diff --git a/2022/48xxx/CVE-2022-48436.json b/2022/48xxx/CVE-2022-48436.json new file mode 100644 index 00000000000..adba6a52792 --- /dev/null +++ b/2022/48xxx/CVE-2022-48436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-48436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1918.json b/2023/1xxx/CVE-2023-1918.json index 50f62d4e22a..70b62a82c4d 100644 --- a/2023/1xxx/CVE-2023-1918.json +++ b/2023/1xxx/CVE-2023-1918.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve" - }, - { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", - "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1919.json b/2023/1xxx/CVE-2023-1919.json index be1b123c313..a427b5976f9 100644 --- a/2023/1xxx/CVE-2023-1919.json +++ b/2023/1xxx/CVE-2023-1919.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1920.json b/2023/1xxx/CVE-2023-1920.json index e076fbda57f..520ed82db4a 100644 --- a/2023/1xxx/CVE-2023-1920.json +++ b/2023/1xxx/CVE-2023-1920.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1921.json b/2023/1xxx/CVE-2023-1921.json index 37742bc6bbd..c84b10b7ef0 100644 --- a/2023/1xxx/CVE-2023-1921.json +++ b/2023/1xxx/CVE-2023-1921.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1922.json b/2023/1xxx/CVE-2023-1922.json index 6809feeae43..c782f2a3dd7 100644 --- a/2023/1xxx/CVE-2023-1922.json +++ b/2023/1xxx/CVE-2023-1922.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1923.json b/2023/1xxx/CVE-2023-1923.json index 8f4849c325d..b12cea8c389 100644 --- a/2023/1xxx/CVE-2023-1923.json +++ b/2023/1xxx/CVE-2023-1923.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1924.json b/2023/1xxx/CVE-2023-1924.json index 50093080570..383bc5146a4 100644 --- a/2023/1xxx/CVE-2023-1924.json +++ b/2023/1xxx/CVE-2023-1924.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1925.json b/2023/1xxx/CVE-2023-1925.json index 5b4fb061be2..9e66b828b42 100644 --- a/2023/1xxx/CVE-2023-1925.json +++ b/2023/1xxx/CVE-2023-1925.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1926.json b/2023/1xxx/CVE-2023-1926.json index b41d2cf2dfa..4a5a4758a7e 100644 --- a/2023/1xxx/CVE-2023-1926.json +++ b/2023/1xxx/CVE-2023-1926.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1927.json b/2023/1xxx/CVE-2023-1927.json index f30d490b989..0daa06253df 100644 --- a/2023/1xxx/CVE-2023-1927.json +++ b/2023/1xxx/CVE-2023-1927.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1928.json b/2023/1xxx/CVE-2023-1928.json index 3410dfaf4b4..bec29e3645c 100644 --- a/2023/1xxx/CVE-2023-1928.json +++ b/2023/1xxx/CVE-2023-1928.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-862 Missing Authorization" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1929.json b/2023/1xxx/CVE-2023-1929.json index 645d00469bb..27194bd051d 100644 --- a/2023/1xxx/CVE-2023-1929.json +++ b/2023/1xxx/CVE-2023-1929.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-862 Missing Authorization" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,25 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1930.json b/2023/1xxx/CVE-2023-1930.json index 4f2ebbbd82e..eacb92ca067 100644 --- a/2023/1xxx/CVE-2023-1930.json +++ b/2023/1xxx/CVE-2023-1930.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-862 Missing Authorization" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1931.json b/2023/1xxx/CVE-2023-1931.json index 817cea03561..50283f7d423 100644 --- a/2023/1xxx/CVE-2023-1931.json +++ b/2023/1xxx/CVE-2023-1931.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion." + "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-862 Missing Authorization" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } @@ -31,17 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "emrevona", + "vendor_name": "Redacted Software", "product": { "product_data": [ { - "product_name": "WP Fastest Cache", + "product_name": "Redacted Product Name", "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "*", - "version_value": "1.1.2" + "version_affected": "=", + "version_value": "0.0" } ] } @@ -55,30 +55,33 @@ "references": { "reference_data": [ { - "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "url": "https://wordfence.com", "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve" + "name": "https://wordfence.com" } ] }, - "credits": [ - { - "lang": "en", - "value": "Marco Wotschka" - } - ], + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, "impact": { "cvss": [ { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1933.json b/2023/1xxx/CVE-2023-1933.json new file mode 100644 index 00000000000..ed573e607f0 --- /dev/null +++ b/2023/1xxx/CVE-2023-1933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29470.json b/2023/29xxx/CVE-2023-29470.json new file mode 100644 index 00000000000..7f9c52c7436 --- /dev/null +++ b/2023/29xxx/CVE-2023-29470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29471.json b/2023/29xxx/CVE-2023-29471.json new file mode 100644 index 00000000000..8c1f9c2efe3 --- /dev/null +++ b/2023/29xxx/CVE-2023-29471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file