Auto-Update: 2025-02-01T15:00:19.917845+00:00

2025-07-11 16:13:34 +00:00 · 2025-02-01 15:03:46 +00:00 · 2025-02-01 15:03:46 +00:00 · fc62b74a28
commit fc62b74a28
parent 8753f5027a
5 changed files with 284 additions and 6 deletions
--- a/CVE-2024/CVE-2024-136xx/CVE-2024-13612.json
+++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13612.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-13612",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-01T13:15:21.320",
+  "lastModified": "2025-02-01T13:15:21.320",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L125",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L127",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L84",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3228965/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13775.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13775.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13775",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-01T13:15:22.847",
+  "lastModified": "2025-02-01T13:15:22.847",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/woocommerce-support-ticket-system/17930050#item-description__change-log",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-09xx/CVE-2025-0944.json
+++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0944.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2025-0944",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-02-01T13:15:23.027",
+  "lastModified": "2025-02-01T13:15:23.027",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/magic2353112890/cve/issues/7",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://itsourcecode.com/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.294299",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.294299",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-01T13:00:20.131651+00:00
+2025-02-01T15:00:19.917845+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-01T11:15:08.457000+00:00
+2025-02-01T13:15:23.027000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-279749
+279752
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2025-0943](CVE-2025/CVE-2025-09xx/CVE-2025-0943.json) (`2025-02-01T11:15:08.457`)
+- [CVE-2024-13612](CVE-2024/CVE-2024-136xx/CVE-2024-13612.json) (`2025-02-01T13:15:21.320`)
+- [CVE-2024-13775](CVE-2024/CVE-2024-137xx/CVE-2024-13775.json) (`2025-02-01T13:15:22.847`)
+- [CVE-2025-0944](CVE-2025/CVE-2025-09xx/CVE-2025-0944.json) (`2025-02-01T13:15:23.027`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -246372,6 +246372,7 @@ CVE-2024-13596,0,0,2b347cb4a79836e676774e7c831f562b3de9868f3b716c19ca500dd58b690
 CVE-2024-13599,0,0,8416ac4ba24e0470447a5d54bcb4a58d565d7b0165c1a9d0f1a855bfbf0c1c7d,2025-01-25T08:15:10.357000
 CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000
 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000
+CVE-2024-13612,1,1,f0c3e3f55ca6b4ca35bac236a126cd1995e073b744e2e5e3f3cdcfc3b1871559,2025-02-01T13:15:21.320000
 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000
 CVE-2024-13623,0,0,2cada29a90e918414353741b6e3b8cf08dc12a83860192531fa76e51a17031e8,2025-01-31T07:15:09.830000
 CVE-2024-1363,0,0,d8d6ccccee9c9def4bc84105015213aa12c981523f1a518cfb483c29cffbd734,2024-11-21T08:50:25.093000
@ -246417,6 +246418,7 @@ CVE-2024-13758,0,0,2e4bd9fb3fef024cef02d2b8f2dacb7555196f6b2dc915351eaf15ff5ed33
 CVE-2024-1376,0,0,34411a3106e4c74f2617f4da0b50ff6e7d812385caea8af0b8361fb64d6e9d04,2024-11-21T08:50:26.737000
 CVE-2024-13767,0,0,637f964cc18d2f02c2957e6987a03c02d6a99ae90fe95c08f63815c95a4ae60e,2025-01-31T03:15:10.693000
 CVE-2024-1377,0,0,76446229d1bded69224cd2e98212f244bd2380b3470adb0152ce2b85f9216c33,2025-01-07T18:20:57.347000
+CVE-2024-13775,1,1,9536a1d224d76ca86a49ff8329a6d6eada5d7b2276781196b127fced05bd606f,2025-02-01T13:15:22.847000
 CVE-2024-1378,0,0,041aa523b6aa5691bc95edbf2c3845e6125399d35aa90aa412089416e101b866,2024-11-21T08:50:26.997000
 CVE-2024-1379,0,0,d57d063aae1fbcb792bd04eccc73dc16507c20c6267e19d5bea5a4e5413062c5,2024-11-21T08:50:27.157000
 CVE-2024-1380,0,0,32754257dbe0d08bc78fbf9b54e12b7a4d3239b3c88ea55da38aca571da65692,2025-01-31T13:26:51.163000
@ -278250,7 +278252,8 @@ CVE-2025-0930,0,0,3208fbfb04878de0bb664bbdbe3c44e4e3f7a92268295009077cc2402da021
 CVE-2025-0934,0,0,e3663ee9a4c4fab98de0a308775cdf9833b791256f04cc964b86e7e2758a3bc1,2025-01-31T20:15:32.893000
 CVE-2025-0938,0,0,f483a985147355beda1ac5ec6a46732d1e38a3e469c32fde2fdbbf0317921d33,2025-01-31T20:15:33.083000
 CVE-2025-0939,0,0,4fee9d9bf91b5fba4fb21bcf1da5a530cf0306cb5ecc2eae58c32ef5efdc8b24,2025-02-01T07:15:08.097000
-CVE-2025-0943,1,1,d4beefef9f033db94e741551c1c44f80d0a15c5f160db1305b65e51b448ddcf2,2025-02-01T11:15:08.457000
+CVE-2025-0943,0,0,d4beefef9f033db94e741551c1c44f80d0a15c5f160db1305b65e51b448ddcf2,2025-02-01T11:15:08.457000
+CVE-2025-0944,1,1,466fd010105c25b8c1cb799c1a662d0d3d59d16cdf2170bb14c4a5fe916ca896,2025-02-01T13:15:23.027000
 CVE-2025-20014,0,0,708b5660539e4ab2830a732991daead462d3c8df88b4205953edf58b017cb8b0,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000