From c9464951c5a58d71d1ae202fed98b111010e06dc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 4 Dec 2023 22:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/49xxx/CVE-2023-49080.json | 81 ++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4460.json | 81 ++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5105.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5108.json | 81 ++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5137.json | 81 ++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5141.json | 85 ++++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5210.json | 81 ++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5762.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5809.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5874.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5884.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5951.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5952.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5953.json | 80 ++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5979.json | 72 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5990.json | 72 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6063.json | 77 ++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6507.json | 18 +++++++ 18 files changed, 1229 insertions(+), 84 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6507.json diff --git a/2023/49xxx/CVE-2023-49080.json b/2023/49xxx/CVE-2023-49080.json index 14896f910e3..81bb99908ad 100644 --- a/2023/49xxx/CVE-2023-49080.json +++ b/2023/49xxx/CVE-2023-49080.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jupyter-server", + "product": { + "product_data": [ + { + "product_name": "jupyter_server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r", + "refsource": "MISC", + "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r" + }, + { + "url": "https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652", + "refsource": "MISC", + "name": "https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652" + } + ] + }, + "source": { + "advisory": "GHSA-h56g-gq9v-vc8r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4460.json b/2023/4xxx/CVE-2023-4460.json index 7747824152d..cc2fa82372a 100644 --- a/2023/4xxx/CVE-2023-4460.json +++ b/2023/4xxx/CVE-2023-4460.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Uploading SVG, WEBP and ICO files", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.2.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Danilo Albuquerque" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5105.json b/2023/5xxx/CVE-2023-5105.json index 4f78b0aee78..963f7b105db 100644 --- a/2023/5xxx/CVE-2023-5105.json +++ b/2023/5xxx/CVE-2023-5105.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Frontend File Manager Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d40c7108-bad6-4ed3-8539-35c0f57e62cc", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d40c7108-bad6-4ed3-8539-35c0f57e62cc" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5108.json b/2023/5xxx/CVE-2023-5108.json index 934bf9d21ad..a233e8c1c11 100644 --- a/2023/5xxx/CVE-2023-5108.json +++ b/2023/5xxx/CVE-2023-5108.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy Newsletter Signups", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0.4" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Karolis Narvilas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5137.json b/2023/5xxx/CVE-2023-5137.json index ced028712e8..fc279190040 100644 --- a/2023/5xxx/CVE-2023-5137.json +++ b/2023/5xxx/CVE-2023-5137.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simply Excerpts", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.4" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/79b79e9c-ea4f-4188-a1b5-61dda0b5d434", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/79b79e9c-ea4f-4188-a1b5-61dda0b5d434" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "niclo" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5141.json b/2023/5xxx/CVE-2023-5141.json index 5f073f788ee..eb76254d7c8 100644 --- a/2023/5xxx/CVE-2023-5141.json +++ b/2023/5xxx/CVE-2023-5141.json @@ -1,18 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "BSK Contact Form 7 Blacklist", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/9997fe8d-8027-4ae0-9885-a1f5565f2d1a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/9997fe8d-8027-4ae0-9885-a1f5565f2d1a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Enrico Marcolini" + }, + { + "lang": "en", + "value": "Claudio Marchesini" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5210.json b/2023/5xxx/CVE-2023-5210.json index 6c7f9b42f96..c7f071b3548 100644 --- a/2023/5xxx/CVE-2023-5210.json +++ b/2023/5xxx/CVE-2023-5210.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "AMP+ Plus", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "3.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Surribas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5762.json b/2023/5xxx/CVE-2023-5762.json index 63bf9c306b2..5f7ad6d7bfb 100644 --- a/2023/5xxx/CVE-2023-5762.json +++ b/2023/5xxx/CVE-2023-5762.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Filr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.2.3.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmtirii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5809.json b/2023/5xxx/CVE-2023-5809.json index 349e0f50fca..22fcee3457e 100644 --- a/2023/5xxx/CVE-2023-5809.json +++ b/2023/5xxx/CVE-2023-5809.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Popup box", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.8.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f1eb05e8-1b7c-45b1-912d-f668bd68e265", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f1eb05e8-1b7c-45b1-912d-f668bd68e265" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Aristodimou" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5874.json b/2023/5xxx/CVE-2023-5874.json index 6b913f795bb..589270b1549 100644 --- a/2023/5xxx/CVE-2023-5874.json +++ b/2023/5xxx/CVE-2023-5874.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Popup box", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.8.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/ebe3e873-1259-43b9-a027-daa4dbd937f3", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/ebe3e873-1259-43b9-a027-daa4dbd937f3" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bob Matyas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5884.json b/2023/5xxx/CVE-2023-5884.json index 86914ae2b03..30092d9fbc1 100644 --- a/2023/5xxx/CVE-2023-5884.json +++ b/2023/5xxx/CVE-2023-5884.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Word Balloon", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.20.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f4a7937c-6f4b-49dd-b88a-67ebe718ad19", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f4a7937c-6f4b-49dd-b88a-67ebe718ad19" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5951.json b/2023/5xxx/CVE-2023-5951.json index 4775e2c03ad..824d9a6ec3e 100644 --- a/2023/5xxx/CVE-2023-5951.json +++ b/2023/5xxx/CVE-2023-5951.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Welcart e-Commerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/81dc093a-545d-4bcd-ab85-ee9472d709e5", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/81dc093a-545d-4bcd-ab85-ee9472d709e5" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Erwan LR (WPScan)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5952.json b/2023/5xxx/CVE-2023-5952.json index a53cbf3ba37..128465b4a63 100644 --- a/2023/5xxx/CVE-2023-5952.json +++ b/2023/5xxx/CVE-2023-5952.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Welcart e-Commerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5953.json b/2023/5xxx/CVE-2023-5953.json index e553c17f819..fe2cda49675 100644 --- a/2023/5xxx/CVE-2023-5953.json +++ b/2023/5xxx/CVE-2023-5953.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Welcart e-Commerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Benachi" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5979.json b/2023/5xxx/CVE-2023-5979.json index b218a956b94..b80a7b81ccb 100644 --- a/2023/5xxx/CVE-2023-5979.json +++ b/2023/5xxx/CVE-2023-5979.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "eCommerce Product Catalog Plugin for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.3.26" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5990.json b/2023/5xxx/CVE-2023-5990.json index e9ff49a4998..68b0bb99983 100644 --- a/2023/5xxx/CVE-2023-5990.json +++ b/2023/5xxx/CVE-2023-5990.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0a615ce3-93da-459d-a33f-a2a6e74a2f94", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0a615ce3-93da-459d-a33f-a2a6e74a2f94" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nguyen Duc Manh" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6063.json b/2023/6xxx/CVE-2023-6063.json index d648a367495..8b9cadec144 100644 --- a/2023/6xxx/CVE-2023-6063.json +++ b/2023/6xxx/CVE-2023-6063.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Fastest Cache", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e" + }, + { + "url": "https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/", + "refsource": "MISC", + "name": "https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Alex Sanford" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6507.json b/2023/6xxx/CVE-2023-6507.json new file mode 100644 index 00000000000..e7af53b942a --- /dev/null +++ b/2023/6xxx/CVE-2023-6507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file