Auto-Update: 2024-05-25T08:00:38.273509+00:00

2025-05-08 11:37:26 +00:00 · 2024-05-25 08:03:29 +00:00 · 2024-05-25 08:03:29 +00:00 · ff1e537c08
commit ff1e537c08
parent 6c398e2519
3 changed files with 57 additions and 5 deletions
--- a/CVE-2024/CVE-2024-40xx/CVE-2024-4045.json
+++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4045.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-4045",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-25T06:15:08.630",
+  "lastModified": "2024-05-25T06:15:08.630",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018campaign_id\u2019 parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/optinmonster/tags/2.16.0/OMAPI/Elementor/Widget.php#L532",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3087905/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4dfeb49-38d3-495d-af96-d67a29b339fa?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-25T06:00:38.467286+00:00
+2024-05-25T08:00:38.273509+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-25T04:15:11.510000+00:00
+2024-05-25T06:15:08.630000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-251772
+251773
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-5218](CVE-2024/CVE-2024-52xx/CVE-2024-5218.json) (`2024-05-25T04:15:11.510`)
+- [CVE-2024-4045](CVE-2024/CVE-2024-40xx/CVE-2024-4045.json) (`2024-05-25T06:15:08.630`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -251076,6 +251076,7 @@ CVE-2024-4040,0,0,aaa64890b494cdcdee2557c76769096315107a08c599010f9c12f5edc2e860
 CVE-2024-4041,0,0,eb91b240ef125b96ca72e19c4e4b4f0865365edd07fdbe934106504507637e12,2024-05-14T16:11:39.510000
 CVE-2024-4043,0,0,38e3393605e2517b1e82471a847a4d09ebd91776985851576d9998bce325daf6,2024-05-24T01:15:30.977000
 CVE-2024-4044,0,0,24332ace72d4390c16ec3b8977440043e797db2d7d42445b64fa06b462f42633,2024-05-14T16:11:39.510000
+CVE-2024-4045,1,1,528a514580d4eb0144d8b2fd20e95b320142a19b73580625855cd5e4064175d8,2024-05-25T06:15:08.630000
 CVE-2024-4046,0,0,a540b586e4490c5aa35243f10fb42fe8c42d9288228be6b989b109661bfcf7e0,2024-05-14T16:11:39.510000
 CVE-2024-4056,0,0,8d2872a63b61af99b314442fa34c585e616ec707e8d3b58da8a6d93a2f4a4848,2024-04-26T12:58:17.720000
 CVE-2024-4058,0,0,89d601f0a6556a83c3f1ddb11302d59200b53d35574245a735ec02b677ca6a2a,2024-05-03T03:16:29.387000
@ -251730,7 +251731,7 @@ CVE-2024-5196,0,0,5d3f231a43c31999680087469716ad4f3327a52b153d985ebb2cb490ce1591
 CVE-2024-5201,0,0,81f846161e431f4061849f73f284a647933a16f2dae4eac954a714561d2b5ac6,2024-05-24T01:15:30.977000
 CVE-2024-5202,0,0,1c05e157c3d14a467d804b0cdb60f2b737187a0758793a87fe251b0e49272bf0,2024-05-24T01:15:30.977000
 CVE-2024-5205,0,0,cb36ec671fed104039900e6835467ad487e54c052bb39844cd3bc6979a6fc551,2024-05-24T13:03:11.993000
-CVE-2024-5218,1,1,ad5cff657c54cafa9a13e8616afcb507f70463a264137b879efaf83a5dcfce6e,2024-05-25T04:15:11.510000
+CVE-2024-5218,0,0,ad5cff657c54cafa9a13e8616afcb507f70463a264137b879efaf83a5dcfce6e,2024-05-25T04:15:11.510000
 CVE-2024-5220,0,0,db5d76a16acffa422f763541aa93b6370a97c5e1e76f123c8b63b8a6f885d2e9,2024-05-25T02:15:41.053000
 CVE-2024-5227,0,0,764fb0f16b4be474e014f5b57d633ec17b38b77286d8198d7e553896bd7bbab8,2024-05-24T01:15:30.977000
 CVE-2024-5228,0,0,7fbc53a71d297b0e47d7a3142759157603a147b1ae1e469af28fd6a561b32095,2024-05-24T01:15:30.977000