Auto-Update: 2024-01-20T07:00:24.865257+00:00

CVE-2023/CVE-2023-464xx/CVE-2023-46447.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-46447",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-20T05:15:08.207",
+  "lastModified": "2024-01-20T05:15:08.207",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/actuator/rebel/blob/main/CWE-319.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=com.pops.pops",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://popsdiabetes.com/about-us/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-06xx/CVE-2024-0623.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-0623",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-20T06:15:44.400",
+  "lastModified": "2024-01-20T06:15:44.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-06xx/CVE-2024-0679.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-0679",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-20T06:15:44.660",
+  "lastModified": "2024-01-20T06:15:44.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-20T05:00:25.163736+00:00
+2024-01-20T07:00:24.865257+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-20T04:15:08.013000+00:00
+2024-01-20T06:15:44.660000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,21 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236463
+236466
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `3`
 
+* [CVE-2023-46447](CVE-2023/CVE-2023-464xx/CVE-2023-46447.json) (`2024-01-20T05:15:08.207`)
+* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-20T06:15:44.400`)
+* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-20T06:15:44.660`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `2`
+Recently modified CVEs: `0`
 
-* [CVE-2023-39326](CVE-2023/CVE-2023-393xx/CVE-2023-39326.json) (`2024-01-20T04:15:07.890`)
-* [CVE-2023-45285](CVE-2023/CVE-2023-452xx/CVE-2023-45285.json) (`2024-01-20T04:15:08.013`)
 
 
 ## Download and Usage