Auto-Update: 2025-01-10T05:00:33.161846+00:00

2025-07-09 16:05:11 +00:00 · 2025-01-10 05:03:57 +00:00 · 2025-01-10 05:03:57 +00:00 · f9494d5b52
commit f9494d5b52
parent 4bec669e94
4 changed files with 132 additions and 11 deletions
--- a/CVE-2024/CVE-2024-124xx/CVE-2024-12473.json
+++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12473.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-12473",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-10T04:15:18.623",
+  "lastModified": "2025-01-10T04:15:18.623",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/trunk/article_builder.php#L891",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79125ac2-f3ed-40c9-a81b-340195fc8da5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-126xx/CVE-2024-12606.json
+++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12606.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-12606",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-10T04:15:19.667",
+  "lastModified": "2025-01-10T04:15:19.667",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/trunk/article_builder.php#L730",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bc4a765-719e-4e99-b7f3-d255e4c019f5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-10T00:55:46.743913+00:00
+2025-01-10T05:00:33.161846+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-09T23:15:08.340000+00:00
+2025-01-10T04:15:19.667000+00:00
 ```

 ### Last Data Feed Release
@ -27,22 +27,21 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-01-09T01:00:04.362306+00:00
+2025-01-10T01:00:04.357229+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-276614
+276616
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2024-56376](CVE-2024/CVE-2024-563xx/CVE-2024-56376.json) (`2025-01-09T23:15:07.827`)
- [CVE-2024-56377](CVE-2024/CVE-2024-563xx/CVE-2024-56377.json) (`2025-01-09T23:15:08.173`)
- [CVE-2025-21380](CVE-2025/CVE-2025-213xx/CVE-2025-21380.json) (`2025-01-09T23:15:08.340`)
+- [CVE-2024-12473](CVE-2024/CVE-2024-124xx/CVE-2024-12473.json) (`2025-01-10T04:15:18.623`)
+- [CVE-2024-12606](CVE-2024/CVE-2024-126xx/CVE-2024-12606.json) (`2025-01-10T04:15:19.667`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245231,6 +245231,7 @@ CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab
 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
 CVE-2024-12470,0,0,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000
 CVE-2024-12471,0,0,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000
+CVE-2024-12473,1,1,f41ff0a93ae3889e8f9cecd2dabb1dc9716fb7e52ded6f7e330e4233841f43b3,2025-01-10T04:15:18.623000
 CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000
 CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000
 CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000
@ -245322,6 +245323,7 @@ CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f82
 CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000
 CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000
 CVE-2024-12605,0,0,8a8c58874160061e08ecb18707aaa292a96cf368b219a0f8d84a0cbc9ee9b0b9,2025-01-09T15:15:14.150000
+CVE-2024-12606,1,1,3d6be29e05f1d1d12b587e2cbd3d3b10d0c8a48eeaaf4856c8cd65a1d1abbed9,2025-01-10T04:15:19.667000
 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000
 CVE-2024-12616,0,0,12117fcf52b11bd06f0b2df3a48b15a3d855d5a677e047656ff1ff12b92b9905,2025-01-09T11:15:14.970000
 CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000
@ -272273,8 +272275,8 @@ CVE-2024-56365,0,0,c5b2dbd1a5c652a33591aa7ae09b57eedaa2b08f679f5493d59f5f8c048bc
 CVE-2024-56366,0,0,48479ea8f55db434c5c7ac53217ddf9dfe727218e3e7377f3d536e1c0f97ca5d,2025-01-03T19:15:12.443000
 CVE-2024-5637,0,0,a5e32b0dfdcc3b00fa1c534a6efa8caef39b80f083f1c956c246ad8a83c6df00,2024-11-21T09:48:04.030000
 CVE-2024-56375,0,0,1aeae50409e14309fb31af7dcf320eae7189e473177b68d63698866c2c62cd0b,2024-12-26T06:15:06.203000
-CVE-2024-56376,1,1,78193d4d04d76f4de46c79dbff8296a0eda078607f3d954520ea11bc0d6b10dc,2025-01-09T23:15:07.827000
-CVE-2024-56377,1,1,6e436e28932511f54e7bb6ea1ef2d3d7a415c2597b99deec8ebba40ac125e9b4,2025-01-09T23:15:08.173000
+CVE-2024-56376,0,0,78193d4d04d76f4de46c79dbff8296a0eda078607f3d954520ea11bc0d6b10dc,2025-01-09T23:15:07.827000
+CVE-2024-56377,0,0,6e436e28932511f54e7bb6ea1ef2d3d7a415c2597b99deec8ebba40ac125e9b4,2025-01-09T23:15:08.173000
 CVE-2024-56378,0,0,fab67c7f7143f85c88660814de01440f680c12a24f807e1e2e38a3d85020bb03,2024-12-26T20:15:23.270000
 CVE-2024-5638,0,0,4a64496852c4ee147220588b5d1940917ce749a1b3dd56d16a77a8cf3ed54b84,2024-11-21T09:48:04.153000
 CVE-2024-5639,0,0,78123d59d6ff1062d5cdcc1456c84b89eb240e57bd822aee818d4edc5bb804e5,2024-11-21T09:48:04.290000
@ -276399,7 +276401,7 @@ CVE-2025-20167,0,0,e3874d78f816684b3ad3095069171d70c3e3e27074d9afdb1ef0c33897812
 CVE-2025-20168,0,0,1b582f0e103ddf474141bdcff2b1873e77789f263e13a1a2b55771b742e937b2,2025-01-08T17:15:17.323000
 CVE-2025-21102,0,0,2ea9dc2a8684b7cddaddfe4341f8f27d4b76937cd9aabee635ab02b83d4b3e6e,2025-01-08T12:15:22.850000
 CVE-2025-21111,0,0,16b52f24c4b80d09f6e5e5284496a40288893ce98ea4f8b371a26cbe1749320e,2025-01-08T18:15:20.157000
-CVE-2025-21380,1,1,e75f36ff5e70ec6381b1e288ecdc47de7aff7bd9445423df9a96002866625ee7,2025-01-09T23:15:08.340000
+CVE-2025-21380,0,0,e75f36ff5e70ec6381b1e288ecdc47de7aff7bd9445423df9a96002866625ee7,2025-01-09T23:15:08.340000
 CVE-2025-21385,0,0,78395053cebdb64bf40dffe2df600c983679218663e30afbadc463d2726473bd,2025-01-09T22:15:29.980000
 CVE-2025-21592,0,0,420ea0357519c97bb443c83d434ce75fef006838355a5cfc7efd4bb0d1a7dc02,2025-01-09T17:15:18.203000
 CVE-2025-21593,0,0,4dbaba2a09f0994c55b5dc730e2f276bd7aac9a71124da84296dbc403f23c4f4,2025-01-09T17:15:18.380000