From bc20592d679c59b47e35e7c7f6544d32639bd95a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 12 Oct 2024 12:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-10-12T12:00:17.468626+00:00 --- CVE-2024/CVE-2024-87xx/CVE-2024-8757.json | 68 +++++++++++++++++++++++ CVE-2024/CVE-2024-89xx/CVE-2024-8902.json | 60 ++++++++++++++++++++ README.md | 14 ++--- _state.csv | 10 ++-- 4 files changed, 140 insertions(+), 12 deletions(-) create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8757.json create mode 100644 CVE-2024/CVE-2024-89xx/CVE-2024-8902.json diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8757.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8757.json new file mode 100644 index 00000000000..d1cd29d4136 --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8757.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-8757", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T10:15:02.687", + "lastModified": "2024-10-12T10:15:02.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/GumGumZz/wordpress/blob/main/wp-post-author.md", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-post-author/trunk/includes/multi-authors/wpa-multi-authors.php#L182", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3166002/wp-post-author/trunk/includes/multi-authors/wpa-multi-authors.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8902.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8902.json new file mode 100644 index 00000000000..9f997c660c7 --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8902.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8902", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T10:15:03.810", + "lastModified": "2024-10-12T10:15:03.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3163899/addon-elements-for-elementor-page-builder", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cfa29dbb743..4bb0e80f1ea 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-12T10:00:16.620153+00:00 +2024-10-12T12:00:17.468626+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-12T09:15:03.590000+00:00 +2024-10-12T10:15:03.810000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265437 +265439 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-8760](CVE-2024/CVE-2024-87xx/CVE-2024-8760.json) (`2024-10-12T09:15:02.677`) -- [CVE-2024-8915](CVE-2024/CVE-2024-89xx/CVE-2024-8915.json) (`2024-10-12T09:15:02.950`) -- [CVE-2024-9595](CVE-2024/CVE-2024-95xx/CVE-2024-9595.json) (`2024-10-12T09:15:03.230`) -- [CVE-2024-9696](CVE-2024/CVE-2024-96xx/CVE-2024-9696.json) (`2024-10-12T09:15:03.590`) +- [CVE-2024-8757](CVE-2024/CVE-2024-87xx/CVE-2024-8757.json) (`2024-10-12T10:15:02.687`) +- [CVE-2024-8902](CVE-2024/CVE-2024-89xx/CVE-2024-8902.json) (`2024-10-12T10:15:03.810`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 556ce1d1394..d3483424c10 100644 --- a/_state.csv +++ b/_state.csv @@ -264955,8 +264955,9 @@ CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f99 CVE-2024-8752,0,0,be5f97c0edf8e6ac8b5e8514ff7047e0f4fcd958517cc5377fbff739f62f1969,2024-09-20T22:42:20.367000 CVE-2024-8754,0,0,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000 CVE-2024-8755,0,0,d48cd781a066209d88f0be43bcbea7039d3c727125dd2ea2d4b21d6a406c14cf,2024-10-11T15:15:06.150000 +CVE-2024-8757,1,1,3a84789f1983e99dbc7bc6577d5feb00e16e25314b27dd6c28a4a95ab66898ef,2024-10-12T10:15:02.687000 CVE-2024-8758,0,0,fea72da3ec447aa80df355b080e42aa6b936f28594d975635bc512eef8e85985,2024-10-07T21:35:03.193000 -CVE-2024-8760,1,1,03352c1eb2ac9432712a82db712313c58c37383e2280bbd1ef44383c1d23d33f,2024-10-12T09:15:02.677000 +CVE-2024-8760,0,0,03352c1eb2ac9432712a82db712313c58c37383e2280bbd1ef44383c1d23d33f,2024-10-12T09:15:02.677000 CVE-2024-8761,0,0,848a595fd57d8370e05b835997d27866b56b6fe7dc68e418780d166762e6c8fc,2024-09-27T18:41:43.043000 CVE-2024-8762,0,0,2877f4481d10e26d4e6bf50e010d02152cab4d90b2c2329689bb4edd4b768ea9,2024-09-14T15:54:10.687000 CVE-2024-8766,0,0,b5c86feebeb7f4c2ef3d57aeff024553a8b8afab58619c1ddcc92e275588dfe2,2024-09-20T12:31:20.110000 @@ -265016,6 +265017,7 @@ CVE-2024-8891,0,0,aa12a440054ffbd9bbb7dd25787b2c9efe1fc6e33a09eaeb1daa5594da775b CVE-2024-8892,0,0,b5404a9c6df12d8f66b57eddda13f138d35d7b48bdd71ae1e8b3a805c49716e0,2024-10-07T17:10:26.673000 CVE-2024-8897,0,0,73bf9affb964d11dd95d3adbb34f86a16b9ae0fd786e64b4bbd48b1e4387bb49,2024-09-25T19:49:02.493000 CVE-2024-8900,0,0,7e1ef63767445d80c050e52e96753e1c9a46fb23d2b1e0137f2a2c5bdcba53e3,2024-10-01T16:15:10.293000 +CVE-2024-8902,1,1,20bd308a683d9cf61f2fe6b88a2625f78a9616f8f272c8988dc5e56b8501fced,2024-10-12T10:15:03.810000 CVE-2024-8903,0,0,2ce54562e46551a15b98a64a6437d41656e447939ac76ef855f5d59decf764b8,2024-09-26T13:32:55.343000 CVE-2024-8904,0,0,d8dcf25b3cbae62dbf75fa5380e6989346805c7240b139b8d28c46adffd353f1,2024-09-20T12:30:51.220000 CVE-2024-8905,0,0,625d5bb69a9f76fcb9a2cd22498ac865437c911f131708c6085adf66bce9c960,2024-09-20T12:30:51.220000 @@ -265028,7 +265030,7 @@ CVE-2024-8911,0,0,3e740b3cf92ecc1f17356bd7912ea5093c6c60b7cb91fb7bff5c155129d89d CVE-2024-8912,0,0,cc754920a66c9505b940e8219b2e4d1d89e8006fc7a2b380aec11b363ea547b9,2024-10-11T19:15:11.110000 CVE-2024-8913,0,0,a55fc5932b647838acfa904d967ecbcbbf1a8451e2d81f1f3b7968e9aadf354c,2024-10-11T13:15:17.040000 CVE-2024-8914,0,0,c67ce2c8d24044b482c9bbb33384856203ff5bb870309850d7df3d6267c1b679,2024-09-26T13:32:02.803000 -CVE-2024-8915,1,1,3d7924a02140bffa633b7bd8d59b4b3fbe9f92ae6bde22761e2a4adcfdb52420,2024-10-12T09:15:02.950000 +CVE-2024-8915,0,0,3d7924a02140bffa633b7bd8d59b4b3fbe9f92ae6bde22761e2a4adcfdb52420,2024-10-12T09:15:02.950000 CVE-2024-8917,0,0,32a69b030ac61cd4e144a233fc55362cc6115ccb6ecca5ec236644320a2aecf1,2024-09-30T14:30:38.687000 CVE-2024-8919,0,0,e01b61fd584c4fffdfd8e5db7a09e1be1033f5c7df5b5418d10948726a2bc540,2024-09-30T15:08:14.077000 CVE-2024-8922,0,0,8e0e34187cf2453e3fbc920fc9b2ec5c27a6978605c90cb2daa5d0ef90213fbe,2024-10-04T19:11:47.217000 @@ -265370,7 +265372,7 @@ CVE-2024-9581,0,0,dcdedf39f55e8b175c72a20e72a1aed92038e920265594b4fc9925b7183ce1 CVE-2024-9586,0,0,4368833d576d2d29a3be207ba4d3db2b319533357ac5aa66b9912c07cc7722e0,2024-10-11T13:15:19.823000 CVE-2024-9587,0,0,38b4a379414497cd2c9f8e85abebac51b195781f8244dd7e6f13a7498e2e9af2,2024-10-11T13:15:20.043000 CVE-2024-9592,0,0,0f39969df8cdd7221e2f8596842e380d11b968fb83c9650c71ea7d95ce8c2502,2024-10-12T03:15:02.243000 -CVE-2024-9595,1,1,038cc18ae435612d58f078c33771272fd0e9d6928588729ef19a0045b7a00bbd,2024-10-12T09:15:03.230000 +CVE-2024-9595,0,0,038cc18ae435612d58f078c33771272fd0e9d6928588729ef19a0045b7a00bbd,2024-10-12T09:15:03.230000 CVE-2024-9596,0,0,41f14771e651cbc1c37017cbe5a91040128a2c351e859a7b312163502a24a950,2024-10-10T12:51:56.987000 CVE-2024-9602,0,0,296483daa0f02222bb5f79446d51c7890118dbb294ec1c3853abb9b3dfc7ffb2,2024-10-10T12:51:56.987000 CVE-2024-9603,0,0,f06afeee14d2c3a95b2fa9bd06bec0b0c1ce9ce3a2d2cc5d2614c0b7bfd8287c,2024-10-10T12:51:56.987000 @@ -265387,7 +265389,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000 CVE-2024-9680,0,0,a011127e762167171e169cf1c5c34d37941413b66fef20ba90b60170aec9759f,2024-10-11T13:15:21.013000 CVE-2024-9685,0,0,0533577bd5534b2238dda3fc39c720d3ca57598c0c892e8a746063784dfa2119,2024-10-10T12:51:56.987000 -CVE-2024-9696,1,1,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000 +CVE-2024-9696,0,0,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000 CVE-2024-9704,0,0,eac985eabca9a3c6a15dbb5a4e611613c412ae3dd37df6667fc5aafbc6bc84d5,2024-10-12T07:15:02.570000 CVE-2024-9707,0,0,5022899338c6a36d44072ae7018b6a919d11834b1f5740a300f73a64606c0150,2024-10-11T13:15:21.233000 CVE-2024-9756,0,0,68b121e1aaaab7f10ceb18cbdb5136f7cd438a7e04d1f722b0583aec18b45115,2024-10-12T07:15:02.820000