc55362cc6115ccb6ecca5ec236644320a2aecf1,2024-09-30T14:30:38.687000
 CVE-2024-8919,0,0,e01b61fd584c4fffdfd8e5db7a09e1be1033f5c7df5b5418d10948726a2bc540,2024-09-30T15:08:14.077000
 CVE-2024-8922,0,0,8e0e34187cf2453e3fbc920fc9b2ec5c27a6978605c90cb2daa5d0ef90213fbe,2024-10-04T19:11:47.217000
@ -265370,7 +265372,7 @@ CVE-2024-9581,0,0,dcdedf39f55e8b175c72a20e72a1aed92038e920265594b4fc9925b7183ce1
 CVE-2024-9586,0,0,4368833d576d2d29a3be207ba4d3db2b319533357ac5aa66b9912c07cc7722e0,2024-10-11T13:15:19.823000
 CVE-2024-9587,0,0,38b4a379414497cd2c9f8e85abebac51b195781f8244dd7e6f13a7498e2e9af2,2024-10-11T13:15:20.043000
 CVE-2024-9592,0,0,0f39969df8cdd7221e2f8596842e380d11b968fb83c9650c71ea7d95ce8c2502,2024-10-12T03:15:02.243000
-CVE-2024-9595,1,1,038cc18ae435612d58f078c33771272fd0e9d6928588729ef19a0045b7a00bbd,2024-10-12T09:15:03.230000
+CVE-2024-9595,0,0,038cc18ae435612d58f078c33771272fd0e9d6928588729ef19a0045b7a00bbd,2024-10-12T09:15:03.230000
 CVE-2024-9596,0,0,41f14771e651cbc1c37017cbe5a91040128a2c351e859a7b312163502a24a950,2024-10-10T12:51:56.987000
 CVE-2024-9602,0,0,296483daa0f02222bb5f79446d51c7890118dbb294ec1c3853abb9b3dfc7ffb2,2024-10-10T12:51:56.987000
 CVE-2024-9603,0,0,f06afeee14d2c3a95b2fa9bd06bec0b0c1ce9ce3a2d2cc5d2614c0b7bfd8287c,2024-10-10T12:51:56.987000
@ -265387,7 +265389,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f
 CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000
 CVE-2024-9680,0,0,a011127e762167171e169cf1c5c34d37941413b66fef20ba90b60170aec9759f,2024-10-11T13:15:21.013000
 CVE-2024-9685,0,0,0533577bd5534b2238dda3fc39c720d3ca57598c0c892e8a746063784dfa2119,2024-10-10T12:51:56.987000
-CVE-2024-9696,1,1,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000
+CVE-2024-9696,0,0,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000
 CVE-2024-9704,0,0,eac985eabca9a3c6a15dbb5a4e611613c412ae3dd37df6667fc5aafbc6bc84d5,2024-10-12T07:15:02.570000
 CVE-2024-9707,0,0,5022899338c6a36d44072ae7018b6a919d11834b1f5740a300f73a64606c0150,2024-10-11T13:15:21.233000
 CVE-2024-9756,0,0,68b121e1aaaab7f10ceb18cbdb5136f7cd438a7e04d1f722b0583aec18b45115,2024-10-12T07:15:02.820000