Skip to content

Commit

Permalink
1 changes (1 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-13470
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Jan 30, 2025
1 parent 6673406 commit 7bd479d
Show file tree
Hide file tree
Showing 3 changed files with 117 additions and 26 deletions.
97 changes: 97 additions & 0 deletions cves/2024/13xxx/CVE-2024-13470.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-13470",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"state": "PUBLISHED",
"assignerShortName": "Wordfence",
"dateReserved": "2025-01-16T17:18:06.247Z",
"datePublished": "2025-01-30T07:23:05.434Z",
"dateUpdated": "2025-01-30T07:23:05.434Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-01-30T07:23:05.434Z"
},
"affected": [
{
"vendor": "kstover",
"product": "Ninja Forms – The Contact Form Builder That Grows With You",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.8.24",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"title": "Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode",
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f2b46a9-d228-43b4-84af-d56218076087?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/includes/Display/Shortcodes.php#L8"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/ninja-forms.php#L953"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/includes/Display/Render.php#L708"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3229932%40ninja-forms%2Ftrunk&old=3226451%40ninja-forms%2Ftrunk&sfp_email=&sfph_mail="
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"timeline": [
{
"time": "2025-01-29T18:57:39.000+00:00",
"lang": "en",
"value": "Disclosed"
}
]
}
}
}
18 changes: 6 additions & 12 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,12 @@
{
"fetchTime": "2025-01-30T06:47:54.588Z",
"numberOfChanges": 2,
"fetchTime": "2025-01-30T07:25:30.497Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-13457",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13457",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13457.json",
"dateUpdated": "2025-01-30T06:41:07.956Z"
},
{
"cveId": "CVE-2024-13642",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13642",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13642.json",
"dateUpdated": "2025-01-30T06:41:08.797Z"
"cveId": "CVE-2024-13470",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13470",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13470.json",
"dateUpdated": "2025-01-30T07:23:05.434Z"
}
],
"updated": [],
Expand Down
28 changes: 14 additions & 14 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
[
{
"fetchTime": "2025-01-30T07:25:30.497Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-13470",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13470",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13470.json",
"dateUpdated": "2025-01-30T07:23:05.434Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2025-01-30T06:47:54.588Z",
"numberOfChanges": 2,
Expand Down Expand Up @@ -138415,19 +138429,5 @@
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-12-31T07:09:49.697Z",
"numberOfChanges": 1,
"new": [],
"updated": [
{
"cveId": "CVE-2024-51464",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-51464",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/51xxx/CVE-2024-51464.json",
"dateUpdated": "2024-12-31T07:02:42.570Z"
}
],
"error": []
}
]

0 comments on commit 7bd479d

Please sign in to comment.