From 5a2da43591667cd434517443d8ef4c13c68d28b9 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 27 Jul 2024 10:02:29 +0000 Subject: [PATCH] NVD Sync 2024-07-27 10:02 --- cve/2024/CVE-2024-5969.json | 1 + cve/2024/CVE-2024-6458.json | 1 + cve/2024/CVE-2024-6569.json | 1 + syncdate.json | 2 +- 4 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 cve/2024/CVE-2024-5969.json create mode 100644 cve/2024/CVE-2024-6458.json create mode 100644 cve/2024/CVE-2024-6569.json diff --git a/cve/2024/CVE-2024-5969.json b/cve/2024/CVE-2024-5969.json new file mode 100644 index 00000000000..bd594147a25 --- /dev/null +++ b/cve/2024/CVE-2024-5969.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-5969", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T08:15:01.870", "lastModified": "2024-07-27T08:15:01.870", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient."}], "metrics": {"cvssMetricV31": [{"source": "security@wordfence.com", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "security@wordfence.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve", "source": "security@wordfence.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-6458.json b/cve/2024/CVE-2024-6458.json new file mode 100644 index 00000000000..54e5bd66e9a --- /dev/null +++ b/cve/2024/CVE-2024-6458.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-6458", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T09:15:02.123", "lastModified": "2024-07-27T09:15:02.123", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table."}], "metrics": {"cvssMetricV31": [{"source": "security@wordfence.com", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "security@wordfence.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wc-product-table-lite/trunk/presets/presets.php#L120", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125858%40wc-product-table-lite&new=3125858%40wc-product-table-lite&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=cve", "source": "security@wordfence.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-6569.json b/cve/2024/CVE-2024-6569.json new file mode 100644 index 00000000000..8bf591af984 --- /dev/null +++ b/cve/2024/CVE-2024-6569.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-6569", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-27T09:15:02.523", "lastModified": "2024-07-27T09:15:02.523", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."}], "metrics": {"cvssMetricV31": [{"source": "security@wordfence.com", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "security@wordfence.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/forms-for-campaign-monitor/trunk/forms/views/admin/create.php", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve", "source": "security@wordfence.com"}]}} \ No newline at end of file diff --git a/syncdate.json b/syncdate.json index 55854110c2c..cd2f87b9692 100644 --- a/syncdate.json +++ b/syncdate.json @@ -1 +1 @@ -{"lastModStartDate": "2024-07-27T06:02:35.372571+00:00", "lastModEndDate": "2024-07-27T08:02:27.808947+00:00"} \ No newline at end of file +{"lastModStartDate": "2024-07-27T08:02:27.808947+00:00", "lastModEndDate": "2024-07-27T10:02:25.400545+00:00"} \ No newline at end of file