Auto-Update: 2024-07-06T14:00:22.413036+00:00

2025-05-07 19:16:29 +00:00 · 2024-07-06 14:03:16 +00:00 · 2024-07-06 14:03:16 +00:00 · c945823487
commit c945823487
parent 997e44f955
5 changed files with 182 additions and 12 deletions
--- a/CVE-2024/CVE-2024-375xx/CVE-2024-37539.json
+++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37539.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37539",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T13:15:10.190",
+  "lastModified": "2024-07-06T13:15:10.190",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-375xx/CVE-2024-37541.json
+++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37541.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37541",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T13:15:10.437",
+  "lastModified": "2024-07-06T13:15:10.437",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements \u2013 Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements \u2013 Stax: from n/a through 1.4.4.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/stax-addons-for-elementor/wordpress-elementor-addons-widgets-and-enhancements-stax-plugin-1-4-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-375xx/CVE-2024-37542.json
+++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37542.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-37542",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2024-07-06T13:15:10.640",
+  "lastModified": "2024-07-06T13:15:10.640",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability-2?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-06T12:00:29.667761+00:00
+2024-07-06T14:00:22.413036+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-06T10:15:03.393000+00:00
+2024-07-06T13:15:10.640000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255958
+255961
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `3`

- [CVE-2024-37208](CVE-2024/CVE-2024-372xx/CVE-2024-37208.json) (`2024-07-06T10:15:01.907`)
- [CVE-2024-37234](CVE-2024/CVE-2024-372xx/CVE-2024-37234.json) (`2024-07-06T10:15:02.913`)
- [CVE-2024-37260](CVE-2024/CVE-2024-372xx/CVE-2024-37260.json) (`2024-07-06T10:15:03.190`)
- [CVE-2024-39486](CVE-2024/CVE-2024-394xx/CVE-2024-39486.json) (`2024-07-06T10:15:03.393`)
+- [CVE-2024-37539](CVE-2024/CVE-2024-375xx/CVE-2024-37539.json) (`2024-07-06T13:15:10.190`)
+- [CVE-2024-37541](CVE-2024/CVE-2024-375xx/CVE-2024-37541.json) (`2024-07-06T13:15:10.437`)
+- [CVE-2024-37542](CVE-2024/CVE-2024-375xx/CVE-2024-37542.json) (`2024-07-06T13:15:10.640`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -253441,7 +253441,7 @@ CVE-2024-37185,0,0,ce3a2eeaa366e0078438541c31768228f57c06809ab185bd78a5053ce3cc0
 CVE-2024-3719,0,0,d2320674d04cefde56a0b36b463f74328d6f18494803030bdfe9b0b1b4374afd,2024-06-04T19:20:23.553000
 CVE-2024-37198,0,0,8919c8b8db43ac2a9639793fec092e2666b55422ab58e48ee04c39b0bd19361a,2024-06-24T18:55:25.417000
 CVE-2024-3720,0,0,f4e69514093cc630aeda39d0a41fe705e0d9916a1077cef429b7dcf05a404308,2024-06-04T19:20:23.660000
-CVE-2024-37208,1,1,7e1627d018918fbe5105fc4fb5063772f37500b3dc14dafb28c1ef266db79c05,2024-07-06T10:15:01.907000
+CVE-2024-37208,0,0,7e1627d018918fbe5105fc4fb5063772f37500b3dc14dafb28c1ef266db79c05,2024-07-06T10:15:01.907000
 CVE-2024-3721,0,0,ec8dc4b0ad5d1d9ba11acb18015142f7d1715fd653f7ca2987e266e9c9e8ef01,2024-05-17T02:40:05.290000
 CVE-2024-37212,0,0,cb0e3003beb0d778b1e3e4d8f1145799c285874f36dc8f863bd0c5bf6222df34,2024-06-24T18:55:34.983000
 CVE-2024-3722,0,0,7c1b4fae7e86bf4c1bc76a0d39819ffc592a7b598c7675ac0628daa278671c4c,2024-05-14T16:11:39.510000
@ -253452,14 +253452,14 @@ CVE-2024-3723,0,0,21c397ab5e875f2652ba15d9001cdd8ef5c5941ff996881e18084aebeaee89
 CVE-2024-37230,0,0,c056784fe1461835022ae4387a349a1e9e9676537a6bd83c972fd23b962299aa,2024-06-24T18:55:55.037000
 CVE-2024-37231,0,0,2975c060fd817766775d3e3ec5265250dfcb406eb3856b3f2d8635478d7fc4db,2024-06-24T19:26:47.037000
 CVE-2024-37233,0,0,dcdb23af544a8046a4ecb68f34b48a3a15207d5a73bdc6182df1b28a0bb5e19c,2024-06-24T19:26:47.037000
-CVE-2024-37234,1,1,3d8acf0212e714e21ca36535ed076b048335a1b2240ff0a6d0aa50a33b661aee,2024-07-06T10:15:02.913000
+CVE-2024-37234,0,0,3d8acf0212e714e21ca36535ed076b048335a1b2240ff0a6d0aa50a33b661aee,2024-07-06T10:15:02.913000
 CVE-2024-3724,0,0,a2f08bb0a2e36a5c374b862fb3e4beff315b3d6672953c5eeabe10290b435e2c,2024-05-02T18:00:37.360000
 CVE-2024-37247,0,0,038744b78f2f2634865ad1661e2c97961d5a301727139375431f6d0656bf9981,2024-06-27T12:47:19.847000
 CVE-2024-37248,0,0,99c2cd4652890a37e2628f89e3ffdbcb4a9642bb6a6f401aec3aa06f83017ab1,2024-06-27T12:47:19.847000
 CVE-2024-3725,0,0,dd194c190207038aca40dcc17eaac7bd7c6f9f34e04d00c016e0de6cd9837da0,2024-05-02T18:00:37.360000
 CVE-2024-37252,0,0,faf33ef7b8f72660b3f71af61d55db3b928cbbfdda8d6a6c03b3fcf0d979da09,2024-06-26T12:44:29.693000
 CVE-2024-3726,0,0,5d13f10d5b73efb7ab7c6448eee56ee5b7f1a739226807fb6eef2a4ab850d2f7,2024-05-30T13:15:41.297000
-CVE-2024-37260,1,1,e7a861e832b89ec4413096ab8d21c1e7d48eb0a1e56b026be187a844069b343b,2024-07-06T10:15:03.190000
+CVE-2024-37260,0,0,e7a861e832b89ec4413096ab8d21c1e7d48eb0a1e56b026be187a844069b343b,2024-07-06T10:15:03.190000
 CVE-2024-3727,0,0,8e07517a9dca0048f3a5546e14ea5eaec2b195c195e356a5ec35a7e996ce9012,2024-07-03T17:15:04.780000
 CVE-2024-37273,0,0,8e9dee449ebc3c902c8a48603bfb19c8ba061254dd865164dc4adc81e57806ef,2024-06-11T14:12:23.210000
 CVE-2024-37279,0,0,23b5ab6d6e7d20abbef93be4c8b8a6f2f980c082bdec809528b549006da1d24b,2024-06-13T18:35:19.777000
@ -253545,7 +253545,10 @@ CVE-2024-3750,0,0,803f7e301e80982b4e00371ccc1f410724a29d03fdd424fb4c54aeb0b034ff
 CVE-2024-3752,0,0,06a3522f543993aef42f352f0c011207c560c2e5a1d63c9d8ccc34a87adab0ce,2024-05-06T12:44:56.377000
 CVE-2024-37532,0,0,e146e982646d7ada5c23ac27c75ae644abb706f6257f2f96ca13a6820b942f27,2024-06-20T16:07:50.417000
 CVE-2024-37535,0,0,062f7ebb43bb6d2a8ccb3332e5242404947b076c7894d1777e030e1c8e622113,2024-07-03T02:04:19.710000
+CVE-2024-37539,1,1,cf8215e427c44405b85d45864072ac95523da6695b14f5bb6424adeb6f0f0b13,2024-07-06T13:15:10.190000
 CVE-2024-3754,0,0,01f193c84b52f462bda07bbe4a51fb49e63cd8bf2361f6b49c817e3a59b81e5a,2024-06-17T12:42:04.623000
+CVE-2024-37541,1,1,054ee614eca4712ea5f7ee4bc9a10b961510b93b5b1df2d19cbb7cc7698c28bf,2024-07-06T13:15:10.437000
+CVE-2024-37542,1,1,4fe3d4441aa7c099e29bb17e8ffb2ecb9f308fdf61610b5fb27b2b1be934e917,2024-07-06T13:15:10.640000
 CVE-2024-3755,0,0,255cc63bdc34aca663119fb8f6757a7da5a9acef7ecda034d88dc05babf4b05b,2024-05-06T12:44:56.377000
 CVE-2024-3756,0,0,9f6325e6bf8bb208b4e2ee6674c7d5cde657d33007cb72c8f23cf7232b49431b,2024-07-03T02:06:32.530000
 CVE-2024-37568,0,0,e54134c743ff1c9089094584276cdc79416cb675a0fc4a7177e49bc6dbf3bbc8,2024-06-20T09:15:12.253000
@ -254183,7 +254186,7 @@ CVE-2024-39482,0,0,b5ca1dd95768db032dce80c55c6258ec99ccbde63e8f741757c09d5b0797c
 CVE-2024-39483,0,0,eadec7028a472ed93e8a5dff095927eb733e9a05f36586ae19cb293f76cb70c1,2024-07-05T12:55:51.367000
 CVE-2024-39484,0,0,b31f852aa24f56cfe148c1d4b3e8b85592312114fff33022a4ab6f2336cd9ae1,2024-07-05T12:55:51.367000
 CVE-2024-39485,0,0,9b3768f03e1707409b88b5bf989b1fa63f75e320d3314c45846159b435aec509,2024-07-05T12:55:51.367000
-CVE-2024-39486,1,1,6a96f68c896ee3f5f62aaf7d0c2f5a9013ed4783a42c5e75fa700ffefa70ff24,2024-07-06T10:15:03.393000
+CVE-2024-39486,0,0,6a96f68c896ee3f5f62aaf7d0c2f5a9013ed4783a42c5e75fa700ffefa70ff24,2024-07-06T10:15:03.393000
 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000
 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000
 CVE-2024-3954,0,0,45f1b348fcace6f84e3157e2d0f8a54fc4228bb396d26e03c9556cd235947f43,2024-05-14T16:11:39.510000