Auto-Update: 2025-01-26T13:00:19.092553+00:00

2025-07-09 16:05:11 +00:00 · 2025-01-26 13:03:44 +00:00 · 2025-01-26 13:03:44 +00:00 · d789478d65
commit d789478d65
parent fd43f8470c
6 changed files with 257 additions and 13 deletions
--- a/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json
+++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11641",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-26T12:15:27.137",
+  "lastModified": "2025-01-26T12:15:27.137",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3225861/vikbooking",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb6611d-7a4b-4ca8-b9cc-c156437e89b5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json
+++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11936",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-26T12:15:28.297",
+  "lastModified": "2025-01-26T12:15:28.297",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://themeforest.net/item/zox-news-professional-wordpress-news-magazine-theme/20381541",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f061e7f-6a87-4d4a-9b4e-8234883f2ebc?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json
+++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-12334",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-26T12:15:28.460",
+  "lastModified": "2025-01-26T12:15:28.460",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3224312/wc-affiliate",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efca1ee2-2038-440e-941c-22533b4d833b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json
+++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13505",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-26T12:15:28.613",
+  "lastModified": "2025-01-26T12:15:28.613",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ays_sections[5][questions][8][title]\u2019 parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/survey-maker/tags/5.1.3.2/admin/partials/surveys/actions/partials/survey-maker-surveys-actions-tab1.php#L1160",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3c22a2-b766-419c-a481-48e6a73b084c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-26T09:00:19.479774+00:00
+2025-01-26T13:00:19.092553+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-26T07:15:09.237000+00:00
+2025-01-26T12:15:28.613000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-278987
+278991
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `4`

- [CVE-2024-10705](CVE-2024/CVE-2024-107xx/CVE-2024-10705.json) (`2025-01-26T07:15:07.350`)
- [CVE-2024-11090](CVE-2024/CVE-2024-110xx/CVE-2024-11090.json) (`2025-01-26T07:15:08.750`)
- [CVE-2024-46881](CVE-2024/CVE-2024-468xx/CVE-2024-46881.json) (`2025-01-26T07:15:08.947`)
+- [CVE-2024-11641](CVE-2024/CVE-2024-116xx/CVE-2024-11641.json) (`2025-01-26T12:15:27.137`)
+- [CVE-2024-11936](CVE-2024/CVE-2024-119xx/CVE-2024-11936.json) (`2025-01-26T12:15:28.297`)
+- [CVE-2024-12334](CVE-2024/CVE-2024-123xx/CVE-2024-12334.json) (`2025-01-26T12:15:28.460`)
+- [CVE-2024-13505](CVE-2024/CVE-2024-135xx/CVE-2024-13505.json) (`2025-01-26T12:15:28.613`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2025-24858](CVE-2025/CVE-2025-248xx/CVE-2025-24858.json) (`2025-01-26T07:15:09.237`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243934,7 +243934,7 @@ CVE-2024-10700,0,0,47463adc515feae701fdd6df43b426f169c9e406b10e3ad8dd4832a0c6070
 CVE-2024-10701,0,0,0e6acb5db36bb65b2a9a78f5a1eb22e27b99e8cd35851fc25db7c90c627071bd,2024-11-05T16:52:44.937000
 CVE-2024-10702,0,0,3259585053a84cb9e4f20d6c03e98232b3f699485fefb085dfa1033c1b54da99,2024-11-05T16:52:11.193000
 CVE-2024-10704,0,0,ba32dc9400bcf601c7de3ed1f96e389b9876b8709121dc8baeae8e0502050909,2024-11-29T15:15:15.777000
-CVE-2024-10705,1,1,37ac3f9f959f4cf9abf3d8e19db6a750bd439b4d2da464cdac71d10f76ce5b85,2025-01-26T07:15:07.350000
+CVE-2024-10705,0,0,37ac3f9f959f4cf9abf3d8e19db6a750bd439b4d2da464cdac71d10f76ce5b85,2025-01-26T07:15:07.350000
 CVE-2024-10706,0,0,3ec222f321cd144b9747414b2388ca8377b75fdd1ec931604f451b9a1a761bac,2024-12-20T17:15:07.260000
 CVE-2024-10708,0,0,eea3aeda96ee17aa2e34b8299f4fa63911654caae1b5976f2282c61fc39e2c7d,2024-12-10T16:15:22.327000
 CVE-2024-10709,0,0,41eadf98fd4f942149bd2d66f39b1d32e2fbc20d0415ec457a4d209de40f95b0,2024-11-25T21:15:08.837000
@ -244261,7 +244261,7 @@ CVE-2024-11086,0,0,f4d7f35e95dad05e023fed49ac9e59da09a947f51bc79e0e10dc6b97e93d7
 CVE-2024-11088,0,0,63268aae491d1c648e7cfec2d8bb4b9b8988c9a8de960fef99629298e381225d,2024-11-21T15:15:21.097000
 CVE-2024-11089,0,0,0f46a9a629be88f215b4a7ad0d79575a4e3b0caab898de683427fa2e5561e411,2024-11-21T15:15:21.500000
 CVE-2024-1109,0,0,a7b1e71489d6774ecfe851782646b725fb9b27ab957ae0f8b7f311d63d7950f6,2024-11-21T08:49:48.980000
-CVE-2024-11090,1,1,9c67629e2ffb801b8bba47131dcf9e967c7c081d169874f85d211791ce7b3ca1,2025-01-26T07:15:08.750000
+CVE-2024-11090,0,0,9c67629e2ffb801b8bba47131dcf9e967c7c081d169874f85d211791ce7b3ca1,2025-01-26T07:15:08.750000
 CVE-2024-11091,0,0,e10ed02b8c734f63bf38922634dd4d6feedd7afb3a001442202f3ae94b73b046,2024-11-26T09:15:05.263000
 CVE-2024-11092,0,0,b91206ec3c41bca256cf01b32acc1f1febfdbc1197811dabd241031540a0a8e3,2024-11-18T17:11:17.393000
 CVE-2024-11093,0,0,75c412f30032843f3314bfbffa1f4ccc597f106db7e3d715db1fe1117a610c10,2024-12-04T03:15:04.760000
@ -244748,6 +244748,7 @@ CVE-2024-11636,0,0,477a215831f10296b9ea3788441fcca038078cee1d80a9e966a40e92f5b59
 CVE-2024-11637,0,0,5348ca65261140ae16ec15332c773ee06343664939e89530c0d5541b934692f4,2025-01-14T02:15:07.907000
 CVE-2024-11639,0,0,b0b1970767477e87b7cf619e96fa5cb2fbca7d53895c7bdaf49d93303071061e,2025-01-17T19:40:09.763000
 CVE-2024-1164,0,0,d6b3223f31512976ce37113225736cbf014a2aac3d8c295ef68c5d3e3fda5f16,2025-01-16T15:08:00.773000
+CVE-2024-11641,1,1,01f4678010343b933e1608fd0753948e4b8c955f1bf3576c903c1756a3091a01,2025-01-26T12:15:27.137000
 CVE-2024-11642,0,0,e083dfd7b8388b09206f810c50ef0061b39601a9804b6746591b0dd89f756ab4,2025-01-09T11:15:10.187000
 CVE-2024-11643,0,0,ae78ce4f54b48c77ffb4df12d001ddabc5e672affe5a377c6c988d0deb6a52af,2024-12-04T16:15:24.177000
 CVE-2024-11644,0,0,38b2c694eddaad1da45e24d2b7150693eba2499ddb691622394ace7d3593825d,2024-12-27T19:15:07.400000
@ -245034,6 +245035,7 @@ CVE-2024-11931,0,0,f7a6a876558f96b3470ccc024544f5c77310fc07000a85f04a366895996c7
 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000
 CVE-2024-11934,0,0,744a72b875229eda9af00bf8cde59d77110b18803c7442665bf58299c9e4d643,2025-01-07T04:15:07.520000
 CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000
+CVE-2024-11936,1,1,02df76ea9d377927d6bfac9532376cd1ea3846cd42ae66411de8f35f87d4e5fb,2025-01-26T12:15:28.297000
 CVE-2024-11938,0,0,6867b7d1c50742be481431f973c83467fcdb9442488abece06649b31c7a1e61f,2024-12-21T07:15:08.453000
 CVE-2024-11939,0,0,6345ccf177226852fd504f0bbd480483116e863a5c5b707e8b4952ffc0b3c45f,2025-01-08T09:15:06.630000
 CVE-2024-1194,0,0,2ad6fa2abb4bb109947132f87b19e7c09219cf51535c19102f3cbbfcba6ba405,2024-11-21T08:50:00.573000
@ -245348,6 +245350,7 @@ CVE-2024-12330,0,0,dd38f32a8fe1201123bcdc5b82b5d883712c2acc7974b9580df0e29bb6562
 CVE-2024-12331,0,0,1854f15311a9fd512bedfae9559249a253ffa3b6afc48825c570d85f65b5b458,2024-12-19T12:15:05.330000
 CVE-2024-12332,0,0,f0bf328e81e8dc6e6391061dc5bf4110c5e0a30cef25e410954b9a99df4dbf02,2025-01-07T05:15:18.687000
 CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000
+CVE-2024-12334,1,1,e6b0748578dd37a10b34427150b96c94f36de22000a143e359355f2f2ad604cf,2025-01-26T12:15:28.460000
 CVE-2024-12335,0,0,811e1f31fde162cfb07e19f2dc625fd9888bd35150e2bacee10a476425d11394,2024-12-25T07:15:11.980000
 CVE-2024-12337,0,0,0ac824defe049d65b98a787c3f5b6e8a7c26d83f20e6b104dc20776aaa16a0de,2025-01-08T11:15:06.613000
 CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000
@ -246168,6 +246171,7 @@ CVE-2024-13499,0,0,6d635dc5b8c51f2804fa43df8b3beb018f4524a3b4ba54f25865b62cf92ed
 CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a81697f,2024-11-21T08:50:23.313000
 CVE-2024-13502,0,0,b6bd5e7a8ccd125fd10c3c602ef666035a1824dda1c710321e34fb9d3259b3fe,2025-01-17T14:15:31.147000
 CVE-2024-13503,0,0,ffb0135326ea2a3ea18800ce3bd83bc523a9e303f03b2acc60a1815003b2400e,2025-01-17T14:15:31.317000
+CVE-2024-13505,1,1,8cfee4eef351da06016ab9b10f867ee856aa66c9481e93ffeb4ce296549af983,2025-01-26T12:15:28.613000
 CVE-2024-1351,0,0,0ee767ddd9bd942759d1902d3186de90141de07710cd1c9cc0aaf86395d89b28,2024-11-21T08:50:23.450000
 CVE-2024-13511,0,0,3071f1ee4394ed25c0ba5a4414759a0ec6bbc3d07f1733cb6f65493d29a37d83,2025-01-23T10:15:07.253000
 CVE-2024-13515,0,0,aca8f7e0638fd7d821357389659621eb450217319a62bd2c5a959e9c0aea1b39,2025-01-18T06:15:26.410000
@ -267029,7 +267033,7 @@ CVE-2024-46872,0,0,b89329ee39c24a048dc575ac8e49e59d1a714d7b0226ecee7aec778895c50
 CVE-2024-46873,0,0,f4b6ce25822b5f66b9eda7224277525233b6be310ea0c7e9c58104a3b1452bcd,2024-12-23T01:15:07.403000
 CVE-2024-46874,0,0,26c14938d3bd992112157bea5c4166c0fd1799831df9907b641db7157a63de40,2024-12-10T19:49:18.773000
 CVE-2024-4688,0,0,0da5a2cc4532b2a20302b23569ddc0737195b6ffa097a6ed8db87ef0127f00f2,2024-11-21T09:43:23.167000
-CVE-2024-46881,1,1,0b45487003fd607ccd13f98230ced0ab92268f2ccf906070f31cd7a1c40dbfe5,2025-01-26T07:15:08.947000
+CVE-2024-46881,0,0,0b45487003fd607ccd13f98230ced0ab92268f2ccf906070f31cd7a1c40dbfe5,2025-01-26T07:15:08.947000
 CVE-2024-46886,0,0,9a63353229e01fb1edd6f3ab48979b30c42407a9917c12b34caece3fb7192dd7,2024-10-10T12:56:30.817000
 CVE-2024-46887,0,0,31ffdd020e6e89ba10d4cabf13eb03312231ce0649facea3f0049fb4d2927403,2024-10-10T12:56:30.817000
 CVE-2024-46888,0,0,db6a842f30d8f251dc121bd25774417ae3b2f6592ba0d0251860e2c1ddbff66a,2024-11-13T23:11:24.570000
@ -278985,4 +278989,4 @@ CVE-2025-24751,0,0,4aa19aa90aab45ec9714df6e468e19599d2a1949dc2de4e4c8d985f84e38f
 CVE-2025-24753,0,0,87b78dd3e11c90af6930cbca7a5346ee214e24237caa8b3601406532dfdbc4de,2025-01-24T18:15:48.950000
 CVE-2025-24755,0,0,0e39e774c30955a9f13b754dc33d0bc563de45fb71998c25f43b8191a534aac2,2025-01-24T18:15:49.160000
 CVE-2025-24756,0,0,ff4539720b20166980f34d623a65288c03d097bfc09671d9931f9e736be019cf,2025-01-24T18:15:49.307000
-CVE-2025-24858,0,1,d12649c9d5260ddeed993adcd8689bf34bfabe29dfc43567bb27e34f71ab98dd,2025-01-26T07:15:09.237000
+CVE-2025-24858,0,0,d12649c9d5260ddeed993adcd8689bf34bfabe29dfc43567bb27e34f71ab98dd,2025-01-26T07:15:09.237000