From d08a20053ad55dc10318d73cea4c2fb018c4a19d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 20 Jul 2024 04:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-07-20T04:00:18.578871+00:00 --- CVE-2024/CVE-2024-23xx/CVE-2024-2337.json | 60 +++++++++++++++++++++ CVE-2024/CVE-2024-58xx/CVE-2024-5804.json | 64 +++++++++++++++++++++++ CVE-2024/CVE-2024-65xx/CVE-2024-6560.json | 64 +++++++++++++++++++++++ README.md | 16 +++--- _state.csv | 5 +- 5 files changed, 201 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-23xx/CVE-2024-2337.json create mode 100644 CVE-2024/CVE-2024-58xx/CVE-2024-5804.json create mode 100644 CVE-2024/CVE-2024-65xx/CVE-2024-6560.json diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json new file mode 100644 index 00000000000..669703923c6 --- /dev/null +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-2337", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T03:15:02.290", + "lastModified": "2024-07-20T03:15:02.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/easy-testimonials/trunk/easy-testimonials.php#L1039", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-58xx/CVE-2024-5804.json b/CVE-2024/CVE-2024-58xx/CVE-2024-5804.json new file mode 100644 index 00000000000..f04dc1af12c --- /dev/null +++ b/CVE-2024/CVE-2024-58xx/CVE-2024-5804.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-5804", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T02:15:09.480", + "lastModified": "2024-07-20T02:15:09.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cf7-conditional-fields/trunk/wpcf7cf-options.php#L285", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121497%40cf7-conditional-fields&new=3121497%40cf7-conditional-fields&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/827c5dc2-3195-47d9-9e44-ca2043748eed?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6560.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6560.json new file mode 100644 index 00000000000..161b0058811 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6560.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6560", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T03:15:02.680", + "lastModified": "2024-07-20T03:15:02.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/addonify-quick-view/trunk/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index baf525a1baa..0328f05f4c9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-19T23:55:17.882892+00:00 +2024-07-20T04:00:18.578871+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-19T22:15:04.563000+00:00 +2024-07-20T03:15:02.680000+00:00 ``` ### Last Data Feed Release @@ -27,26 +27,28 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-07-19T00:00:08.658093+00:00 +2024-07-20T00:00:08.659552+00:00 ``` ### Total Number of included CVEs ```plain -257521 +257524 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `3` +- [CVE-2024-2337](CVE-2024/CVE-2024-23xx/CVE-2024-2337.json) (`2024-07-20T03:15:02.290`) +- [CVE-2024-5804](CVE-2024/CVE-2024-58xx/CVE-2024-5804.json) (`2024-07-20T02:15:09.480`) +- [CVE-2024-6560](CVE-2024/CVE-2024-65xx/CVE-2024-6560.json) (`2024-07-20T03:15:02.680`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-35260](CVE-2024/CVE-2024-352xx/CVE-2024-35260.json) (`2024-07-19T22:15:04.563`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1408951e315..47d07e70010 100644 --- a/_state.csv +++ b/_state.csv @@ -244806,6 +244806,7 @@ CVE-2024-2336,0,0,ee2ed99bdbb77ed98426fec739627a0e0294ad75ca24e044dbbf3ddb7c6991 CVE-2024-23360,0,0,4a7bbca8a03b30cf4df988e0f08196d33c6bd581b3c7bc61fba22b18c171830b,2024-06-03T14:46:24.250000 CVE-2024-23363,0,0,f3bca7930119a168b01a4f3c6a543138a5f31bd5e8f14fd6e950dfaab71bf1eb,2024-06-03T14:46:24.250000 CVE-2024-23368,0,0,5726397ddc8ddada7ad85b481081c827980e0b31f00843d9c4a575a1cdcf7c17,2024-07-02T17:51:25.690000 +CVE-2024-2337,1,1,8d7a8269dcc1610b66c0f656f3547809d9e64e820daa07dd068f3da4b909f9e0,2024-07-20T03:15:02.290000 CVE-2024-23372,0,0,23b270a28eac6f2e33d3cc96090d40d8bd34b2e6172d17ba5be5b87ce6bb3571,2024-07-02T17:51:04.530000 CVE-2024-23373,0,0,5f71e52681ce9b4c683001ee0714339e5fcbf3b0ac462fe47ab6cd76399fa906,2024-07-02T17:50:38.573000 CVE-2024-2338,0,0,97ed9304e53653e5f2f6be84ec656ed42a5ae14786266fb81f31dd764d99c05c,2024-03-08T21:19:43.127000 @@ -252713,7 +252714,7 @@ CVE-2024-35254,0,0,45ef78e7aab61785b60639ab749398d66c1fb5a7b87988e5d821011437a5e CVE-2024-35255,0,0,dd2820217033d300b334ae05889b3c3f413c0da4e96707fa039fcafe96b24ff2,2024-06-20T16:31:46.127000 CVE-2024-35256,0,0,f2176a2df1a1016e0c34600dbc0c04e96b8b2ff9ee36a42a63c8d07aa875d956,2024-07-09T18:18:38.713000 CVE-2024-3526,0,0,3b86e48cdd64c94b1957dd961f1ea8a5609328c0a5fd236d499daf2f49d2a875,2024-05-17T02:39:59.067000 -CVE-2024-35260,0,1,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000 +CVE-2024-35260,0,0,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000 CVE-2024-35261,0,0,9d9063b6e7979be3a79ef13bd9cc70b3fb0340950dd44d60d9d3d687415ebbe0,2024-07-17T15:48:39.097000 CVE-2024-35263,0,0,f00bc0132870d05293845d05b9562badae38c6c7b9bb0d9a00ba1c99b84818b6,2024-06-20T16:32:31.287000 CVE-2024-35264,0,0,40d724389414ca4fabf1feae652fc23d2bbd2b3015de995d803ac6656e74295d,2024-07-19T18:59:28.370000 @@ -256961,6 +256962,7 @@ CVE-2024-5795,0,0,4a9aecee86bda89829b2518ea02c7a7b2c3a9c81275eb4d5a5086f64238c89 CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000 CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000 CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000 +CVE-2024-5804,1,1,b9dfade3e9abf25b83d5f9549ff479e4541cdb1f2dea578b917eb82e2201bdb6,2024-07-20T02:15:09.480000 CVE-2024-5805,0,0,dc303c72bde98fa3d82c375116e3326253eb605d3a044d78a9e45a14399d2f62,2024-06-25T18:50:42.040000 CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000 CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000 @@ -257413,6 +257415,7 @@ CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000 CVE-2024-6557,0,0,5f8a5c5bf162c69368d24395d90aef2e1a9fd156ec4a6d0f0e02ca54e1438d8b,2024-07-16T13:43:58.773000 CVE-2024-6559,0,0,2866b76c45bfa3fcb2a29d8b63ef335520f76c77ee94faa7443c1c34b010c185,2024-07-16T13:43:58.773000 +CVE-2024-6560,1,1,2f076ff2fd76b43199bd178b1c294f88bc56d1c6024186191e2ffdcc9076e458,2024-07-20T03:15:02.680000 CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000 CVE-2024-6565,0,0,ee9c3eacf0bc745c4e1df576eb425c3f28c4e22d80193cbda607fc66e3277c71,2024-07-16T13:43:58.773000