Auto-Update: 2025-01-14T09:00:25.957842+00:00

CVE-2024/CVE-2024-120xx/CVE-2024-12006.json

@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2024-12006",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-14T07:15:25.633",
+  "lastModified": "2025-01-14T07:15:25.633",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L186",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L220",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L60",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L63",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L212",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/329ad5dc-9339-4540-aba3-f21a78a74d4b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-120xx/CVE-2024-12008.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-12008",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-14T07:15:25.907",
+  "lastModified": "2025-01-14T07:15:25.907",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.\r\nNote: the debug feature must be enabled for this to be a concern, and it is disabled by default."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Debug.php#L29",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Environment.php#L430",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-123xx/CVE-2024-12365.json

@@ -0,0 +1,108 @@
+{
+  "id": "CVE-2024-12365",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-14T07:15:26.080",
+  "lastModified": "2025-01-14T07:15:26.080",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
+          "baseScore": 8.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-14T07:00:24.020058+00:00
+2025-01-14T09:00:25.957842+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-14T06:15:15.480000+00:00
+2025-01-14T07:15:26.080000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-276998
+277001
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-13323](CVE-2024/CVE-2024-133xx/CVE-2024-13323.json) (`2025-01-14T06:15:15.480`)
+- [CVE-2024-12006](CVE-2024/CVE-2024-120xx/CVE-2024-12006.json) (`2025-01-14T07:15:25.633`)
+- [CVE-2024-12008](CVE-2024/CVE-2024-120xx/CVE-2024-12008.json) (`2025-01-14T07:15:25.907`)
+- [CVE-2024-12365](CVE-2024/CVE-2024-123xx/CVE-2024-12365.json) (`2025-01-14T07:15:26.080`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2024-28016](CVE-2024/CVE-2024-280xx/CVE-2024-28016.json) (`2025-01-14T05:15:08.677`)
 
 
 ## Download and Usage

_state.csv

@@ -244949,7 +244949,9 @@ CVE-2024-12001,0,0,75bbf94d31b41f422ac1216beeda365d0b924dd232e408edb33262f11bb39
 CVE-2024-12002,0,0,642bad4c124467ff4f581f355ddf310f5dadc994966ff22ccdf8e42852d0744f,2024-12-10T23:21:19.827000
 CVE-2024-12003,0,0,14ef5c0679ec50bb5e5014c8e7b631b4905f5419df127668fd74fc6d22bcfff5,2024-12-06T09:15:07.630000
 CVE-2024-12004,0,0,3dce40ab1e8f9f1b73bc9bad8477202dd665f9594517ea95d989e909aeed6010,2024-12-11T09:15:05.500000
+CVE-2024-12006,1,1,63550435eaae2ecd65ca5ba47447dea1847c25ad1aef47ab934389493f428db4,2025-01-14T07:15:25.633000
 CVE-2024-12007,0,0,8e607a1eddf324cb0db7978994624ff72f4892cd536259d2d33593eb53a4d98b,2024-12-11T03:16:24.473000
+CVE-2024-12008,1,1,46e525f0aad0cda7b4fb1c6055edf05bd2bf2e7c41b5e53c37ecd0a9654ac645,2025-01-14T07:15:25.907000
 CVE-2024-1201,0,0,98150b7d086d80b767e6802e39750bc86f0479b7a9cd93495263225678c4d4a5,2024-11-21T08:50:01.647000
 CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab749,2024-12-20T16:15:23.030000
 CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000
@@ -245207,6 +245209,7 @@ CVE-2024-1236,0,0,42d257f977d290f4d0aa2f8d4699f4951f80f18e17ed46b119e80f5ed73ef1
 CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000
 CVE-2024-12362,0,0,3d126c7d5b2c7c892f0afca83b7e5d0a3fdd9f8568569cdb62c20aebeb726e71,2024-12-16T10:15:05.097000
 CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000
+CVE-2024-12365,1,1,0cfd561a6ea9ae6ee1397d5d03dabe05fda08be3f1822c163b489efd4f381673,2025-01-14T07:15:26.080000
 CVE-2024-12369,0,0,fcd74b43ea72489fd8099497c673c3afa2054b03bb7ec4819b8a995ebe30e685,2024-12-09T21:15:08.203000
 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000
 CVE-2024-12371,0,0,ad8806dfee353fdb9887f497d244b3ccfcec0ca669e819f5ec6c72aa1dddd27b,2024-12-18T20:15:21.193000
@@ -245866,7 +245869,7 @@ CVE-2024-13311,0,0,043082a8dd739b5eb445323387334add04ddcec723a1cf1ae43347104de3b
 CVE-2024-13312,0,0,1596f306a61a66773ca721f46a9f359accd6e8bc761ac287ef2d071eacd93640,2025-01-09T21:15:29.077000
 CVE-2024-13318,0,0,bd9b3dd8797a6a8e50fbc0881ed502b3d6c9d2df54bdf8f89c7bd4c9f15cb658,2025-01-10T12:15:24.257000
 CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000
-CVE-2024-13323,1,1,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000
+CVE-2024-13323,0,0,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000
 CVE-2024-13324,0,0,e28b727b7b2e4ff67b104bb8829ddea65c155869cb67c2e17008296310ed866b,2025-01-13T21:15:12.053000
 CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000
 CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000
@@ -252796,7 +252799,7 @@ CVE-2024-28012,0,0,87d141419e8c7f128982750023e3ec1e976ac47b29ad9b8d2c9bb03dd60be
 CVE-2024-28013,0,0,280bcd0de0622447cde065c0f3f6f0df6920a91ef4c6aad207057f1744479404,2025-01-14T04:15:11.427000
 CVE-2024-28014,0,0,41625df99f453d3ffaca450014299a8b29e4ea5ba0c886a20ecfe541c3e779f5,2025-01-14T04:15:11.617000
 CVE-2024-28015,0,0,70d32c00f90d171129ccd0af0d2ebd8dbe72335e809f4e5cf6f251a8c45f8e68,2025-01-14T04:15:11.820000
-CVE-2024-28016,0,1,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000
+CVE-2024-28016,0,0,749488d31ac32a9ea2b931fc388c512a146a1ae63d159c28c7a31b47cea37620,2025-01-14T05:15:08.677000
 CVE-2024-2802,0,0,4d7e48fbf79d86b86a336401cd7856f9a2e312e8845717a11d0136644698f700,2024-03-26T15:15:49.677000
 CVE-2024-28020,0,0,353857c6f72177d44fa539cd26ab29ac243a888fbe1ba2619943550305df92b7,2024-11-21T09:05:39.310000
 CVE-2024-28021,0,0,ef91a2bbc3a7ba80aa4b93dc521740325b47bcd3461fc4ac520536869818ea73,2024-11-21T09:05:39.497000