admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-31 09:00:33 +00:00
parent 32feca0792
commit dd3984608e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 1100 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/35xxx/CVE-2023-35838.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://tunnelcrack.mathyvanhoef.com/details.html",
"url": "https://tunnelcrack.mathyvanhoef.com/details.html"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
}
]
}

5
2023/36xxx/CVE-2023-36671.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://tunnelcrack.mathyvanhoef.com/details.html",
"url": "https://tunnelcrack.mathyvanhoef.com/details.html"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
}
]
}

5
2023/36xxx/CVE-2023-36672.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://mullvad.net/de/blog/2023/8/9/response-to-tunnelcrack-vulnerability-disclosure/",
"url": "https://mullvad.net/de/blog/2023/8/9/response-to-tunnelcrack-vulnerability-disclosure/"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
}
]
}

5
2023/36xxx/CVE-2023-36673.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://tunnelcrack.mathyvanhoef.com/details.html",
"url": "https://tunnelcrack.mathyvanhoef.com/details.html"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
}
]
}

80
2023/5xxx/CVE-2023-5412.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Image horizontal reel scroll slideshow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "13.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/image-horizontal-reel-scroll-slideshow/trunk/image-horizontal-reel-scroll-slideshow.php?rev=2827121#L176",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/image-horizontal-reel-scroll-slideshow/trunk/image-horizontal-reel-scroll-slideshow.php?rev=2827121#L176"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985331/image-horizontal-reel-scroll-slideshow#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985331/image-horizontal-reel-scroll-slideshow#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5428.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Image vertical reel scroll slideshow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/image-vertical-reel-scroll-slideshow/trunk/image-vertical-reel-scroll-slideshow.php?rev=2827122#L273",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/image-vertical-reel-scroll-slideshow/trunk/image-vertical-reel-scroll-slideshow.php?rev=2827122#L273"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985333/image-vertical-reel-scroll-slideshow#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985333/image-vertical-reel-scroll-slideshow#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5429.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Information Reel",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/information-reel/trunk/information-reel.php?rev=2827123#L134",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/information-reel/trunk/information-reel.php?rev=2827123#L134"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985373/information-reel#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985373/information-reel#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5430.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplushotmailcom",
"product": {
"product_data": [
{
"product_name": "Jquery news ticker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-news-ticker/trunk/jquery-news-ticker.php?rev=2827068#L92",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/jquery-news-ticker/trunk/jquery-news-ticker.php?rev=2827068#L92"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985559/jquery-news-ticker#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985559/jquery-news-ticker#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5431.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Left right image slideshow gallery",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/left-right-image-slideshow-gallery/trunk/left-right-image-slideshow-gallery.php?rev=2827127#L211",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/left-right-image-slideshow-gallery/trunk/left-right-image-slideshow-gallery.php?rev=2827127#L211"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985417/left-right-image-slideshow-gallery#file0",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985417/left-right-image-slideshow-gallery#file0"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5433.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Message ticker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/message-ticker/trunk/message-ticker.php?rev=2827131#L142",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/message-ticker/trunk/message-ticker.php?rev=2827131#L142"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985499/message-ticker#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985499/message-ticker#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5434.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Superb slideshow gallery",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "13.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/superb-slideshow-gallery/trunk/superb-slideshow-gallery.php?rev=2827170#L127",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/superb-slideshow-gallery/trunk/superb-slideshow-gallery.php?rev=2827170#L127"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985501/superb-slideshow-gallery#file2",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985501/superb-slideshow-gallery#file2"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5435.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Up down image slideshow gallery",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/up-down-image-slideshow-gallery/trunk/up-down-image-slideshow-gallery.php?rev=2827173#L208",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/up-down-image-slideshow-gallery/trunk/up-down-image-slideshow-gallery.php?rev=2827173#L208"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985497/up-down-image-slideshow-gallery#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985497/up-down-image-slideshow-gallery#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5436.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplushotmailcom",
"product": {
"product_data": [
{
"product_name": "Vertical marquee plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vertical-marquee-plugin/trunk/vertical-marquee-plugin.php?rev=2827080#L170",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vertical-marquee-plugin/trunk/vertical-marquee-plugin.php?rev=2827080#L170"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985561/vertical-marquee-plugin#file2",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985561/vertical-marquee-plugin#file2"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5437.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "WP fade in text news",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-fade-in-text-news/trunk/wp-fade-in-text-news.php?rev=2827202#L236",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-fade-in-text-news/trunk/wp-fade-in-text-news.php?rev=2827202#L236"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985398/wp-fade-in-text-news#file2",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985398/wp-fade-in-text-news#file2"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5438.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "wp image slideshow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-image-slideshow/trunk/wp-image-slideshow.php?rev=2827205#L189",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-image-slideshow/trunk/wp-image-slideshow.php?rev=2827205#L189"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985394/wp-image-slideshow#file2",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985394/wp-image-slideshow#file2"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5439.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopiplus",
"product": {
"product_data": [
{
"product_name": "Wp photo text slider 50",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-photo-text-slider-50/trunk/wp-photo-text-slider-50.php?rev=2827206#L196",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-photo-text-slider-50/trunk/wp-photo-text-slider-50.php?rev=2827206#L196"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985502/wp-photo-text-slider-50#file1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985502/wp-photo-text-slider-50#file1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2023/5xxx/CVE-2023-5464.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gopi_plus",
"product": {
"product_data": [
{
"product_name": "Jquery accordion slideshow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985511/jquery-accordion-slideshow#file0",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2985511/jquery-accordion-slideshow#file0"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

92
2023/5xxx/CVE-2023-5873.json Normal file
View File

@ -0,0 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-5873",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "11.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce",
"refsource": "MISC",
"name": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"
},
{
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
]
},
"source": {
"advisory": "701cfc30-22a1-4c4b-9b2f-885c77c290ce",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 4,
"baseSeverity": "MEDIUM"
}
]
}
}