Auto-Update: 2024-10-26T14:00:18.054496+00:00

fkie-cad · Oct 26, 2024 · 68fef6c · 68fef6c
1 parent 832889f
commit 68fef6c
Show file tree

Hide file tree

Showing 5 changed files with 208 additions and 9 deletions.
diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10117.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10117.json
@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-10117",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-26T12:15:12.437",
+  "lastModified": "2024-10-26T12:15:12.437",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://docs.themeum.com/wp-crowdfunding/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3174230/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3174230/#file19",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://wordpress.org/plugins/wp-crowdfunding/#developers",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10402.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10402.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10402",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-26T12:15:12.873",
+  "lastModified": "2024-10-26T12:15:12.873",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3169243/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9501.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9501.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9501",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-26T13:15:11.490",
+  "lastModified": "2024-10-26T13:15:11.490",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-social/tags/3.0.6/inc/admin-create-user.php#L205",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3173675/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-10-26T12:00:18.254285+00:00
+2024-10-26T14:00:18.054496+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-10-26T10:15:10.747000+00:00
+2024-10-26T13:15:11.490000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-267157
+267160
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `3`
 
-- [CVE-2024-10357](CVE-2024/CVE-2024-103xx/CVE-2024-10357.json) (`2024-10-26T10:15:08.700`)
-- [CVE-2024-9116](CVE-2024/CVE-2024-91xx/CVE-2024-9116.json) (`2024-10-26T10:15:10.337`)
-- [CVE-2024-9772](CVE-2024/CVE-2024-97xx/CVE-2024-9772.json) (`2024-10-26T10:15:10.747`)
+- [CVE-2024-10117](CVE-2024/CVE-2024-101xx/CVE-2024-10117.json) (`2024-10-26T12:15:12.437`)
+- [CVE-2024-10402](CVE-2024/CVE-2024-104xx/CVE-2024-10402.json) (`2024-10-26T12:15:12.873`)
+- [CVE-2024-9501](CVE-2024/CVE-2024-95xx/CVE-2024-9501.json) (`2024-10-26T13:15:11.490`)
 
 
 ### CVEs modified in the last Commit

diff --git a/_state.csv b/_state.csv
@@ -242384,6 +242384,7 @@ CVE-2024-10101,0,0,1d42831444f093da17057d1135157fc2c61373ed2c6e3aa4b33071a4d1f4b
 CVE-2024-1011,0,0,a83b664837c33e7f0f4cec42868f7bdd93765cacc9e6b97b43804e8b07af65f2,2024-05-17T02:35:09.987000
 CVE-2024-10112,0,0,3a01d2baa33f19e143abe5aabe181ccab32faac99effca8d7325142fe7220a64,2024-10-25T12:56:07.750000
 CVE-2024-10115,0,0,2f48f8fc2fb64e7eea0f8a197e6ea039f4addb791184326175f5bf3196ca43c6,2024-10-18T19:15:13.600000
+CVE-2024-10117,1,1,204f6d006ce17e059b7842a8044c94bf1888b26e04776a447ad4b8392abedaf9,2024-10-26T12:15:12.437000
 CVE-2024-10118,0,0,20c350d413130c355373caed8d6cb5911ff957b85489cebdf58c361a0299d81f,2024-10-18T12:52:33.507000
 CVE-2024-10119,0,0,3a739123963202923959a689b720abc71b056e98e226f3cc9103b43eebd575a4,2024-10-18T12:52:33.507000
 CVE-2024-1012,0,0,261f4dda24c2aefd44892a1e7cff84e275a6853943a2bba059238594bb202f50,2024-05-17T02:35:10.090000
@@ -242510,7 +242511,7 @@ CVE-2024-10351,0,0,0669fd862bd943e91d4fd75dd5a3a4f23e3a0ecf8b6b598b3fa3044b7bf8c
 CVE-2024-10353,0,0,34f363c95bbc45d4e85ef2856d7e0d5110b6c82bce311f5e8fc9036257eb83b7,2024-10-25T12:56:07.750000
 CVE-2024-10354,0,0,d5bf96c00ae597f7009c34e3844c5889f0c0763a1e1b97eab0af94f26675c82a,2024-10-25T12:56:07.750000
 CVE-2024-10355,0,0,7a858a56547ed44307c9a540d3394b900b64454d40ccf6ae564bf35aa8fa4990,2024-10-25T12:56:07.750000
-CVE-2024-10357,1,1,e197a1ed0ea397ca0d2c1873b2f6c51ce574b4b3dbdeeadc6bacf3403288ac5e,2024-10-26T10:15:08.700000
+CVE-2024-10357,0,0,e197a1ed0ea397ca0d2c1873b2f6c51ce574b4b3dbdeeadc6bacf3403288ac5e,2024-10-26T10:15:08.700000
 CVE-2024-1036,0,0,aa65a53beadc56e4dda3efe9acb5802f242935c19973e66e0ff7f62d01b276fd,2024-05-17T02:35:12.357000
 CVE-2024-10368,0,0,bd751cf8f0908c7885868477a03f4653af3e113fc89fdbd03353e34dff9f8f68,2024-10-25T12:56:07.750000
 CVE-2024-10369,0,0,7ae7d6c6e004766971ac0d79eb28bd21cccdeb76fc8a447fe3f3b470463f1503,2024-10-25T12:56:07.750000
@@ -242530,6 +242531,7 @@ CVE-2024-10386,0,0,620f9606b4947e68d786b63bc64226dc49af2c78c3961a92113a83d41fde8
 CVE-2024-10387,0,0,1d314c1f04eb0f6b0e625a4b66f38d6fe480b0f44899159cd155926983f5770f,2024-10-25T17:15:04.230000
 CVE-2024-1039,0,0,823ba846a6d7c1759f085b54cf23829cdbadd28135927175e007d2b5df85a6ad,2024-02-07T14:09:47.017000
 CVE-2024-1040,0,0,b32f85342f197693d2db41df3bf264f5b00d802b0a5fb12822762c63c498621d,2024-02-07T17:11:40.623000
+CVE-2024-10402,1,1,65b2bd465541743751a91c730a35d6155fbf5d9b25a3f51f1f7b2539ab79ea82,2024-10-26T12:15:12.873000
 CVE-2024-1041,0,0,991d5a9e7f9515845650bb9d6b0cbb707e5b40a6073b13e973f0804460a34ef9,2024-04-10T13:23:38.787000
 CVE-2024-1042,0,0,87dc787933fa568693623eb2222edd1702eaf068420e0f5081ad1d377d2eb6d4,2024-04-10T13:23:38.787000
 CVE-2024-1043,0,0,413776c522ad3bf5006fcc461919529b065f700723f9f41e7759ea485749a4c3,2024-02-29T13:49:29.390000
@@ -266686,7 +266688,7 @@ CVE-2024-9106,0,0,e27db71c396a4ccaf2c72a333395893b81bc19abafa7c4f380f448da576e2d
 CVE-2024-9108,0,0,a5bd0d20b10740e2633e894f79cde5eedf60bb1d894cbb8ab0abf2750035a6b9,2024-10-04T13:51:25.567000
 CVE-2024-9109,0,0,92ffc81317d04a5f58ae681583509b482d53f08c836f7e996194793f616d35bb,2024-10-25T12:56:07.750000
 CVE-2024-9115,0,0,1c4e70138ee9590ca65c2e328b29e5a87d064a3f49c7286913d14c3952d00fc4,2024-10-01T13:47:25.403000
-CVE-2024-9116,1,1,0d9eb14ee34ae0bdba86e9c6de62dfa1591194f577bb16ef55520ae9e4bc5faa,2024-10-26T10:15:10.337000
+CVE-2024-9116,0,0,0d9eb14ee34ae0bdba86e9c6de62dfa1591194f577bb16ef55520ae9e4bc5faa,2024-10-26T10:15:10.337000
 CVE-2024-9117,0,0,77f0703e7ba19b3d087cb3250573807a507cc3ac6f6e62f26867d41b190dba74,2024-10-01T13:56:55.893000
 CVE-2024-9118,0,0,e4b7000599bfd6bcfc27b5841170337689b823abc233b7c4e2b79d17c730d1a4,2024-10-04T13:51:25.567000
 CVE-2024-9119,0,0,6b294b34f6bccab53e92bbf272f3d3ac633c48ae9c06eccaa6b5e71b11d704af,2024-10-04T13:51:25.567000
@@ -266905,6 +266907,7 @@ CVE-2024-9484,0,0,3f1e4bdc376cc95b97b5c0150a8d7b1a17051d92adc32b058eb06edb62f443
 CVE-2024-9486,0,0,1369350ab2629110ffa188dbd15b41ead2245f88a49115aa36147be3bd87c74e,2024-10-16T16:38:14.557000
 CVE-2024-9487,0,0,e3a385658c66fc500363f16f3c27f6fce25e7b265fffe42414ebb85b7cd7e9a7,2024-10-15T12:58:51.050000
 CVE-2024-9488,0,0,3154f25401247f46098357ebd2d84fe95bb2164e861af1c275743e022d6c3976,2024-10-25T12:56:07.750000
+CVE-2024-9501,1,1,7635fda756f2e9a2104e2d691d57335d3ef691dbb78cdaf7e5c107e249e297f3,2024-10-26T13:15:11.490000
 CVE-2024-9506,0,0,fc042b04aa147d17b390b33fa64fff12c26897968128764931f8bf3b1a3e0722,2024-10-16T16:38:43.170000
 CVE-2024-9507,0,0,9477ee329318032ff294d196e1a50966e1c5d89bdb9b9dc24092f58cf1f5f346,2024-10-15T12:58:51.050000
 CVE-2024-9513,0,0,8bf69fcd896ef2c6d740d4e3fb7359c13bcd3037f3f5c5ca172d72ee575fdaa7,2024-10-07T21:15:19.450000
@@ -267016,7 +267019,7 @@ CVE-2024-9703,0,0,dd5db55cccdddcc3b58f6b494a8ef777447f72688cd0a2c60dac8e42fee7b6
 CVE-2024-9704,0,0,44ebf677ae69495b92126e2eb8d9d17c07544c8235e40f4412f83b24b48e2f3a,2024-10-15T12:57:46.880000
 CVE-2024-9707,0,0,cde0816a76e7682ea9f7dc3a69f12238a4d95599cfec418d205198361a6879cf,2024-10-15T12:58:51.050000
 CVE-2024-9756,0,0,8173cad728731052b89b4b59f3b4da8665b01e9fe6a8b575d907d967b2da6473,2024-10-15T12:57:46.880000
-CVE-2024-9772,1,1,2e10474d600559a8a4d2a583e2c6e0318f248fdaab547bcd59b33ce8daacd972,2024-10-26T10:15:10.747000
+CVE-2024-9772,0,0,2e10474d600559a8a4d2a583e2c6e0318f248fdaab547bcd59b33ce8daacd972,2024-10-26T10:15:10.747000
 CVE-2024-9776,0,0,82a616b68a2c5818c813f35d61772c622935aa1b119f178b9eaa21355bac63d9,2024-10-15T12:57:46.880000
 CVE-2024-9778,0,0,0fe7ee5860b89dbc53027fbdd06b191ad5c5e349a3553ba6bc5769975646dd12,2024-10-15T12:57:46.880000
 CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000