Auto-Update: 2024-07-20T04:00:18.578871+00:00

2025-07-11 16:13:34 +00:00 · 2024-07-20 04:03:14 +00:00 · 2024-07-20 04:03:14 +00:00 · d08a20053a
commit d08a20053a
parent 2d1f736748
5 changed files with 201 additions and 8 deletions
--- a/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json
+++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-2337",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T03:15:02.290",
+  "lastModified": "2024-07-20T03:15:02.290",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/easy-testimonials/trunk/easy-testimonials.php#L1039",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-58xx/CVE-2024-5804.json
+++ b/CVE-2024/CVE-2024-58xx/CVE-2024-5804.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-5804",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T02:15:09.480",
+  "lastModified": "2024-07-20T02:15:09.480",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/cf7-conditional-fields/trunk/wpcf7cf-options.php#L285",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121497%40cf7-conditional-fields&new=3121497%40cf7-conditional-fields&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/827c5dc2-3195-47d9-9e44-ca2043748eed?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-65xx/CVE-2024-6560.json
+++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6560.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-6560",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-07-20T03:15:02.680",
+  "lastModified": "2024-07-20T03:15:02.680",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/addonify-quick-view/trunk/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-19T23:55:17.882892+00:00
+2024-07-20T04:00:18.578871+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-19T22:15:04.563000+00:00
+2024-07-20T03:15:02.680000+00:00
 ```

 ### Last Data Feed Release
@ -27,26 +27,28 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-07-19T00:00:08.658093+00:00
+2024-07-20T00:00:08.659552+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-257521
+257524
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `3`

+- [CVE-2024-2337](CVE-2024/CVE-2024-23xx/CVE-2024-2337.json) (`2024-07-20T03:15:02.290`)
+- [CVE-2024-5804](CVE-2024/CVE-2024-58xx/CVE-2024-5804.json) (`2024-07-20T02:15:09.480`)
+- [CVE-2024-6560](CVE-2024/CVE-2024-65xx/CVE-2024-6560.json) (`2024-07-20T03:15:02.680`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-35260](CVE-2024/CVE-2024-352xx/CVE-2024-35260.json) (`2024-07-19T22:15:04.563`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244806,6 +244806,7 @@ CVE-2024-2336,0,0,ee2ed99bdbb77ed98426fec739627a0e0294ad75ca24e044dbbf3ddb7c6991
 CVE-2024-23360,0,0,4a7bbca8a03b30cf4df988e0f08196d33c6bd581b3c7bc61fba22b18c171830b,2024-06-03T14:46:24.250000
 CVE-2024-23363,0,0,f3bca7930119a168b01a4f3c6a543138a5f31bd5e8f14fd6e950dfaab71bf1eb,2024-06-03T14:46:24.250000
 CVE-2024-23368,0,0,5726397ddc8ddada7ad85b481081c827980e0b31f00843d9c4a575a1cdcf7c17,2024-07-02T17:51:25.690000
+CVE-2024-2337,1,1,8d7a8269dcc1610b66c0f656f3547809d9e64e820daa07dd068f3da4b909f9e0,2024-07-20T03:15:02.290000
 CVE-2024-23372,0,0,23b270a28eac6f2e33d3cc96090d40d8bd34b2e6172d17ba5be5b87ce6bb3571,2024-07-02T17:51:04.530000
 CVE-2024-23373,0,0,5f71e52681ce9b4c683001ee0714339e5fcbf3b0ac462fe47ab6cd76399fa906,2024-07-02T17:50:38.573000
 CVE-2024-2338,0,0,97ed9304e53653e5f2f6be84ec656ed42a5ae14786266fb81f31dd764d99c05c,2024-03-08T21:19:43.127000
@ -252713,7 +252714,7 @@ CVE-2024-35254,0,0,45ef78e7aab61785b60639ab749398d66c1fb5a7b87988e5d821011437a5e
 CVE-2024-35255,0,0,dd2820217033d300b334ae05889b3c3f413c0da4e96707fa039fcafe96b24ff2,2024-06-20T16:31:46.127000
 CVE-2024-35256,0,0,f2176a2df1a1016e0c34600dbc0c04e96b8b2ff9ee36a42a63c8d07aa875d956,2024-07-09T18:18:38.713000
 CVE-2024-3526,0,0,3b86e48cdd64c94b1957dd961f1ea8a5609328c0a5fd236d499daf2f49d2a875,2024-05-17T02:39:59.067000
-CVE-2024-35260,0,1,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000
+CVE-2024-35260,0,0,67ccf8282d16b837b87413a92f04e2208d573db9ab69ece3ba1aea814a8343d7,2024-07-19T22:15:04.563000
 CVE-2024-35261,0,0,9d9063b6e7979be3a79ef13bd9cc70b3fb0340950dd44d60d9d3d687415ebbe0,2024-07-17T15:48:39.097000
 CVE-2024-35263,0,0,f00bc0132870d05293845d05b9562badae38c6c7b9bb0d9a00ba1c99b84818b6,2024-06-20T16:32:31.287000
 CVE-2024-35264,0,0,40d724389414ca4fabf1feae652fc23d2bbd2b3015de995d803ac6656e74295d,2024-07-19T18:59:28.370000
@ -256961,6 +256962,7 @@ CVE-2024-5795,0,0,4a9aecee86bda89829b2518ea02c7a7b2c3a9c81275eb4d5a5086f64238c89
 CVE-2024-5796,0,0,e179556883d33099fab8768b9c3d50a47b2a022b7b46e47f95f4ba7640cc26df,2024-06-28T10:27:00.920000
 CVE-2024-5798,0,0,8c4fc55b5a68256010d6e6bfcfe06ef9f209d5a592c838664e8662bbc4a3d762,2024-06-13T18:36:09.010000
 CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f8395,2024-07-12T15:20:14.610000
+CVE-2024-5804,1,1,b9dfade3e9abf25b83d5f9549ff479e4541cdb1f2dea578b917eb82e2201bdb6,2024-07-20T02:15:09.480000
 CVE-2024-5805,0,0,dc303c72bde98fa3d82c375116e3326253eb605d3a044d78a9e45a14399d2f62,2024-06-25T18:50:42.040000
 CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000
 CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000
@ -257413,6 +257415,7 @@ CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a
 CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000
 CVE-2024-6557,0,0,5f8a5c5bf162c69368d24395d90aef2e1a9fd156ec4a6d0f0e02ca54e1438d8b,2024-07-16T13:43:58.773000
 CVE-2024-6559,0,0,2866b76c45bfa3fcb2a29d8b63ef335520f76c77ee94faa7443c1c34b010c185,2024-07-16T13:43:58.773000
+CVE-2024-6560,1,1,2f076ff2fd76b43199bd178b1c294f88bc56d1c6024186191e2ffdcc9076e458,2024-07-20T03:15:02.680000
 CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb3c,2024-07-09T14:19:19.300000
 CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000
 CVE-2024-6565,0,0,ee9c3eacf0bc745c4e1df576eb425c3f28c4e22d80193cbda607fc66e3277c71,2024-07-16T13:43:58.773000