Auto-Update: 2023-08-18T08:00:31.454081+00:00

This commit is contained in:
cad-safe-bot 2023-08-18 08:00:34 +00:00
parent 7ea4742435
commit 5762c18111
2 changed files with 65 additions and 28 deletions

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4040",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-18T07:15:09.117",
"lastModified": "2023-08-18T07:15:09.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2954934/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-18T06:00:31.783331+00:00 2023-08-18T08:00:31.454081+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-18T04:15:19.240000+00:00 2023-08-18T07:15:09.117000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,42 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
222953 222954
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `0` Recently added CVEs: `1`
* [CVE-2023-4040](CVE-2023/CVE-2023-40xx/CVE-2023-4040.json) (`2023-08-18T07:15:09.117`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `23` Recently modified CVEs: `0`
* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-08-18T04:15:17.607`)
* [CVE-2023-2312](CVE-2023/CVE-2023-23xx/CVE-2023-2312.json) (`2023-08-18T04:15:17.770`)
* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-08-18T04:15:17.847`)
* [CVE-2023-4349](CVE-2023/CVE-2023-43xx/CVE-2023-4349.json) (`2023-08-18T04:15:17.953`)
* [CVE-2023-4350](CVE-2023/CVE-2023-43xx/CVE-2023-4350.json) (`2023-08-18T04:15:18.020`)
* [CVE-2023-4351](CVE-2023/CVE-2023-43xx/CVE-2023-4351.json) (`2023-08-18T04:15:18.087`)
* [CVE-2023-4352](CVE-2023/CVE-2023-43xx/CVE-2023-4352.json) (`2023-08-18T04:15:18.153`)
* [CVE-2023-4353](CVE-2023/CVE-2023-43xx/CVE-2023-4353.json) (`2023-08-18T04:15:18.217`)
* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-08-18T04:15:18.290`)
* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-08-18T04:15:18.357`)
* [CVE-2023-4356](CVE-2023/CVE-2023-43xx/CVE-2023-4356.json) (`2023-08-18T04:15:18.423`)
* [CVE-2023-4357](CVE-2023/CVE-2023-43xx/CVE-2023-4357.json) (`2023-08-18T04:15:18.490`)
* [CVE-2023-4358](CVE-2023/CVE-2023-43xx/CVE-2023-4358.json) (`2023-08-18T04:15:18.570`)
* [CVE-2023-4359](CVE-2023/CVE-2023-43xx/CVE-2023-4359.json) (`2023-08-18T04:15:18.643`)
* [CVE-2023-4360](CVE-2023/CVE-2023-43xx/CVE-2023-4360.json) (`2023-08-18T04:15:18.707`)
* [CVE-2023-4361](CVE-2023/CVE-2023-43xx/CVE-2023-4361.json) (`2023-08-18T04:15:18.777`)
* [CVE-2023-4362](CVE-2023/CVE-2023-43xx/CVE-2023-4362.json) (`2023-08-18T04:15:18.847`)
* [CVE-2023-4363](CVE-2023/CVE-2023-43xx/CVE-2023-4363.json) (`2023-08-18T04:15:18.907`)
* [CVE-2023-4364](CVE-2023/CVE-2023-43xx/CVE-2023-4364.json) (`2023-08-18T04:15:18.970`)
* [CVE-2023-4365](CVE-2023/CVE-2023-43xx/CVE-2023-4365.json) (`2023-08-18T04:15:19.037`)
* [CVE-2023-4366](CVE-2023/CVE-2023-43xx/CVE-2023-4366.json) (`2023-08-18T04:15:19.100`)
* [CVE-2023-4367](CVE-2023/CVE-2023-43xx/CVE-2023-4367.json) (`2023-08-18T04:15:19.170`)
* [CVE-2023-4368](CVE-2023/CVE-2023-43xx/CVE-2023-4368.json) (`2023-08-18T04:15:19.240`)
## Download and Usage ## Download and Usage