From 68fef6c4d06e00336fb56f91d7324d362acba22c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 26 Oct 2024 14:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-10-26T14:00:18.054496+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10117.json | 72 +++++++++++++++++++++ CVE-2024/CVE-2024-104xx/CVE-2024-10402.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-95xx/CVE-2024-9501.json | 64 ++++++++++++++++++ README.md | 12 ++-- _state.csv | 9 ++- 5 files changed, 208 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10117.json create mode 100644 CVE-2024/CVE-2024-104xx/CVE-2024-10402.json create mode 100644 CVE-2024/CVE-2024-95xx/CVE-2024-9501.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10117.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10117.json new file mode 100644 index 00000000000..0d261136216 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10117.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-10117", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-26T12:15:12.437", + "lastModified": "2024-10-26T12:15:12.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://docs.themeum.com/wp-crowdfunding/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3174230/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3174230/#file19", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-crowdfunding/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10402.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10402.json new file mode 100644 index 00000000000..b4ca795ff65 --- /dev/null +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10402.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10402", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-26T12:15:12.873", + "lastModified": "2024-10-26T12:15:12.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3169243/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9501.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9501.json new file mode 100644 index 00000000000..8551c8e40c5 --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9501.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-9501", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-26T13:15:11.490", + "lastModified": "2024-10-26T13:15:11.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-social/tags/3.0.6/inc/admin-create-user.php#L205", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3173675/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0c7aa0a540d..43a458687c3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-26T12:00:18.254285+00:00 +2024-10-26T14:00:18.054496+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-26T10:15:10.747000+00:00 +2024-10-26T13:15:11.490000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -267157 +267160 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2024-10357](CVE-2024/CVE-2024-103xx/CVE-2024-10357.json) (`2024-10-26T10:15:08.700`) -- [CVE-2024-9116](CVE-2024/CVE-2024-91xx/CVE-2024-9116.json) (`2024-10-26T10:15:10.337`) -- [CVE-2024-9772](CVE-2024/CVE-2024-97xx/CVE-2024-9772.json) (`2024-10-26T10:15:10.747`) +- [CVE-2024-10117](CVE-2024/CVE-2024-101xx/CVE-2024-10117.json) (`2024-10-26T12:15:12.437`) +- [CVE-2024-10402](CVE-2024/CVE-2024-104xx/CVE-2024-10402.json) (`2024-10-26T12:15:12.873`) +- [CVE-2024-9501](CVE-2024/CVE-2024-95xx/CVE-2024-9501.json) (`2024-10-26T13:15:11.490`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 248a5d39cbc..10801fa6637 100644 --- a/_state.csv +++ b/_state.csv @@ -242384,6 +242384,7 @@ CVE-2024-10101,0,0,1d42831444f093da17057d1135157fc2c61373ed2c6e3aa4b33071a4d1f4b CVE-2024-1011,0,0,a83b664837c33e7f0f4cec42868f7bdd93765cacc9e6b97b43804e8b07af65f2,2024-05-17T02:35:09.987000 CVE-2024-10112,0,0,3a01d2baa33f19e143abe5aabe181ccab32faac99effca8d7325142fe7220a64,2024-10-25T12:56:07.750000 CVE-2024-10115,0,0,2f48f8fc2fb64e7eea0f8a197e6ea039f4addb791184326175f5bf3196ca43c6,2024-10-18T19:15:13.600000 +CVE-2024-10117,1,1,204f6d006ce17e059b7842a8044c94bf1888b26e04776a447ad4b8392abedaf9,2024-10-26T12:15:12.437000 CVE-2024-10118,0,0,20c350d413130c355373caed8d6cb5911ff957b85489cebdf58c361a0299d81f,2024-10-18T12:52:33.507000 CVE-2024-10119,0,0,3a739123963202923959a689b720abc71b056e98e226f3cc9103b43eebd575a4,2024-10-18T12:52:33.507000 CVE-2024-1012,0,0,261f4dda24c2aefd44892a1e7cff84e275a6853943a2bba059238594bb202f50,2024-05-17T02:35:10.090000 @@ -242510,7 +242511,7 @@ CVE-2024-10351,0,0,0669fd862bd943e91d4fd75dd5a3a4f23e3a0ecf8b6b598b3fa3044b7bf8c CVE-2024-10353,0,0,34f363c95bbc45d4e85ef2856d7e0d5110b6c82bce311f5e8fc9036257eb83b7,2024-10-25T12:56:07.750000 CVE-2024-10354,0,0,d5bf96c00ae597f7009c34e3844c5889f0c0763a1e1b97eab0af94f26675c82a,2024-10-25T12:56:07.750000 CVE-2024-10355,0,0,7a858a56547ed44307c9a540d3394b900b64454d40ccf6ae564bf35aa8fa4990,2024-10-25T12:56:07.750000 -CVE-2024-10357,1,1,e197a1ed0ea397ca0d2c1873b2f6c51ce574b4b3dbdeeadc6bacf3403288ac5e,2024-10-26T10:15:08.700000 +CVE-2024-10357,0,0,e197a1ed0ea397ca0d2c1873b2f6c51ce574b4b3dbdeeadc6bacf3403288ac5e,2024-10-26T10:15:08.700000 CVE-2024-1036,0,0,aa65a53beadc56e4dda3efe9acb5802f242935c19973e66e0ff7f62d01b276fd,2024-05-17T02:35:12.357000 CVE-2024-10368,0,0,bd751cf8f0908c7885868477a03f4653af3e113fc89fdbd03353e34dff9f8f68,2024-10-25T12:56:07.750000 CVE-2024-10369,0,0,7ae7d6c6e004766971ac0d79eb28bd21cccdeb76fc8a447fe3f3b470463f1503,2024-10-25T12:56:07.750000 @@ -242530,6 +242531,7 @@ CVE-2024-10386,0,0,620f9606b4947e68d786b63bc64226dc49af2c78c3961a92113a83d41fde8 CVE-2024-10387,0,0,1d314c1f04eb0f6b0e625a4b66f38d6fe480b0f44899159cd155926983f5770f,2024-10-25T17:15:04.230000 CVE-2024-1039,0,0,823ba846a6d7c1759f085b54cf23829cdbadd28135927175e007d2b5df85a6ad,2024-02-07T14:09:47.017000 CVE-2024-1040,0,0,b32f85342f197693d2db41df3bf264f5b00d802b0a5fb12822762c63c498621d,2024-02-07T17:11:40.623000 +CVE-2024-10402,1,1,65b2bd465541743751a91c730a35d6155fbf5d9b25a3f51f1f7b2539ab79ea82,2024-10-26T12:15:12.873000 CVE-2024-1041,0,0,991d5a9e7f9515845650bb9d6b0cbb707e5b40a6073b13e973f0804460a34ef9,2024-04-10T13:23:38.787000 CVE-2024-1042,0,0,87dc787933fa568693623eb2222edd1702eaf068420e0f5081ad1d377d2eb6d4,2024-04-10T13:23:38.787000 CVE-2024-1043,0,0,413776c522ad3bf5006fcc461919529b065f700723f9f41e7759ea485749a4c3,2024-02-29T13:49:29.390000 @@ -266686,7 +266688,7 @@ CVE-2024-9106,0,0,e27db71c396a4ccaf2c72a333395893b81bc19abafa7c4f380f448da576e2d CVE-2024-9108,0,0,a5bd0d20b10740e2633e894f79cde5eedf60bb1d894cbb8ab0abf2750035a6b9,2024-10-04T13:51:25.567000 CVE-2024-9109,0,0,92ffc81317d04a5f58ae681583509b482d53f08c836f7e996194793f616d35bb,2024-10-25T12:56:07.750000 CVE-2024-9115,0,0,1c4e70138ee9590ca65c2e328b29e5a87d064a3f49c7286913d14c3952d00fc4,2024-10-01T13:47:25.403000 -CVE-2024-9116,1,1,0d9eb14ee34ae0bdba86e9c6de62dfa1591194f577bb16ef55520ae9e4bc5faa,2024-10-26T10:15:10.337000 +CVE-2024-9116,0,0,0d9eb14ee34ae0bdba86e9c6de62dfa1591194f577bb16ef55520ae9e4bc5faa,2024-10-26T10:15:10.337000 CVE-2024-9117,0,0,77f0703e7ba19b3d087cb3250573807a507cc3ac6f6e62f26867d41b190dba74,2024-10-01T13:56:55.893000 CVE-2024-9118,0,0,e4b7000599bfd6bcfc27b5841170337689b823abc233b7c4e2b79d17c730d1a4,2024-10-04T13:51:25.567000 CVE-2024-9119,0,0,6b294b34f6bccab53e92bbf272f3d3ac633c48ae9c06eccaa6b5e71b11d704af,2024-10-04T13:51:25.567000 @@ -266905,6 +266907,7 @@ CVE-2024-9484,0,0,3f1e4bdc376cc95b97b5c0150a8d7b1a17051d92adc32b058eb06edb62f443 CVE-2024-9486,0,0,1369350ab2629110ffa188dbd15b41ead2245f88a49115aa36147be3bd87c74e,2024-10-16T16:38:14.557000 CVE-2024-9487,0,0,e3a385658c66fc500363f16f3c27f6fce25e7b265fffe42414ebb85b7cd7e9a7,2024-10-15T12:58:51.050000 CVE-2024-9488,0,0,3154f25401247f46098357ebd2d84fe95bb2164e861af1c275743e022d6c3976,2024-10-25T12:56:07.750000 +CVE-2024-9501,1,1,7635fda756f2e9a2104e2d691d57335d3ef691dbb78cdaf7e5c107e249e297f3,2024-10-26T13:15:11.490000 CVE-2024-9506,0,0,fc042b04aa147d17b390b33fa64fff12c26897968128764931f8bf3b1a3e0722,2024-10-16T16:38:43.170000 CVE-2024-9507,0,0,9477ee329318032ff294d196e1a50966e1c5d89bdb9b9dc24092f58cf1f5f346,2024-10-15T12:58:51.050000 CVE-2024-9513,0,0,8bf69fcd896ef2c6d740d4e3fb7359c13bcd3037f3f5c5ca172d72ee575fdaa7,2024-10-07T21:15:19.450000 @@ -267016,7 +267019,7 @@ CVE-2024-9703,0,0,dd5db55cccdddcc3b58f6b494a8ef777447f72688cd0a2c60dac8e42fee7b6 CVE-2024-9704,0,0,44ebf677ae69495b92126e2eb8d9d17c07544c8235e40f4412f83b24b48e2f3a,2024-10-15T12:57:46.880000 CVE-2024-9707,0,0,cde0816a76e7682ea9f7dc3a69f12238a4d95599cfec418d205198361a6879cf,2024-10-15T12:58:51.050000 CVE-2024-9756,0,0,8173cad728731052b89b4b59f3b4da8665b01e9fe6a8b575d907d967b2da6473,2024-10-15T12:57:46.880000 -CVE-2024-9772,1,1,2e10474d600559a8a4d2a583e2c6e0318f248fdaab547bcd59b33ce8daacd972,2024-10-26T10:15:10.747000 +CVE-2024-9772,0,0,2e10474d600559a8a4d2a583e2c6e0318f248fdaab547bcd59b33ce8daacd972,2024-10-26T10:15:10.747000 CVE-2024-9776,0,0,82a616b68a2c5818c813f35d61772c622935aa1b119f178b9eaa21355bac63d9,2024-10-15T12:57:46.880000 CVE-2024-9778,0,0,0fe7ee5860b89dbc53027fbdd06b191ad5c5e349a3553ba6bc5769975646dd12,2024-10-15T12:57:46.880000 CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000