Auto-Update: 2023-08-18T08:00:31.454081+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-18 08:00:34 +00:00 · 2023-08-18 08:00:34 +00:00 · 5762c18111
commit 5762c18111
parent 7ea4742435
2 changed files with 65 additions and 28 deletions
--- a/CVE-2023/CVE-2023-40xx/CVE-2023-4040.json
+++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4040.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4040",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-18T07:15:09.117",
+  "lastModified": "2023-08-18T07:15:09.117",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2954934/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-18T06:00:31.783331+00:00
+2023-08-18T08:00:31.454081+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-18T04:15:19.240000+00:00
+2023-08-18T07:15:09.117000+00:00
 ```

 ### Last Data Feed Release
@ -29,42 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-222953
+222954
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `1`

+* [CVE-2023-4040](CVE-2023/CVE-2023-40xx/CVE-2023-4040.json) (`2023-08-18T07:15:09.117`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `23`
+Recently modified CVEs: `0`

-* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-08-18T04:15:17.607`)
-* [CVE-2023-2312](CVE-2023/CVE-2023-23xx/CVE-2023-2312.json) (`2023-08-18T04:15:17.770`)
-* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-08-18T04:15:17.847`)
-* [CVE-2023-4349](CVE-2023/CVE-2023-43xx/CVE-2023-4349.json) (`2023-08-18T04:15:17.953`)
-* [CVE-2023-4350](CVE-2023/CVE-2023-43xx/CVE-2023-4350.json) (`2023-08-18T04:15:18.020`)
-* [CVE-2023-4351](CVE-2023/CVE-2023-43xx/CVE-2023-4351.json) (`2023-08-18T04:15:18.087`)
-* [CVE-2023-4352](CVE-2023/CVE-2023-43xx/CVE-2023-4352.json) (`2023-08-18T04:15:18.153`)
-* [CVE-2023-4353](CVE-2023/CVE-2023-43xx/CVE-2023-4353.json) (`2023-08-18T04:15:18.217`)
-* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-08-18T04:15:18.290`)
-* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-08-18T04:15:18.357`)
-* [CVE-2023-4356](CVE-2023/CVE-2023-43xx/CVE-2023-4356.json) (`2023-08-18T04:15:18.423`)
-* [CVE-2023-4357](CVE-2023/CVE-2023-43xx/CVE-2023-4357.json) (`2023-08-18T04:15:18.490`)
-* [CVE-2023-4358](CVE-2023/CVE-2023-43xx/CVE-2023-4358.json) (`2023-08-18T04:15:18.570`)
-* [CVE-2023-4359](CVE-2023/CVE-2023-43xx/CVE-2023-4359.json) (`2023-08-18T04:15:18.643`)
-* [CVE-2023-4360](CVE-2023/CVE-2023-43xx/CVE-2023-4360.json) (`2023-08-18T04:15:18.707`)
-* [CVE-2023-4361](CVE-2023/CVE-2023-43xx/CVE-2023-4361.json) (`2023-08-18T04:15:18.777`)
-* [CVE-2023-4362](CVE-2023/CVE-2023-43xx/CVE-2023-4362.json) (`2023-08-18T04:15:18.847`)
-* [CVE-2023-4363](CVE-2023/CVE-2023-43xx/CVE-2023-4363.json) (`2023-08-18T04:15:18.907`)
-* [CVE-2023-4364](CVE-2023/CVE-2023-43xx/CVE-2023-4364.json) (`2023-08-18T04:15:18.970`)
-* [CVE-2023-4365](CVE-2023/CVE-2023-43xx/CVE-2023-4365.json) (`2023-08-18T04:15:19.037`)
-* [CVE-2023-4366](CVE-2023/CVE-2023-43xx/CVE-2023-4366.json) (`2023-08-18T04:15:19.100`)
-* [CVE-2023-4367](CVE-2023/CVE-2023-43xx/CVE-2023-4367.json) (`2023-08-18T04:15:19.170`)
-* [CVE-2023-4368](CVE-2023/CVE-2023-43xx/CVE-2023-4368.json) (`2023-08-18T04:15:19.240`)


 ## Download and Usage