Auto-Update: 2024-01-06T11:00:24.333131+00:00

CVE-2020/CVE-2020-276xx/CVE-2020-27637.json

@@ -2,8 +2,8 @@
   "id": "CVE-2020-27637",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2021-01-12T04:15:13.000",
-  "lastModified": "2021-01-20T17:34:00.980",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-06T10:15:45.373",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -102,6 +102,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://security.gentoo.org/glsa/202401-07",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://www.r-project.org/foundation/",
       "source": "cve@mitre.org",

CVE-2023/CVE-2023-67xx/CVE-2023-6798.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6798",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-06T10:15:45.840",
+  "lastModified": "2024-01-06T10:15:45.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-68xx/CVE-2023-6801.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6801",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-06T10:15:46.133",
+  "lastModified": "2024-01-06T10:15:46.133",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-06T07:00:24.713547+00:00
+2024-01-06T11:00:24.333131+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-06T05:15:09.610000+00:00
+2024-01-06T10:15:46.133000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,21 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-234966
+234968
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-* [CVE-2023-46953](CVE-2023/CVE-2023-469xx/CVE-2023-46953.json) (`2024-01-06T05:15:09.427`)
-* [CVE-2023-50121](CVE-2023/CVE-2023-501xx/CVE-2023-50121.json) (`2024-01-06T05:15:09.610`)
+* [CVE-2023-6798](CVE-2023/CVE-2023-67xx/CVE-2023-6798.json) (`2024-01-06T10:15:45.840`)
+* [CVE-2023-6801](CVE-2023/CVE-2023-68xx/CVE-2023-6801.json) (`2024-01-06T10:15:46.133`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+* [CVE-2020-27637](CVE-2020/CVE-2020-276xx/CVE-2020-27637.json) (`2024-01-06T10:15:45.373`)
 
 
 ## Download and Usage