Auto-Update: 2024-06-05T04:00:37.950058+00:00

2025-05-07 19:16:29 +00:00 · 2024-06-05 04:03:32 +00:00 · 2024-06-05 04:03:32 +00:00 · c77518d25b
commit c77518d25b
parent 32d5e60dfa
4 changed files with 108 additions and 16 deletions
--- a/CVE-2024/CVE-2024-53xx/CVE-2024-5317.json
+++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5317.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-5317",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-05T02:15:10.163",
+  "lastModified": "2024-06-05T02:15:10.163",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3095002/newsletter",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4876e05e-efa6-46c6-832b-9ecc42934998?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5483.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5483.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-5483",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-05T03:15:08.810",
+  "lastModified": "2024-06-05T03:15:08.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8/inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php#L130",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-05T02:00:29.942309+00:00
+2024-06-05T04:00:37.950058+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-05T01:15:11.470000+00:00
+2024-06-05T03:15:08.810000+00:00
 ```

 ### Last Data Feed Release
@ -33,19 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-252678
+252680
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `2`

- [CVE-2020-27354](CVE-2020/CVE-2020-273xx/CVE-2020-27354.json) (`2024-06-05T00:15:09.547`)
- [CVE-2020-27355](CVE-2020/CVE-2020-273xx/CVE-2020-27355.json) (`2024-06-05T00:15:09.617`)
- [CVE-2020-35153](CVE-2020/CVE-2020-351xx/CVE-2020-35153.json) (`2024-06-05T00:15:09.680`)
- [CVE-2020-35154](CVE-2020/CVE-2020-351xx/CVE-2020-35154.json) (`2024-06-05T00:15:09.740`)
- [CVE-2024-4084](CVE-2024/CVE-2024-40xx/CVE-2024-4084.json) (`2024-06-05T00:15:09.840`)
- [CVE-2024-5636](CVE-2024/CVE-2024-56xx/CVE-2024-5636.json) (`2024-06-05T01:15:11.470`)
+- [CVE-2024-5317](CVE-2024/CVE-2024-53xx/CVE-2024-5317.json) (`2024-06-05T02:15:10.163`)
+- [CVE-2024-5483](CVE-2024/CVE-2024-54xx/CVE-2024-5483.json) (`2024-06-05T03:15:08.810`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -156049,8 +156049,8 @@ CVE-2020-2735,0,0,5ed2dcc843c2aa0f70c01b3b04a7d2d4a91ff944b2732397fc6241efa2aaec
 CVE-2020-27350,0,0,af17d465acd51bc162bfc23e932ea96c98e49e911a17cd3c85b21ce58f1c65ff,2022-10-29T02:41:36.810000
 CVE-2020-27351,0,0,23ce876d0cc9cd7447f4adbd408d27289c1b3011c303be7d699e76c691aa1761,2020-12-14T19:56:18.940000
 CVE-2020-27353,0,0,dc1a7f42a9a4f966e49a5b6386fd9687eba1eac037e40cb29822574f6ad4b163,2024-06-04T23:15:09.320000
-CVE-2020-27354,1,1,45dbf196c098dca554d5a1355d73bf4a1e889b5e4842af65035d79e289fb9b14,2024-06-05T00:15:09.547000
-CVE-2020-27355,1,1,a2f55d973e1e8b65f87c5f3fb63316f566dec73ca1e0dd417dfb723f7fe99ad0,2024-06-05T00:15:09.617000
+CVE-2020-27354,0,0,45dbf196c098dca554d5a1355d73bf4a1e889b5e4842af65035d79e289fb9b14,2024-06-05T00:15:09.547000
+CVE-2020-27355,0,0,a2f55d973e1e8b65f87c5f3fb63316f566dec73ca1e0dd417dfb723f7fe99ad0,2024-06-05T00:15:09.617000
 CVE-2020-27356,0,0,089f01c399a236bad80d4090623c0fa328c5cf5907b8a912ffebef424b4740dd,2021-12-08T16:57:12.960000
 CVE-2020-27358,0,0,6d0391d06fa8e5f5e96d7f74c2ec950d58c943804da0f8b70b35f9a21e18d415,2021-07-01T16:55:07.650000
 CVE-2020-27359,0,0,1b672b1aa2a4941a9463e7878574188197e630869b0f92eb03b2c42c42b6327c,2020-11-04T16:31:32.460000
@ -157971,8 +157971,8 @@ CVE-2020-35149,0,0,b43e9665044c9fefe2cb3d7554a766c9c42acc393317f1558fd074f373470
 CVE-2020-3515,0,0,0ecdadecdd82558497998d8d228dc614794fd97c4c2bfd11ad814c8a3a2eab3a,2020-10-28T20:20:34.327000
 CVE-2020-35151,0,0,70df8b9d712911f1b568a0db54919373c3d8deb3bf1c92e8f272ed04a80ae49e,2023-11-14T21:00:16.900000
 CVE-2020-35152,0,0,96609e9bab102143668a6a3fb965303a7f5167a9507f8dece796a38e70b9f42d,2021-02-05T19:49:54.400000
-CVE-2020-35153,1,1,5f1ea9e878e03059181ba41a9e4996fd1f32142ecd048ab59938c090d2dc67fe,2024-06-05T00:15:09.680000
-CVE-2020-35154,1,1,ffb8f19eb914943ee930f02ccbc51936248f7ee6589f29dc672b6f16876f241b,2024-06-05T00:15:09.740000
+CVE-2020-35153,0,0,5f1ea9e878e03059181ba41a9e4996fd1f32142ecd048ab59938c090d2dc67fe,2024-06-05T00:15:09.680000
+CVE-2020-35154,0,0,ffb8f19eb914943ee930f02ccbc51936248f7ee6589f29dc672b6f16876f241b,2024-06-05T00:15:09.740000
 CVE-2020-3516,0,0,572bfb3bb99b31729dbd9c30f5e709d971039855f09a180b0403cbbb2a0ab442,2020-10-08T13:36:56.253000
 CVE-2020-35163,0,0,a96c99555aa4c39a8a0aa9e59dc61dbe3e3682075529b3bbd48690fc3489bd93,2022-11-29T02:49:41.470000
 CVE-2020-35164,0,0,9d1075995aa8f3aeffd7f912cf5aba1330bd29582626a23afa3bf5bd0680c241,2022-10-06T16:07:35.737000
@ -251819,7 +251819,7 @@ CVE-2024-4077,0,0,88c9fb35aec8dbee15c3169eb34c083d7cc8d7a290cdea9208a3041187ada8
 CVE-2024-4078,0,0,f02a6c29d80f944755bef4fcac2904ebf0cf2a727c904e067874e25c2b43b0a2,2024-05-16T13:03:05.353000
 CVE-2024-4082,0,0,9bcc679f7514b7d071aa621d11dbe3b6578d11cf65d1c2f18fedd0888ce997fc,2024-05-14T16:11:39.510000
 CVE-2024-4083,0,0,90b3f0c23e53e5107774f39811ea28166caf07e02a51ec5c595625bec75a4f5e,2024-05-02T18:00:37.360000
-CVE-2024-4084,1,1,cdd0df7919c28f881bd53cf1deb5b03087820977803cb8c9e5d4d4b8259a386f,2024-06-05T00:15:09.840000
+CVE-2024-4084,0,0,cdd0df7919c28f881bd53cf1deb5b03087820977803cb8c9e5d4d4b8259a386f,2024-06-05T00:15:09.840000
 CVE-2024-4085,0,0,18b49aedef154a5f78284d7ff3699691fe3b4904260085a931cc6d08f4fb7ca8,2024-05-02T18:00:37.360000
 CVE-2024-4086,0,0,c06eb3f0c2fbe1c42ce58a59441202866280214c07091170b4fb53c94814c994,2024-05-02T18:00:37.360000
 CVE-2024-4087,0,0,c042d2a1de26e6b1fe0621a6edcac1fb8cab9f866d13a8bc2e77c06eafe2f2ff,2024-06-03T14:46:24.250000
@ -252564,6 +252564,7 @@ CVE-2024-5311,0,0,254582b6f9bf67f7974ecb2d947c8ea8261db1fbcce62f651ad1dbc864d7bc
 CVE-2024-5312,0,0,3a9d8301087c1d7edb8976207e286d0d247ebf6ccf4b5edb4137e81b02e5ec2b,2024-05-24T13:03:05.093000
 CVE-2024-5314,0,0,fb6304ffb5d50ce8724d643a46fad25ba80695f7c0c0eb4ec33a07d41bc4980a,2024-05-24T13:03:05.093000
 CVE-2024-5315,0,0,e1b0baaf93d62cf125eea53091da57c404cdf61d625ae810529ebef84e73357d,2024-05-24T13:03:05.093000
+CVE-2024-5317,1,1,f1fa6ba8aaa2a89d1570b4f611a0322abd09601428c027c481c7e3f9fe671a30,2024-06-05T02:15:10.163000
 CVE-2024-5318,0,0,812431b83287688611dc496217ea25ba5560744235da04dca7a35239cac1fe9a,2024-05-24T18:09:20.027000
 CVE-2024-5326,0,0,9beaa1147d54b3ae536a6eb0023672ae377946ef8aec317bd58c5324df5850c7,2024-05-30T13:15:41.297000
 CVE-2024-5327,0,0,84b1605ed9f8fbbcd152a70275bed021ec8172a393ec025e57c9733c6898763a,2024-05-30T13:15:41.297000
@ -252646,6 +252647,7 @@ CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92
 CVE-2024-5436,0,0,95eba267f429de080e9b35fcd14e1e1840b0308e404c32773ec35c18106c7cbc,2024-05-31T13:01:46.727000
 CVE-2024-5437,0,0,551b020f0044e3ab584c14f08f0984900b4bc26534c92382eb6ac2bb660708ea,2024-06-04T19:21:09.363000
 CVE-2024-5463,0,0,a83ead02d534db419d64d9a246adc999062f3a690f2d2cbba14bffeb9debf0f5,2024-06-04T16:57:41.053000
+CVE-2024-5483,1,1,5529c97278d3f25108282683906a92383dd2ca1a9ba0be070cd04ea84d856791,2024-06-05T03:15:08.810000
 CVE-2024-5484,0,0,7de35f8eee9232651ed147ec3168f6740617b1737ec3ff6913988b98b84f6ef1,2024-05-31T11:15:09.783000
 CVE-2024-5485,0,0,dca0cc3d797ec50003ec75de23195400e6c002137c330b8a6fe7501d852f23b7,2024-06-04T16:57:41.053000
 CVE-2024-5493,0,0,8180f9c7c83a7ebab82ac7c00536ed64f553bc96cb8ba2cddb06ad7e2d969883,2024-05-31T13:01:46.727000
@ -252676,4 +252678,4 @@ CVE-2024-5588,0,0,21589c4423d1fee081cb695dd8009f3bd5a36bd74dae1713c28449f0da1cd8
 CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047b7,2024-06-03T14:46:24.250000
 CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000
 CVE-2024-5635,0,0,d955bff05988108c4df31c650616da32aaf5ecbaf2b998d24bf49ab092bac321,2024-06-04T22:15:10.833000
-CVE-2024-5636,1,1,5d0061b5ccc5b5cfaf69adce0bc201a464e1b4fa63384366df6d42f47c2a1a4a,2024-06-05T01:15:11.470000
+CVE-2024-5636,0,0,5d0061b5ccc5b5cfaf69adce0bc201a464e1b4fa63384366df6d42f47c2a1a4a,2024-06-05T01:15:11.470000