diff --git a/CVE-2024/CVE-2024-74xx/CVE-2024-7489.json b/CVE-2024/CVE-2024-74xx/CVE-2024-7489.json new file mode 100644 index 00000000000..0e284b1adce --- /dev/null +++ b/CVE-2024/CVE-2024-74xx/CVE-2024-7489.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-7489", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:02.337", + "lastModified": "2024-10-12T06:15:02.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mailchimp-wp/trunk/includes/eoi-functions.php#L166", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mailchimp-wp/trunk/includes/eoi-functions.php#L91", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52f9db86-7fed-4b32-8384-3ceb300f9249?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9047.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9047.json new file mode 100644 index 00000000000..046b4827855 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9047.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9047", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T07:15:02.170", + "lastModified": "2024-10-12T07:15:02.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9187.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9187.json new file mode 100644 index 00000000000..584d97d89fb --- /dev/null +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9187.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9187", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:02.803", + "lastModified": "2024-10-12T06:15:02.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/read-more/trunk/files/RadMoreAjax.php#L9", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9656.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9656.json new file mode 100644 index 00000000000..14ae07fd943 --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9656.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9656", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:03.077", + "lastModified": "2024-10-12T06:15:03.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/mynx-page-builder/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73a25208-81fe-4337-a344-1c129bd80862?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9670.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9670.json new file mode 100644 index 00000000000..a315de26088 --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9670.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9670", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:03.347", + "lastModified": "2024-10-12T06:15:03.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/2d-tag-cloud-widget-by-sujin/trunk/views/admin-tabs.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/2d-tag-cloud-widget-by-sujin/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json new file mode 100644 index 00000000000..41915a218d5 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9704.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9704", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T07:15:02.570", + "lastModified": "2024-10-12T07:15:02.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167056%40dvk-social-sharing&new=3167056%40dvk-social-sharing&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json new file mode 100644 index 00000000000..59a708ac868 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9756.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9756", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T07:15:02.820", + "lastModified": "2024-10-12T07:15:02.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Attachments/Attachment.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/order-attachments-for-woocommerce/tags/2.4.0/src/WCOA/Utils/Ajax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3167136%40order-attachments-for-woocommerce&new=3167136%40order-attachments-for-woocommerce&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dfc8957-78b8-4c55-ba95-52d95b086341?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json new file mode 100644 index 00000000000..536b42de9ed --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9776.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9776", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:03.640", + "lastModified": "2024-10-12T06:15:03.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3167164/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/655c08e6-4ef2-438e-b381-1bc3748c3771?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json new file mode 100644 index 00000000000..3e7a669ff66 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9778.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2024-9778", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:03.930", + "lastModified": "2024-10-12T06:15:03.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L106", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L2", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L267", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L380", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/page-settings.php#L461", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3167164/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/200b3446-6107-434b-b46d-2078461f3f94?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9824.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9824.json new file mode 100644 index 00000000000..e7a5753e82d --- /dev/null +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9824.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9824", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-12T06:15:04.230", + "lastModified": "2024-10-12T06:15:04.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/functions.php#L204", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-gallery/trunk/includes/functions.php#L214", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3167164/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce6872-34d4-4675-bce9-e1197d801bce?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ae5234833e7..c1b024ac231 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-12T04:00:18.152634+00:00 +2024-10-12T08:00:16.800823+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-12T03:15:02.757000+00:00 +2024-10-12T07:15:02.820000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265423 +265433 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `10` -- [CVE-2024-9592](CVE-2024/CVE-2024-95xx/CVE-2024-9592.json) (`2024-10-12T03:15:02.243`) -- [CVE-2024-9821](CVE-2024/CVE-2024-98xx/CVE-2024-9821.json) (`2024-10-12T03:15:02.507`) -- [CVE-2024-9860](CVE-2024/CVE-2024-98xx/CVE-2024-9860.json) (`2024-10-12T03:15:02.757`) +- [CVE-2024-7489](CVE-2024/CVE-2024-74xx/CVE-2024-7489.json) (`2024-10-12T06:15:02.337`) +- [CVE-2024-9047](CVE-2024/CVE-2024-90xx/CVE-2024-9047.json) (`2024-10-12T07:15:02.170`) +- [CVE-2024-9187](CVE-2024/CVE-2024-91xx/CVE-2024-9187.json) (`2024-10-12T06:15:02.803`) +- [CVE-2024-9656](CVE-2024/CVE-2024-96xx/CVE-2024-9656.json) (`2024-10-12T06:15:03.077`) +- [CVE-2024-9670](CVE-2024/CVE-2024-96xx/CVE-2024-9670.json) (`2024-10-12T06:15:03.347`) +- [CVE-2024-9704](CVE-2024/CVE-2024-97xx/CVE-2024-9704.json) (`2024-10-12T07:15:02.570`) +- [CVE-2024-9756](CVE-2024/CVE-2024-97xx/CVE-2024-9756.json) (`2024-10-12T07:15:02.820`) +- [CVE-2024-9776](CVE-2024/CVE-2024-97xx/CVE-2024-9776.json) (`2024-10-12T06:15:03.640`) +- [CVE-2024-9778](CVE-2024/CVE-2024-97xx/CVE-2024-9778.json) (`2024-10-12T06:15:03.930`) +- [CVE-2024-9824](CVE-2024/CVE-2024-98xx/CVE-2024-9824.json) (`2024-10-12T06:15:04.230`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 28fb4643245..25abc05baec 100644 --- a/_state.csv +++ b/_state.csv @@ -264038,6 +264038,7 @@ CVE-2024-7481,0,0,029caf1b5321966d6fff7b258f5edb21656af3703408123f2c0a2bb28c2a7f CVE-2024-7484,0,0,922e65f90a754867bdae2807b60c4750519990bf6adcc62fb148334df21e54c7,2024-08-06T16:30:24.547000 CVE-2024-7485,0,0,0b34fc91c3d825ea4087a792a0e5c6d839cf66a581a05d0c60df64b0af48f97e,2024-08-06T16:30:24.547000 CVE-2024-7486,0,0,e2579b82a31704160b51da6f8b3285ef5bff1d765f5e0369c7378c4f856658fb,2024-08-08T13:04:18.753000 +CVE-2024-7489,1,1,6bee47903e820549e5e90c739107dc8047ac1f65bad2428fe064821e77e6f9e3,2024-10-12T06:15:02.337000 CVE-2024-7490,0,0,2dbd6717a12bca522d1065ac017f63874351831b0b05b9f6e750116d667cf962,2024-08-12T15:22:20.267000 CVE-2024-7491,0,0,a01b632cdea4b7de4f1d96a6110e5895a43b6bc1c1fcfe3f5789f97da5b84105,2024-09-26T13:32:02.803000 CVE-2024-7492,0,0,6476a74ce2975ad097c7a45c1f2f905cc77480bec2260de48447ae3a8b41df62,2024-08-08T13:04:18.753000 @@ -265098,6 +265099,7 @@ CVE-2024-9040,0,0,0fb966ef41b73391708aea4bb41bcdf22035487df6b2f9dfc89d7d54ff5008 CVE-2024-9041,0,0,99f9003688843669abe0778fb23af0702d95d6892437f5bbf3a35f1e206f8b48,2024-09-27T15:57:55.073000 CVE-2024-9043,0,0,585c2a6b7b38dff44f8f31bab3e4cca50893ebff20d4d599fedd4ef31bc82eef,2024-09-25T17:54:05.297000 CVE-2024-9046,0,0,ccf29b7f950c2068a983470342fd395555ea1d4320e405e4ca055421117646d1,2024-10-11T16:15:15 +CVE-2024-9047,1,1,236d4a938dbf8360d416199184100e319df421426259a181e4669f68aa2f4eed,2024-10-12T07:15:02.170000 CVE-2024-9048,0,0,f4eeb8fc17937a04134cb85e4ff1d8e798c7887dad672c6adf3a86ffdd0c5d34,2024-09-30T13:00:48.613000 CVE-2024-9049,0,0,43c64cc2e53580aadfacb0d92c10ebf9c72fa78495b0a90bf4d0f0f029260a77,2024-10-04T18:53:10.910000 CVE-2024-9051,0,0,cd9f5066c63e39d4ce5479a5ea7f24fe1eed0d9db90cc0d316834afb0392bf0a,2024-10-11T13:15:17.477000 @@ -265171,6 +265173,7 @@ CVE-2024-9173,0,0,35b89a81311ca677fe554b85f50232d9274c2631e7208ee1d074802a8dbdb5 CVE-2024-9174,0,0,70fba8b83f62f6c4709cde03a07baa90e2b7205b145527e48fd4fbdcbf5b21e3,2024-10-04T13:50:43.727000 CVE-2024-9177,0,0,c4277901c0a37ba57d19438c33c0231133f774b6681a96af5a3a31a338af68ef,2024-10-03T14:32:46.150000 CVE-2024-9180,0,0,9779e65e93417b197f46f5c463aa8866d46d5d3340da4da9b2b9c7085aba9dad,2024-10-10T21:15:05.010000 +CVE-2024-9187,1,1,2781007ebf5b70adc7be2615b0370144f38bf44011cf16033b8612315f867048,2024-10-12T06:15:02.803000 CVE-2024-9189,0,0,589dc859bd1b4dfe4aefe62d286159acb6f430185a125dd81b1568310ee1bb88,2024-10-03T17:26:19.397000 CVE-2024-9194,0,0,94d0f5f267ad180c0cf40bc9b87cc59bf3002f59241057e5b89ba1ec25bacf82,2024-10-04T13:51:25.567000 CVE-2024-9198,0,0,f43e7cbf5ad8264654a856d8df5069cea0145a66becd85052219123b3f2b7d6c,2024-10-02T14:33:52.780000 @@ -265364,7 +265367,7 @@ CVE-2024-9576,0,0,349b41d5d275d2b69494dd85fe115130849861d9cddaab63cccbcfe5be8a03 CVE-2024-9581,0,0,dcdedf39f55e8b175c72a20e72a1aed92038e920265594b4fc9925b7183ce1e6,2024-10-10T12:51:56.987000 CVE-2024-9586,0,0,4368833d576d2d29a3be207ba4d3db2b319533357ac5aa66b9912c07cc7722e0,2024-10-11T13:15:19.823000 CVE-2024-9587,0,0,38b4a379414497cd2c9f8e85abebac51b195781f8244dd7e6f13a7498e2e9af2,2024-10-11T13:15:20.043000 -CVE-2024-9592,1,1,0f39969df8cdd7221e2f8596842e380d11b968fb83c9650c71ea7d95ce8c2502,2024-10-12T03:15:02.243000 +CVE-2024-9592,0,0,0f39969df8cdd7221e2f8596842e380d11b968fb83c9650c71ea7d95ce8c2502,2024-10-12T03:15:02.243000 CVE-2024-9596,0,0,41f14771e651cbc1c37017cbe5a91040128a2c351e859a7b312163502a24a950,2024-10-10T12:51:56.987000 CVE-2024-9602,0,0,296483daa0f02222bb5f79446d51c7890118dbb294ec1c3853abb9b3dfc7ffb2,2024-10-10T12:51:56.987000 CVE-2024-9603,0,0,f06afeee14d2c3a95b2fa9bd06bec0b0c1ce9ce3a2d2cc5d2614c0b7bfd8287c,2024-10-10T12:51:56.987000 @@ -265375,11 +265378,17 @@ CVE-2024-9620,0,0,6bab3b47a8124e2f6e45a39c3f1a067698db02be0764fadf48434470b2bdf7 CVE-2024-9621,0,0,9e376b0f3dfa34027ae088e771a22694180917eee238e690ac2f4896caf46a6b,2024-10-10T12:56:30.817000 CVE-2024-9622,0,0,616f2c897f0ea8915fa743288697302d927eccd4a4b981ffaaf2224bd032869d,2024-10-10T12:56:30.817000 CVE-2024-9623,0,0,05eef687418519373d15ec19a86683cd7648219a76f4b58bf6e516098fb1b885,2024-10-10T12:51:56.987000 +CVE-2024-9656,1,1,a26feea40e7851e228d42b73e4b177c0c2083535fb7c5011d1e1dbc8247518bf,2024-10-12T06:15:03.077000 +CVE-2024-9670,1,1,467e4a0d60b3ea8b5613919329bb37afd090c0014621c671b410e31a2a2a3636,2024-10-12T06:15:03.347000 CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000 CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000 CVE-2024-9680,0,0,a011127e762167171e169cf1c5c34d37941413b66fef20ba90b60170aec9759f,2024-10-11T13:15:21.013000 CVE-2024-9685,0,0,0533577bd5534b2238dda3fc39c720d3ca57598c0c892e8a746063784dfa2119,2024-10-10T12:51:56.987000 +CVE-2024-9704,1,1,eac985eabca9a3c6a15dbb5a4e611613c412ae3dd37df6667fc5aafbc6bc84d5,2024-10-12T07:15:02.570000 CVE-2024-9707,0,0,5022899338c6a36d44072ae7018b6a919d11834b1f5740a300f73a64606c0150,2024-10-11T13:15:21.233000 +CVE-2024-9756,1,1,68b121e1aaaab7f10ceb18cbdb5136f7cd438a7e04d1f722b0583aec18b45115,2024-10-12T07:15:02.820000 +CVE-2024-9776,1,1,fd96ce126483e0639392cf2b3a5f9adb3f107706002f2ef2a96dfd4212d77df7,2024-10-12T06:15:03.640000 +CVE-2024-9778,1,1,70f493b0089ba6ea3e74556b332f92784788d5bac40eef0d2025e5998ec03b8d,2024-10-12T06:15:03.930000 CVE-2024-9780,0,0,64cb4b42f9787f95c4bcb2f0ffb7a4034eca385e970ac2bedc9fcd69728d3075,2024-10-10T12:51:56.987000 CVE-2024-9781,0,0,cd6f657ed9ef660338f0d777935f231b52aede3f9edb8681363de05250c2257d,2024-10-10T12:51:56.987000 CVE-2024-9782,0,0,f6fdadb6173e6b1d6cefc02344a50956f97519ff0da6213ed752274ca4260d60,2024-10-10T12:51:56.987000 @@ -265415,10 +265424,11 @@ CVE-2024-9815,0,0,88a550f6cb92a368ea0bbbf49b20d73379efa44934b30bcb818d49eaa9b3f3 CVE-2024-9816,0,0,b558749b310662e562a03139cd743ab5e13638cae5288ab2349400fc9e4a8f44,2024-10-10T22:15:12.230000 CVE-2024-9817,0,0,64961e55de2aecac95e692e2205c7e393510ae0087bb3b78e5af557801c488ea,2024-10-10T23:15:03.410000 CVE-2024-9818,0,0,4a540b8f9903a9b9420b63ef2490b163dd3b5219ef38e22237dcd7875973e6a1,2024-10-10T23:15:03.680000 -CVE-2024-9821,1,1,0fe84d15377a57feb9c16456d9d6e98b8f06d72079455451a6924d64eac80b40,2024-10-12T03:15:02.507000 +CVE-2024-9821,0,0,0fe84d15377a57feb9c16456d9d6e98b8f06d72079455451a6924d64eac80b40,2024-10-12T03:15:02.507000 CVE-2024-9822,0,0,d08d61a8f285dedd6e0156668251bfed17abd9d34a7fc326c5d7b2d904c03ab9,2024-10-11T03:15:10.967000 +CVE-2024-9824,1,1,1fdcf28970a03200ea0750edfb27b712eac3be59fe088b6edf6f98bda2457c29,2024-10-12T06:15:04.230000 CVE-2024-9855,0,0,74811d4bb31eb0ad4289dbfb3b216d12eb73ec4e1a7f9bf880a5813c9b568440,2024-10-11T13:15:21.460000 CVE-2024-9856,0,0,b5fbe1e11cd8120594b10c6f2c9ff297b13257bca69885420fdeff5341bb84c9,2024-10-11T13:15:21.883000 CVE-2024-9859,0,0,4c2e27e83d096af209ad8d4a7ba60ec60caaadb1032a58969905b29c3c0c3d1f,2024-10-11T17:15:04.677000 -CVE-2024-9860,1,1,9c9c6a59ce227b8b9c92f258ea8c8577b19c36b99b060db27cd4697c8991bf8d,2024-10-12T03:15:02.757000 +CVE-2024-9860,0,0,9c9c6a59ce227b8b9c92f258ea8c8577b19c36b99b060db27cd4697c8991bf8d,2024-10-12T03:15:02.757000 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000