Auto-Update: 2024-08-17T04:00:16.663426+00:00

2025-05-08 19:47:09 +00:00 · 2024-08-17 04:03:14 +00:00 · 2024-08-17 04:03:14 +00:00 · e5f47efcf4
commit e5f47efcf4
parent 541ffbdf83
3 changed files with 87 additions and 6 deletions
--- a/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json
+++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6500.json
@ -0,0 +1,80 @@
+{
+  "id": "CVE-2024-6500",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-08-17T03:15:10.983",
+  "lastModified": "2024-08-17T03:15:10.983",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/inpost-for-woocommerce/trunk/src/InspireLabs/WoocommerceInpost/EasyPack_Helper.php#L267",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/inpost-for-woocommerce/trunk/src/InspireLabs/WoocommerceInpost/EasyPack_Helper.php#L75",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-inpost/trunk/classes/class-helper.php#L140",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-inpost/trunk/classes/class-helper.php#L216",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3115602%40inpost-for-woocommerce%2Ftrunk&old=3110579%40inpost-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3125034%40woo-inpost%2Ftrunk&old=2886304%40woo-inpost%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b57e750-71ec-4c52-999b-6c14a78c3bff?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-08-16T23:55:16.866587+00:00
+2024-08-17T04:00:16.663426+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-08-16T22:15:04.267000+00:00
+2024-08-17T03:15:10.983000+00:00
 ```

 ### Last Data Feed Release
@ -27,20 +27,20 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-08-15T00:00:08.656878+00:00
+2024-08-17T00:00:08.670863+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-260255
+260256
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-7886](CVE-2024/CVE-2024-78xx/CVE-2024-7886.json) (`2024-08-16T22:15:04.267`)
+- [CVE-2024-6500](CVE-2024/CVE-2024-65xx/CVE-2024-6500.json) (`2024-08-17T03:15:10.983`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -259474,6 +259474,7 @@ CVE-2024-6495,0,0,b5144ce6ead337054723bddaa938cbde5875226dc2ad6f1282d875ef6548d9
 CVE-2024-6496,0,0,4f2145d6969061de095037c65c4c02c00a89d2331ecd0d31a6eacfc030927f42,2024-08-07T14:35:07.403000
 CVE-2024-6497,0,0,b980a8afca3367d307f1b8ae084c1de1478e48fcb0a6d42a16be67c3823c34b0,2024-07-22T13:00:31.330000
 CVE-2024-6498,0,0,630981d31a800e5a325158bdb522b2e1db688d536ea57caaef1013f6348f0ce8,2024-08-05T12:41:45.957000
+CVE-2024-6500,1,1,87cb7f5d004334b4fb54249da61a85cf463f5033fb2f629afb5c8437ce9fde87,2024-08-17T03:15:10.983000
 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000
 CVE-2024-6504,0,0,8b12236aeea36b8f50ca52878af23b200b8eec2ab40fe418832b1f4c4c6b95f9,2024-07-18T12:28:43.707000
 CVE-2024-6505,0,0,b8708084cd092b6ca88acb18ad5e80f748f8e2829ec040b8958bfe3c1fee2cd6,2024-07-08T15:41:17.883000
@ -260253,4 +260254,4 @@ CVE-2024-7853,0,0,ef852cb5b512c1135859e82139cbfc9c3676d14eb1435795734c924ea925f3
 CVE-2024-7866,0,0,7b21c6eb36d73c92e1f7d8bb8574d36dfd6e1deee61d5ef7c7c7b7a0b352193c,2024-08-15T20:15:18.793000
 CVE-2024-7867,0,0,2c6807e6cda13329c05cc32828904aaff7f4fcd646d878acd15e994ea1a532df,2024-08-15T20:15:18.967000
 CVE-2024-7868,0,0,1270b7dc6c77cab6c2ea3d2de21860bb4fd556dbaed1521f53d18e8f28829e9b,2024-08-15T21:15:18.530000
-CVE-2024-7886,1,1,516f20621004480f39573b1516f3c9aef6fd71f04e7a40ef6ccc0f4e8ed537d5,2024-08-16T22:15:04.267000
+CVE-2024-7886,0,0,516f20621004480f39573b1516f3c9aef6fd71f04e7a40ef6ccc0f4e8ed537d5,2024-08-16T22:15:04.267000