diff --git a/CVE-2021/CVE-2021-247xx/CVE-2021-24705.json b/CVE-2021/CVE-2021-247xx/CVE-2021-24705.json index 0cbda567cfc..6a5cdc01ccf 100644 --- a/CVE-2021/CVE-2021-247xx/CVE-2021-24705.json +++ b/CVE-2021/CVE-2021-247xx/CVE-2021-24705.json @@ -2,12 +2,12 @@ "id": "CVE-2021-24705", "sourceIdentifier": "contact@wpscan.com", "published": "2021-12-13T11:15:08.137", - "lastModified": "2023-03-17T09:15:10.680", + "lastModified": "2023-05-18T11:15:09.023", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them" + "value": "The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them" }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-44xx/CVE-2022-4418.json b/CVE-2022/CVE-2022-44xx/CVE-2022-4418.json new file mode 100644 index 00000000000..723a67ee8bb --- /dev/null +++ b/CVE-2022/CVE-2022-44xx/CVE-2022-4418.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-4418", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.767", + "lastModified": "2023-05-18T10:15:09.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-4729", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45450.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45450.json new file mode 100644 index 00000000000..72d8ccd0aff --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45450.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45450", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.413", + "lastModified": "2023-05-18T10:15:09.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-2410", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45452.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45452.json new file mode 100644 index 00000000000..d7dfee1e310 --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45452.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45452", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.487", + "lastModified": "2023-05-18T10:15:09.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3967", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45453.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45453.json new file mode 100644 index 00000000000..846c0f95508 --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45453.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45453", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.547", + "lastModified": "2023-05-18T10:15:09.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-310" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5112", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45457.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45457.json new file mode 100644 index 00000000000..0eb41a77817 --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45457.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45457", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.603", + "lastModified": "2023-05-18T10:15:09.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3957", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45458.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45458.json new file mode 100644 index 00000000000..d2055d3861a --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45458.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45458", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.657", + "lastModified": "2023-05-18T10:15:09.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3952", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45459.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45459.json new file mode 100644 index 00000000000..61ea7166ba1 --- /dev/null +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45459.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45459", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T10:15:09.710", + "lastModified": "2023-05-18T10:15:09.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.0, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3196", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json new file mode 100644 index 00000000000..4c2b79cb9a6 --- /dev/null +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47157.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47157", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.150", + "lastModified": "2023-05-18T11:15:09.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <=\u00a01.2.34 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-custom-fields-search/wordpress-wp-custom-fields-search-plugin-1-2-34-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json new file mode 100644 index 00000000000..aa34eb31085 --- /dev/null +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23667.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23667", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.223", + "lastModified": "2023-05-18T11:15:09.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <=\u00a03.7.0.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/brands-for-woocommerce/wordpress-brands-for-woocommerce-plugin-3-7-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json new file mode 100644 index 00000000000..f3b86552668 --- /dev/null +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23999.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23999", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.293", + "lastModified": "2023-05-18T11:15:09.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <=\u00a08.14.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/google-analytics-for-wordpress/wordpress-google-analytics-by-monsterinsights-plugin-8-14-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json new file mode 100644 index 00000000000..4bfed17ca0a --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25698.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25698", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.357", + "lastModified": "2023-05-18T11:15:09.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <=\u00a01.2.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mabel-shoppable-images-lite/wordpress-shoppable-images-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json new file mode 100644 index 00000000000..09800a4b3d7 --- /dev/null +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27423.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.427", + "lastModified": "2023-05-18T11:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <=\u00a01.8.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/auto-prune-posts/wordpress-auto-prune-posts-plugin-1-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json new file mode 100644 index 00000000000..21f601d856f --- /dev/null +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27430.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27430", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.490", + "lastModified": "2023-05-18T11:15:09.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <=\u00a02.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mass-delete-unused-tags/wordpress-mass-delete-unused-tags-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json new file mode 100644 index 00000000000..1d69b347dd5 --- /dev/null +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2782.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2782", + "sourceIdentifier": "security@acronis.com", + "published": "2023-05-18T11:15:09.563", + "lastModified": "2023-05-18T11:15:09.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3475", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json new file mode 100644 index 00000000000..8cbea25f479 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30780.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30780", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T11:15:09.633", + "lastModified": "2023-05-18T11:15:09.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <=\u00a02.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/user-ip-and-location/wordpress-user-ip-and-location-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json new file mode 100644 index 00000000000..ab66ecca9da --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31233.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31233", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T10:15:09.837", + "lastModified": "2023-05-18T10:15:09.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <=\u00a01.0.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json new file mode 100644 index 00000000000..7e99a762700 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32515.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32515", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-18T10:15:09.913", + "lastModified": "2023-05-18T10:15:09.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <=\u00a02.6.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/custom-field-suite/wordpress-custom-field-suite-plugin-2-6-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00b18524467..5d0757e0233 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-18T10:00:35.546430+00:00 +2023-05-18T12:00:27.258543+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-18T09:15:10.437000+00:00 +2023-05-18T11:15:09.633000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215595 +215612 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `17` -* [CVE-2023-33203](CVE-2023/CVE-2023-332xx/CVE-2023-33203.json) (`2023-05-18T08:15:08.723`) -* [CVE-2023-33204](CVE-2023/CVE-2023-332xx/CVE-2023-33204.json) (`2023-05-18T08:15:08.773`) -* [CVE-2023-28369](CVE-2023/CVE-2023-283xx/CVE-2023-28369.json) (`2023-05-18T09:15:09.483`) -* [CVE-2023-30487](CVE-2023/CVE-2023-304xx/CVE-2023-30487.json) (`2023-05-18T09:15:10.333`) -* [CVE-2023-30868](CVE-2023/CVE-2023-308xx/CVE-2023-30868.json) (`2023-05-18T09:15:10.437`) +* [CVE-2022-45450](CVE-2022/CVE-2022-454xx/CVE-2022-45450.json) (`2023-05-18T10:15:09.413`) +* [CVE-2022-45452](CVE-2022/CVE-2022-454xx/CVE-2022-45452.json) (`2023-05-18T10:15:09.487`) +* [CVE-2022-45453](CVE-2022/CVE-2022-454xx/CVE-2022-45453.json) (`2023-05-18T10:15:09.547`) +* [CVE-2022-45457](CVE-2022/CVE-2022-454xx/CVE-2022-45457.json) (`2023-05-18T10:15:09.603`) +* [CVE-2022-45458](CVE-2022/CVE-2022-454xx/CVE-2022-45458.json) (`2023-05-18T10:15:09.657`) +* [CVE-2022-45459](CVE-2022/CVE-2022-454xx/CVE-2022-45459.json) (`2023-05-18T10:15:09.710`) +* [CVE-2022-4418](CVE-2022/CVE-2022-44xx/CVE-2022-4418.json) (`2023-05-18T10:15:09.767`) +* [CVE-2022-47157](CVE-2022/CVE-2022-471xx/CVE-2022-47157.json) (`2023-05-18T11:15:09.150`) +* [CVE-2023-31233](CVE-2023/CVE-2023-312xx/CVE-2023-31233.json) (`2023-05-18T10:15:09.837`) +* [CVE-2023-32515](CVE-2023/CVE-2023-325xx/CVE-2023-32515.json) (`2023-05-18T10:15:09.913`) +* [CVE-2023-23667](CVE-2023/CVE-2023-236xx/CVE-2023-23667.json) (`2023-05-18T11:15:09.223`) +* [CVE-2023-23999](CVE-2023/CVE-2023-239xx/CVE-2023-23999.json) (`2023-05-18T11:15:09.293`) +* [CVE-2023-25698](CVE-2023/CVE-2023-256xx/CVE-2023-25698.json) (`2023-05-18T11:15:09.357`) +* [CVE-2023-27423](CVE-2023/CVE-2023-274xx/CVE-2023-27423.json) (`2023-05-18T11:15:09.427`) +* [CVE-2023-27430](CVE-2023/CVE-2023-274xx/CVE-2023-27430.json) (`2023-05-18T11:15:09.490`) +* [CVE-2023-2782](CVE-2023/CVE-2023-27xx/CVE-2023-2782.json) (`2023-05-18T11:15:09.563`) +* [CVE-2023-30780](CVE-2023/CVE-2023-307xx/CVE-2023-30780.json) (`2023-05-18T11:15:09.633`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -* [CVE-2023-2156](CVE-2023/CVE-2023-21xx/CVE-2023-2156.json) (`2023-05-18T09:15:10.090`) +* [CVE-2021-24705](CVE-2021/CVE-2021-247xx/CVE-2021-24705.json) (`2023-05-18T11:15:09.023`) ## Download and Usage