admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T00:55:25.042281+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 00:55:28 +00:00
parent 8616bad1ae
commit 61f84f903a
23 changed files with 1206 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-458xx/CVE-2022-45809.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45809",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.130",
"lastModified": "2023-12-19T00:15:07.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/thumbs-rating/wordpress-thumbs-rating-plugin-4-1-0-race-condition-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33331.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33331",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.520",
"lastModified": "2023-12-18T23:15:07.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-vendor-admin-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34168.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34168",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.743",
"lastModified": "2023-12-18T23:15:07.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-461xx/CVE-2023-46154.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46154",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.360",
"lastModified": "2023-12-19T00:15:07.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n/a through 1.20.18.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-18-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-462xx/CVE-2023-46212.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46212",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.563",
"lastModified": "2023-12-19T00:15:07.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47506.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47506",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:07.933",
"lastModified": "2023-12-18T23:15:07.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-authenticated-editor-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47530.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47530",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.133",
"lastModified": "2023-12-18T23:15:08.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/redirect-404-error-page-to-homepage-or-custom-page/wordpress-redirect-404-error-page-to-homepage-or-custom-page-with-logs-plugin-1-8-7-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-475xx/CVE-2023-47558.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47558",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.320",
"lastModified": "2023-12-18T23:15:08.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page \u2013 Hit Counter allows SQL Injection.This issue affects Who Hit The Page \u2013 Hit Counter: from n/a through 1.4.14.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/who-hit-the-page-hit-counter/wordpress-who-hit-the-page-hit-counter-plugin-1-4-14-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47754.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.767",
"lastModified": "2023-12-19T00:15:07.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/delete-duplicate-posts/wordpress-delete-duplicate-posts-plugin-4-8-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-487xx/CVE-2023-48751.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-48751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:07.977",
"lastModified": "2023-12-19T00:15:07.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-5-broken-access-control-vulnerability",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-18T21:15:08.400",
"lastModified": "2023-12-19T00:15:08.180",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -60,6 +60,10 @@
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-491xx/CVE-2023-49153.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49153",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.503",
"lastModified": "2023-12-18T23:15:08.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-add-to-cart-text-change/wordpress-add-to-cart-text-changer-and-customize-button-add-custom-icon-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49155.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49155",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.697",
"lastModified": "2023-12-18T23:15:08.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator \u2013 easily Button Builder.This issue affects Button Generator \u2013 easily Button Builder: from n/a through 2.3.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-easily-button-builder-plugin-2-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-491xx/CVE-2023-49163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49163",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:08.893",
"lastModified": "2023-12-18T23:15:08.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49759.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.083",
"lastModified": "2023-12-18T23:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz \u2013 WooCommerce Comments.This issue affects WooDiscuz \u2013 WooCommerce Comments: from n/a through 2.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodiscuz-woocommerce-comments/wordpress-woodiscuz-woocommerce-comments-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49760.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.263",
"lastModified": "2023-12-18T23:15:09.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-soononline-page/wordpress-wpsoononlinepage-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49761.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.447",
"lastModified": "2023-12-18T23:15:09.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-497xx/CVE-2023-49763.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49763",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.630",
"lastModified": "2023-12-18T23:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through 1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/csprite/wordpress-csprite-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49819.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49819",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T00:15:08.270",
"lastModified": "2023-12-19T00:15:08.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-wpsc-plugin-1-5-3-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49821.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T23:15:09.833",
"lastModified": "2023-12-18T23:15:09.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \u2013 WP live chat plugin for WordPress.This issue affects LiveChat \u2013 WP live chat plugin for WordPress: from n/a through 4.5.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-live-chat-software-for-wordpress/wordpress-livechat-plugin-4-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2023/CVE-2023-69xx/CVE-2023-6918.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6918",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-19T00:15:08.460",
"lastModified": "2023-12-19T00:15:08.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6918",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997",
"source": "secalert@redhat.com"
},
{
"url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-69xx/CVE-2023-6927.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6927",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T23:15:10.027",
"lastModified": "2023-12-18T23:15:10.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6927",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027",
"source": "secalert@redhat.com"
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-18T23:00:24.923773+00:00
2023-12-19T00:55:25.042281+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-18T22:15:10.540000+00:00
2023-12-19T00:15:08.460000+00:00
```
### Last Data Feed Release
@ -29,36 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233656
233677
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `21`
* [CVE-2023-40691](CVE-2023/CVE-2023-406xx/CVE-2023-40691.json) (`2023-12-18T21:15:08.087`)
* [CVE-2023-22439](CVE-2023/CVE-2023-224xx/CVE-2023-22439.json) (`2023-12-18T22:15:07.807`)
* [CVE-2023-23570](CVE-2023/CVE-2023-235xx/CVE-2023-23570.json) (`2023-12-18T22:15:08.020`)
* [CVE-2023-23576](CVE-2023/CVE-2023-235xx/CVE-2023-23576.json) (`2023-12-18T22:15:08.210`)
* [CVE-2023-23584](CVE-2023/CVE-2023-235xx/CVE-2023-23584.json) (`2023-12-18T22:15:08.407`)
* [CVE-2023-24590](CVE-2023/CVE-2023-245xx/CVE-2023-24590.json) (`2023-12-18T22:15:08.577`)
* [CVE-2023-41967](CVE-2023/CVE-2023-419xx/CVE-2023-41967.json) (`2023-12-18T22:15:08.770`)
* [CVE-2023-46686](CVE-2023/CVE-2023-466xx/CVE-2023-46686.json) (`2023-12-18T22:15:08.967`)
* [CVE-2023-48768](CVE-2023/CVE-2023-487xx/CVE-2023-48768.json) (`2023-12-18T22:15:09.143`)
* [CVE-2023-48769](CVE-2023/CVE-2023-487xx/CVE-2023-48769.json) (`2023-12-18T22:15:09.337`)
* [CVE-2023-48772](CVE-2023/CVE-2023-487xx/CVE-2023-48772.json) (`2023-12-18T22:15:09.570`)
* [CVE-2023-48773](CVE-2023/CVE-2023-487xx/CVE-2023-48773.json) (`2023-12-18T22:15:09.757`)
* [CVE-2023-48778](CVE-2023/CVE-2023-487xx/CVE-2023-48778.json) (`2023-12-18T22:15:09.960`)
* [CVE-2023-48781](CVE-2023/CVE-2023-487xx/CVE-2023-48781.json) (`2023-12-18T22:15:10.150`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-18T22:15:10.347`)
* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2023-12-18T22:15:10.540`)
* [CVE-2022-45809](CVE-2022/CVE-2022-458xx/CVE-2022-45809.json) (`2023-12-19T00:15:07.130`)
* [CVE-2023-33331](CVE-2023/CVE-2023-333xx/CVE-2023-33331.json) (`2023-12-18T23:15:07.520`)
* [CVE-2023-34168](CVE-2023/CVE-2023-341xx/CVE-2023-34168.json) (`2023-12-18T23:15:07.743`)
* [CVE-2023-47506](CVE-2023/CVE-2023-475xx/CVE-2023-47506.json) (`2023-12-18T23:15:07.933`)
* [CVE-2023-47530](CVE-2023/CVE-2023-475xx/CVE-2023-47530.json) (`2023-12-18T23:15:08.133`)
* [CVE-2023-47558](CVE-2023/CVE-2023-475xx/CVE-2023-47558.json) (`2023-12-18T23:15:08.320`)
* [CVE-2023-49153](CVE-2023/CVE-2023-491xx/CVE-2023-49153.json) (`2023-12-18T23:15:08.503`)
* [CVE-2023-49155](CVE-2023/CVE-2023-491xx/CVE-2023-49155.json) (`2023-12-18T23:15:08.697`)
* [CVE-2023-49163](CVE-2023/CVE-2023-491xx/CVE-2023-49163.json) (`2023-12-18T23:15:08.893`)
* [CVE-2023-49759](CVE-2023/CVE-2023-497xx/CVE-2023-49759.json) (`2023-12-18T23:15:09.083`)
* [CVE-2023-49760](CVE-2023/CVE-2023-497xx/CVE-2023-49760.json) (`2023-12-18T23:15:09.263`)
* [CVE-2023-49761](CVE-2023/CVE-2023-497xx/CVE-2023-49761.json) (`2023-12-18T23:15:09.447`)
* [CVE-2023-49763](CVE-2023/CVE-2023-497xx/CVE-2023-49763.json) (`2023-12-18T23:15:09.630`)
* [CVE-2023-49821](CVE-2023/CVE-2023-498xx/CVE-2023-49821.json) (`2023-12-18T23:15:09.833`)
* [CVE-2023-6927](CVE-2023/CVE-2023-69xx/CVE-2023-6927.json) (`2023-12-18T23:15:10.027`)
* [CVE-2023-46154](CVE-2023/CVE-2023-461xx/CVE-2023-46154.json) (`2023-12-19T00:15:07.360`)
* [CVE-2023-46212](CVE-2023/CVE-2023-462xx/CVE-2023-46212.json) (`2023-12-19T00:15:07.563`)
* [CVE-2023-47754](CVE-2023/CVE-2023-477xx/CVE-2023-47754.json) (`2023-12-19T00:15:07.767`)
* [CVE-2023-48751](CVE-2023/CVE-2023-487xx/CVE-2023-48751.json) (`2023-12-19T00:15:07.977`)
* [CVE-2023-49819](CVE-2023/CVE-2023-498xx/CVE-2023-49819.json) (`2023-12-19T00:15:08.270`)
* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2023-12-19T00:15:08.460`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-18T21:15:08.400`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-19T00:15:08.180`)
## Download and Usage