Auto-Update: 2024-05-18T06:00:37.768348+00:00

2025-05-08 11:37:26 +00:00 · 2024-05-18 06:03:28 +00:00 · 2024-05-18 06:03:28 +00:00 · c767191d75
commit c767191d75
parent 2504b0848a
6 changed files with 170 additions and 19 deletions
--- a/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json
+++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3437.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-3437",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-04-08T00:15:08.537",
-  "lastModified": "2024-05-17T02:39:56.097",
+  "lastModified": "2024-05-18T05:15:46.150",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -21,19 +21,19 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
-          "privilegesRequired": "HIGH",
+          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
-          "baseScore": 4.7,
-          "baseSeverity": "MEDIUM"
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
        },
-        "exploitabilityScore": 1.2,
+        "exploitabilityScore": 3.9,
        "impactScore": 3.4
      }
    ],
@ -43,17 +43,17 @@
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
-          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
-          "authentication": "MULTIPLE",
+          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
-          "baseScore": 5.8
+          "baseScore": 7.5
        },
-        "baseSeverity": "MEDIUM",
-        "exploitabilityScore": 6.4,
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3714.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3714.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3714",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-18T05:15:46.520",
+  "lastModified": "2024-05-18T05:15:46.520",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3083390/give/tags/3.11.0/includes/class-give-donate-form.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-43xx/CVE-2024-4374.json
+++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4374.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-4374",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-18T05:15:46.733",
+  "lastModified": "2024-05-18T05:15:46.733",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3088000%40dethemekit-for-elementor&new=3088000%40dethemekit-for-elementor&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd9384c-5af3-4544-8179-c2f5550dd152?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-48xx/CVE-2024-4891.json
+++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4891.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-4891",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-18T05:15:46.917",
+  "lastModified": "2024-05-18T05:15:46.917",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/blocks/AdvancedHeading.php#L115",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3087677/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bcebb3-920b-40cc-aa5c-24a1f729b28d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-18T04:00:37.537745+00:00
+2024-05-18T06:00:37.768348+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-18T03:15:06.340000+00:00
+2024-05-18T05:15:46.917000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-250623
+250626
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2024-4865](CVE-2024/CVE-2024-48xx/CVE-2024-4865.json) (`2024-05-18T03:15:06.340`)
+- [CVE-2024-3714](CVE-2024/CVE-2024-37xx/CVE-2024-3714.json) (`2024-05-18T05:15:46.520`)
+- [CVE-2024-4374](CVE-2024/CVE-2024-43xx/CVE-2024-4374.json) (`2024-05-18T05:15:46.733`)
+- [CVE-2024-4891](CVE-2024/CVE-2024-48xx/CVE-2024-4891.json) (`2024-05-18T05:15:46.917`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2024-3437](CVE-2024/CVE-2024-34xx/CVE-2024-3437.json) (`2024-05-18T05:15:46.150`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -249394,7 +249394,7 @@ CVE-2024-34366,0,0,25eb851eb2f231dff6589bef7d2a42ccb066a9937b2c8dd9550db97a42376
 CVE-2024-34367,0,0,71d4be6198e4635d1e3c7d4a37f4152439ba7ccd61f31e7e76f4c81875c262d4,2024-05-06T19:53:38.797000
 CVE-2024-34368,0,0,4903b79ce8f618d0b1d0d013639d45a4b6153544dfe155bf918623d214d25e20,2024-05-06T19:53:38.797000
 CVE-2024-34369,0,0,43ae6e229d2787fd10cd297ec9e349b88579a4bb4535eedd72dead9653248f3c,2024-05-06T19:53:38.797000
-CVE-2024-3437,0,0,a8455c6ec73ec4b28146267eb8bc8bcebef11156b28339dbc3a0817cad1e2f02,2024-05-17T02:39:56.097000
+CVE-2024-3437,0,1,38c43ea03da10ab778450ecd9b17252c40003e9b31ec84914cfa672f1cc45337,2024-05-18T05:15:46.150000
 CVE-2024-34370,0,0,1fe718a2eee649d566d79376ebcfe560f8db7814624596f121d4d79c81882b11,2024-05-17T18:36:05.263000
 CVE-2024-34371,0,0,221cb018c67b2ca9bbf34009d8128ce932e1ca2cdc202136c2419b8ed0256afb,2024-05-06T19:53:38.797000
 CVE-2024-34372,0,0,e4943efa5e4e5fb2e57655cdebc39d5c23b50034b23eb8f2d018eb8338330daf,2024-05-06T19:53:38.797000
@ -249890,6 +249890,7 @@ CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff3
 CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000
 CVE-2024-3706,0,0,93b27543775cdce8e7b256b8d014ea258e7a61f0ddb1cca03581da1a85330700,2024-04-15T13:15:51.577000
 CVE-2024-3707,0,0,cb892298714e8d1628bf09ece0bc00ef0a1a1429034ce83bb3286f4d822c160d,2024-04-15T13:15:51.577000
+CVE-2024-3714,1,1,b57899bf4e81fdc0ba3a9f38ed0cf5b27563f225fe7b0f4e6e4acfb83260168e,2024-05-18T05:15:46.520000
 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000
 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000
 CVE-2024-3719,0,0,98817b00c300460b7ee17e28b90d655bc3286869de6cea5831a06059286a41a5,2024-05-17T02:40:05.100000
@ -250283,6 +250284,7 @@ CVE-2024-4368,0,0,0ee02ebde276d817508f5495294b3429c463a1f4241660388e0c329992e72b
 CVE-2024-4369,0,0,ab5992320463150d25768d540495632f3cea0e672e96fca10ae18e5fed17e7b3,2024-05-02T03:15:15.027000
 CVE-2024-4370,0,0,9cb4b287947cccbb5312f0b956bd28c5e0677f742a744bda42968ce33f6a04bb,2024-05-15T16:40:19.330000
 CVE-2024-4373,0,0,1ffc43bce359a7dc4906a84b6fc8a1ff35c385d778f8a99a36e9677433d92d07,2024-05-15T16:40:19.330000
+CVE-2024-4374,1,1,509f60ac40a5583989d86027571d7dd8b31bf8b38e963c7743b38df392611aed,2024-05-18T05:15:46.733000
 CVE-2024-4383,0,0,5a1fe08151a13ea21e71cf2d0c78ad0aa3b9532b0b753d777378763b8935a44b,2024-05-14T16:11:39.510000
 CVE-2024-4385,0,0,ca3b527b38ef117a25bd1a563993108f86670c5409f332b50d53521ab7d618e2,2024-05-16T13:03:05.353000
 CVE-2024-4386,0,0,e3470cc6a1cc1ee4032b4297ad39fc1eda67f128aadce11b5ef951d1e0deaf83,2024-05-14T16:11:39.510000
@ -250541,8 +250543,9 @@ CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a562846
 CVE-2024-4855,0,0,bb7758177ed568c219e106881d12c1be9e05abe80abbc1ed8dc52d386d88e25c,2024-05-14T16:11:39.510000
 CVE-2024-4859,0,0,0e7c5125874f1925896116e914ab4a4e3b887f22c447a3549ca2e9da643585d9,2024-05-14T19:17:55.627000
 CVE-2024-4860,0,0,4e8a6a855a2e6e16dad5d91e17b904b6b709d252c51887af538903d405cd55bc,2024-05-14T19:17:55.627000
-CVE-2024-4865,1,1,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000
+CVE-2024-4865,0,0,032346425f8b5668fc5a6b0234d4962cfd8194d1fdff4ed62ae7461812424243,2024-05-18T03:15:06.340000
 CVE-2024-4871,0,0,8ab16008698c56948c2f0ae8cf729bc698d4cce8f05c254b91a2ba1c9d6200d3,2024-05-14T19:17:55.627000
+CVE-2024-4891,1,1,e927ef516e79f1f82b710fc93245e2976a4ebaebf27d0810ac01907f3f3d2a4c,2024-05-18T05:15:46.917000
 CVE-2024-4893,0,0,8ffb453add192bbe3edd5219a0cc1fecef136881814a15b6a6fff19e64221c30,2024-05-15T16:40:19.330000
 CVE-2024-4894,0,0,6ac5cb6e261d69ae931137ad62bda7bde45e9f279ec9c4c45067086e1e08f8a1,2024-05-15T16:40:19.330000
 CVE-2024-4903,0,0,9a411d9f215d13d2c422791efc5893252c00fbd9ad8c56cc74522677d5819e4f,2024-05-17T02:40:40.423000