1 changes (1 new | 0 updated):

      - 1 new CVEs:  CVE-2024-8722
      - 0 updated CVEs:

cves/2024/8xxx/CVE-2024-8722.json

@@ -0,0 +1,93 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.1",
+    "cveMetadata": {
+        "cveId": "CVE-2024-8722",
+        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+        "state": "PUBLISHED",
+        "assignerShortName": "Wordfence",
+        "dateReserved": "2024-09-11T17:49:30.766Z",
+        "datePublished": "2025-01-19T04:21:13.279Z",
+        "dateUpdated": "2025-01-19T04:21:13.279Z"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+                "shortName": "Wordfence",
+                "dateUpdated": "2025-01-19T04:21:13.279Z"
+            },
+            "affected": [
+                {
+                    "vendor": "Soflyy",
+                    "product": "WP All Import Pro",
+                    "versions": [
+                        {
+                            "version": "*",
+                            "status": "affected",
+                            "lessThanOrEqual": "4.9.7",
+                            "versionType": "semver"
+                        }
+                    ],
+                    "defaultStatus": "unaffected"
+                }
+            ],
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+                }
+            ],
+            "title": "WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload",
+            "references": [
+                {
+                    "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dbc6ad3f-698e-4dfd-bbba-086f94831bba?source=cve"
+                },
+                {
+                    "url": "https://www.wpallimport.com/downloads/wp-all-import-annual/?changelog=1"
+                }
+            ],
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "lang": "en",
+                            "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+                            "cweId": "CWE-79",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "metrics": [
+                {
+                    "cvssV3_1": {
+                        "version": "3.1",
+                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+                        "baseScore": 5.5,
+                        "baseSeverity": "MEDIUM"
+                    }
+                }
+            ],
+            "credits": [
+                {
+                    "lang": "en",
+                    "type": "finder",
+                    "value": "Francesco Carlucci"
+                }
+            ],
+            "timeline": [
+                {
+                    "time": "2024-09-09T00:00:00.000+00:00",
+                    "lang": "en",
+                    "value": "Vendor Notified"
+                },
+                {
+                    "time": "2025-01-18T15:42:34.000+00:00",
+                    "lang": "en",
+                    "value": "Disclosed"
+                }
+            ]
+        }
+    }
+}

cves/delta.json

@@ -1,12 +1,12 @@
 {
-  "fetchTime": "2025-01-19T03:35:45.898Z",
+  "fetchTime": "2025-01-19T04:29:46.272Z",
   "numberOfChanges": 1,
   "new": [
     {
-      "cveId": "CVE-2025-0564",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-0564",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/0xxx/CVE-2025-0564.json",
-      "dateUpdated": "2025-01-19T03:31:05.727Z"
+      "cveId": "CVE-2024-8722",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8722",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8722.json",
+      "dateUpdated": "2025-01-19T04:21:13.279Z"
     }
   ],
   "updated": [],

cves/deltaLog.json

@@ -1,4 +1,18 @@
 [
+  {
+    "fetchTime": "2025-01-19T04:29:46.272Z",
+    "numberOfChanges": 1,
+    "new": [
+      {
+        "cveId": "CVE-2024-8722",
+        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8722",
+        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8722.json",
+        "dateUpdated": "2025-01-19T04:21:13.279Z"
+      }
+    ],
+    "updated": [],
+    "error": []
+  },
   {
     "fetchTime": "2025-01-19T03:35:45.898Z",
     "numberOfChanges": 1,
@@ -104784,69 +104798,5 @@
       }
     ],
     "error": []
-  },
-  {
-    "fetchTime": "2024-12-20T04:10:25.971Z",
-    "numberOfChanges": 7,
-    "new": [
-      {
-        "cveId": "CVE-2024-44195",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44195",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44195.json",
-        "dateUpdated": "2024-12-20T04:06:14.973Z"
-      },
-      {
-        "cveId": "CVE-2024-44211",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44211",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44211.json",
-        "dateUpdated": "2024-12-20T04:06:18.132Z"
-      },
-      {
-        "cveId": "CVE-2024-44223",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44223",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44223.json",
-        "dateUpdated": "2024-12-20T04:06:13.875Z"
-      },
-      {
-        "cveId": "CVE-2024-44231",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44231",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44231.json",
-        "dateUpdated": "2024-12-20T04:06:17.087Z"
-      },
-      {
-        "cveId": "CVE-2024-44292",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44292",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44292.json",
-        "dateUpdated": "2024-12-20T04:06:16.028Z"
-      },
-      {
-        "cveId": "CVE-2024-44293",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44293",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44293.json",
-        "dateUpdated": "2024-12-20T04:06:19.170Z"
-      },
-      {
-        "cveId": "CVE-2024-44298",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-44298",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/44xxx/CVE-2024-44298.json",
-        "dateUpdated": "2024-12-20T04:06:20.221Z"
-      }
-    ],
-    "updated": [],
-    "error": []
-  },
-  {
-    "fetchTime": "2024-12-20T03:43:13.227Z",
-    "numberOfChanges": 1,
-    "new": [
-      {
-        "cveId": "CVE-2023-42867",
-        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-42867",
-        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/42xxx/CVE-2023-42867.json",
-        "dateUpdated": "2024-12-20T03:37:12.119Z"
-      }
-    ],
-    "updated": [],
-    "error": []
   }
 ]