Auto-Update: 2024-12-14T11:00:19.866792+00:00

fkie-cad · Dec 14, 2024 · 3e3f58e · 3e3f58e
1 parent c94bef9
commit 3e3f58e
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 20 deletions.
diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11720",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-14T09:15:05.083",
+  "lastModified": "2024-12-14T09:15:05.083",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204192%40acf-frontend-form-element&new=3204192%40acf-frontend-form-element&sfp_email=&sfph_mail=#file32",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69a464f4-c357-446f-a5b8-0919d9af56c9?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11721",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-14T09:15:06.383",
+  "lastModified": "2024-12-14T09:15:06.383",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3204192/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-14T09:00:20.003308+00:00
+2024-12-14T11:00:19.866792+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-14T07:15:07.213000+00:00
+2024-12-14T09:15:06.383000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-273874
+273876
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `8`
+Recently added CVEs: `2`
 
-- [CVE-2024-11710](CVE-2024/CVE-2024-117xx/CVE-2024-11710.json) (`2024-12-14T07:15:04.560`)
-- [CVE-2024-11711](CVE-2024/CVE-2024-117xx/CVE-2024-11711.json) (`2024-12-14T07:15:06.187`)
-- [CVE-2024-11712](CVE-2024/CVE-2024-117xx/CVE-2024-11712.json) (`2024-12-14T07:15:06.360`)
-- [CVE-2024-11713](CVE-2024/CVE-2024-117xx/CVE-2024-11713.json) (`2024-12-14T07:15:06.540`)
-- [CVE-2024-11714](CVE-2024/CVE-2024-117xx/CVE-2024-11714.json) (`2024-12-14T07:15:06.713`)
-- [CVE-2024-11715](CVE-2024/CVE-2024-117xx/CVE-2024-11715.json) (`2024-12-14T07:15:06.880`)
-- [CVE-2024-12446](CVE-2024/CVE-2024-124xx/CVE-2024-12446.json) (`2024-12-14T07:15:07.040`)
-- [CVE-2024-12628](CVE-2024/CVE-2024-126xx/CVE-2024-12628.json) (`2024-12-14T07:15:07.213`)
+- [CVE-2024-11720](CVE-2024/CVE-2024-117xx/CVE-2024-11720.json) (`2024-12-14T09:15:05.083`)
+- [CVE-2024-11721](CVE-2024/CVE-2024-117xx/CVE-2024-11721.json) (`2024-12-14T09:15:06.383`)
 
 
 ### CVEs modified in the last Commit

diff --git a/_state.csv b/_state.csv
@@ -244363,13 +244363,15 @@ CVE-2024-11707,0,0,c14d0723c12588788ccbd8bb2e9951ac0d18f4bf2138ffa0507ec2dce1fcd
 CVE-2024-11708,0,0,46bf8dcd9e0a994fe6b91558c4bac72ea601d2749b0be7bd469a9ad7ee077e45,2024-11-27T15:15:24.747000
 CVE-2024-11709,0,0,f364f64eb547bc541232629434d534ae6e0ab510cabf939b3962ffbc2d0112d5,2024-12-12T05:15:08.900000
 CVE-2024-1171,0,0,ec4ccf5d6f74ee611ac6d19adbb5714567948a515f8893c7d247775d8bd91d83,2024-11-21T08:49:57.397000
-CVE-2024-11710,1,1,eb513a301ec5b035f925ee097a21735b011a8801e6489a9c05ee9b7bfe2a4025,2024-12-14T07:15:04.560000
-CVE-2024-11711,1,1,777d784784b3b19ce7aefadb83777982118ef0448f5fb8b8ccc14bbedc299c81,2024-12-14T07:15:06.187000
-CVE-2024-11712,1,1,5da5d50a1b7696a38b5d357fcc1ff3363ff85b18577e8a6afeefea9db9e8902c,2024-12-14T07:15:06.360000
-CVE-2024-11713,1,1,924f08b1e66ea9ada6d3704a63a72351a5730b7360d590fd87dcc24c6bdcfeef,2024-12-14T07:15:06.540000
-CVE-2024-11714,1,1,712d476e2fb41db968d06ff22739dbd43c34408b01df3c5f3203d9771f4e118a,2024-12-14T07:15:06.713000
-CVE-2024-11715,1,1,c20e59ad84e8801565e48794c692d8184a1df1411032566df29c1cc577ebcc4f,2024-12-14T07:15:06.880000
+CVE-2024-11710,0,0,eb513a301ec5b035f925ee097a21735b011a8801e6489a9c05ee9b7bfe2a4025,2024-12-14T07:15:04.560000
+CVE-2024-11711,0,0,777d784784b3b19ce7aefadb83777982118ef0448f5fb8b8ccc14bbedc299c81,2024-12-14T07:15:06.187000
+CVE-2024-11712,0,0,5da5d50a1b7696a38b5d357fcc1ff3363ff85b18577e8a6afeefea9db9e8902c,2024-12-14T07:15:06.360000
+CVE-2024-11713,0,0,924f08b1e66ea9ada6d3704a63a72351a5730b7360d590fd87dcc24c6bdcfeef,2024-12-14T07:15:06.540000
+CVE-2024-11714,0,0,712d476e2fb41db968d06ff22739dbd43c34408b01df3c5f3203d9771f4e118a,2024-12-14T07:15:06.713000
+CVE-2024-11715,0,0,c20e59ad84e8801565e48794c692d8184a1df1411032566df29c1cc577ebcc4f,2024-12-14T07:15:06.880000
 CVE-2024-1172,0,0,ab430c7827e21b365e63647ecdb13f518977ed8324330c869795f6d2a42c238e,2024-11-21T08:49:57.517000
+CVE-2024-11720,1,1,7b26e95b9a7820fa30a018d9c5a605ec44f18f5e18d78151d6ded3428e73f997,2024-12-14T09:15:05.083000
+CVE-2024-11721,1,1,b659aa34ebc06b4e71eaaed476f56e403ca847c59d174e16a16c3817a010f8d8,2024-12-14T09:15:06.383000
 CVE-2024-11723,0,0,3a4b22b6f5bf23610381fe8aa4c57fda56e31fb4c7ae1e57460e9bfb6b1246ba,2024-12-12T05:15:09.247000
 CVE-2024-11724,0,0,9e0ed441e3412ffd4b21acc007377cf00fd5825d64cbabc21a993f4c4fd43aff,2024-12-12T07:15:08.600000
 CVE-2024-11727,0,0,31c084556af2144dc477e02470c4388ea6e06ff7d826233a0c2b3bfd1c94eaec,2024-12-12T07:15:09.107000
@@ -244721,7 +244723,7 @@ CVE-2024-12420,0,0,e390c38f4e88665e32a2cd62152aa860ec938ca2fa0dfcbdfe404f6557d8a
 CVE-2024-12421,0,0,ac4f95208439dcb1252d6283c443373564305334068386dd134a6484558faee1,2024-12-13T09:15:08.870000
 CVE-2024-12422,0,0,05369736cfa99e7a93f623e0bf231830f42417dd4b9e28a7ca0096ebfd842f0b,2024-12-14T06:15:19.357000
 CVE-2024-12441,0,0,8dc47fc0bc628e554cb5d5dec738cf187ea41d3428aede59fd0f61db8f834f33,2024-12-12T05:15:12.703000
-CVE-2024-12446,1,1,bc4dc12729ac5f85e4be698a629e224d6f337e87d1b81d5042c0eddb71088b1a,2024-12-14T07:15:07.040000
+CVE-2024-12446,0,0,bc4dc12729ac5f85e4be698a629e224d6f337e87d1b81d5042c0eddb71088b1a,2024-12-14T07:15:07.040000
 CVE-2024-12447,0,0,c7d237797e5045bf7231fd7a8dd02f5534e2ad794fcb81ab9e39a8e990833ac6,2024-12-14T05:15:10.670000
 CVE-2024-12448,0,0,11e50dbe77a1a32d7920e9e6082c85f472336b04f5fe27094dc25dc5df597595,2024-12-14T05:15:10.873000
 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000
@@ -244779,7 +244781,7 @@ CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f82
 CVE-2024-12603,0,0,05f555b32dd614ac077ebf9b933027296b1c2a9642df9299a2387226bc4503eb,2024-12-13T03:15:05.187000
 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000
 CVE-2024-1262,0,0,b26d9641a8cbc2c5642fa36dfff4a6fef92b6772e7113385af431217d75dfe5b,2024-11-21T08:50:11.167000
-CVE-2024-12628,1,1,ac808889130fae56b4e45ff31e222138f9e55a8e7c6187e647f824762405f8ac,2024-12-14T07:15:07.213000
+CVE-2024-12628,0,0,ac808889130fae56b4e45ff31e222138f9e55a8e7c6187e647f824762405f8ac,2024-12-14T07:15:07.213000
 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000
 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000
 CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000