From 77b36201b5903e27d27a8bbdd803c8929d8f3177 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 28 May 2023 20:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-05-28T20:00:26.665763+00:00 --- CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json | 4 +- CVE-2015/CVE-2015-101xx/CVE-2015-10106.json | 4 +- CVE-2023/CVE-2023-287xx/CVE-2023-28785.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-29xx/CVE-2023-2948.json | 4 +- CVE-2023/CVE-2023-29xx/CVE-2023-2949.json | 4 +- CVE-2023/CVE-2023-29xx/CVE-2023-2950.json | 4 +- CVE-2023/CVE-2023-29xx/CVE-2023-2951.json | 4 +- CVE-2023/CVE-2023-328xx/CVE-2023-32800.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-329xx/CVE-2023-32958.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33211.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33212.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33216.json | 4 +- CVE-2023/CVE-2023-333xx/CVE-2023-33309.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33311.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33313.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33314.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33315.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33316.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33319.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33326.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33328.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-333xx/CVE-2023-33332.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-339xx/CVE-2023-33931.json | 55 +++++++++++++++++++ README.md | 34 ++++++++++-- 24 files changed, 922 insertions(+), 20 deletions(-) create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28785.json create mode 100644 CVE-2023/CVE-2023-328xx/CVE-2023-32800.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32958.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33211.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33212.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33309.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33311.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33313.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33314.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33315.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33316.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33319.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33326.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33328.json create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33332.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33931.json diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json index 4875ba202b8..dbd0896f79c 100644 --- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json +++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125101", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-28T13:15:09.347", - "lastModified": "2023-05-28T13:15:09.347", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json index be3291e94ae..1ced02f9445 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10106", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-28T13:15:09.850", - "lastModified": "2023-05-28T13:15:09.850", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json new file mode 100644 index 00000000000..1cfca5d4297 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28785", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.207", + "lastModified": "2023-05-28T19:15:09.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <=\u00a014.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json index 98072d490e3..ce82c8f10fb 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2948", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:12.117", - "lastModified": "2023-05-28T04:15:12.117", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json index accc40843ce..deddd4b1e7c 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2949", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:13.143", - "lastModified": "2023-05-28T04:15:13.143", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json index 25f8bf82b09..e3e2ce6561c 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2950", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:14.513", - "lastModified": "2023-05-28T04:15:14.513", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json index a04a3d153af..2dbaacff0f2 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2951", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-28T06:15:13.013", - "lastModified": "2023-05-28T06:15:13.013", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json new file mode 100644 index 00000000000..03bd7f16823 --- /dev/null +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32800", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.290", + "lastModified": "2023-05-28T19:15:09.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <=\u00a03.0.35 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/seo-by-rank-math-pro/wordpress-rank-math-seo-pro-plugin-3-0-35-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json new file mode 100644 index 00000000000..e79d70c8556 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32958", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.477", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <=\u00a01.2.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/novelist/wordpress-novelist-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json new file mode 100644 index 00000000000..b7326d2f765 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33211", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.357", + "lastModified": "2023-05-28T19:15:09.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr\u00e9 Br\u00e4kling WP-Matomo Integration (WP-Piwik) plugin <=\u00a01.0.27 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-piwik/wordpress-wp-matomo-integration-wp-piwik-plugin-1-0-27-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33212.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33212.json new file mode 100644 index 00000000000..bb73839ccce --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33212.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33212", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.560", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin <=\u00a03.0.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33216.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33216.json index cb3a92ed71e..90f9d3b58b3 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33216.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33216.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33216", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T17:15:09.020", - "lastModified": "2023-05-28T17:15:09.020", - "vulnStatus": "Received", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33309.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33309.json new file mode 100644 index 00000000000..75f0b4e2065 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33309.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33309", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.640", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <=\u00a04.5.11 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/duplicator-pro/wordpress-duplicator-pro-plugin-4-5-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json new file mode 100644 index 00000000000..68ea857d8d1 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33311", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.427", + "lastModified": "2023-05-28T19:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <=\u00a01.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33313.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33313.json new file mode 100644 index 00000000000..81bbbd3cd14 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33313.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33313", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.503", + "lastModified": "2023-05-28T19:15:09.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <=\u00a01.2.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33314.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33314.json new file mode 100644 index 00000000000..e20b8adfbac --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33314.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33314", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.710", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <=\u00a01.1.3.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33315.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33315.json new file mode 100644 index 00000000000..d2a85a1f378 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33315.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33315", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.783", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=\u00a01.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33316.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33316.json new file mode 100644 index 00000000000..0350045a4f1 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33316.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33316", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.573", + "lastModified": "2023-05-28T19:15:09.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <=\u00a04.9.40 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json new file mode 100644 index 00000000000..8c18a0449b0 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33319", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.643", + "lastModified": "2023-05-28T19:15:09.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <=\u00a04.9.40 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json new file mode 100644 index 00000000000..4e4ba65a498 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33326", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.847", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <=\u00a02.8.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-reflected-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33328.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33328.json new file mode 100644 index 00000000000..67fa73ddb4f --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33328.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33328", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.920", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <=\u00a04.0.9.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-pluginops-optin-builder-plugin-4-0-9-1-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json new file mode 100644 index 00000000000..2a2f45d39a3 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33332", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T19:15:09.717", + "lastModified": "2023-05-28T19:15:09.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <=\u00a02.1.76 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33931.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33931.json new file mode 100644 index 00000000000..bd3b0f0b6f0 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33931.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33931", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-28T18:15:09.997", + "lastModified": "2023-05-28T18:32:54.977", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <=\u00a04.6.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/youtube-playlist-player/wordpress-youtube-playlist-player-plugin-4-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index be23d26f880..27125884855 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-28T18:00:26.531543+00:00 +2023-05-28T20:00:26.665763+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-28T17:15:09.020000+00:00 +2023-05-28T19:15:09.717000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216172 +216188 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `16` -* [CVE-2023-33216](CVE-2023/CVE-2023-332xx/CVE-2023-33216.json) (`2023-05-28T17:15:09.020`) +* [CVE-2023-32958](CVE-2023/CVE-2023-329xx/CVE-2023-32958.json) (`2023-05-28T18:15:09.477`) +* [CVE-2023-33212](CVE-2023/CVE-2023-332xx/CVE-2023-33212.json) (`2023-05-28T18:15:09.560`) +* [CVE-2023-33309](CVE-2023/CVE-2023-333xx/CVE-2023-33309.json) (`2023-05-28T18:15:09.640`) +* [CVE-2023-33314](CVE-2023/CVE-2023-333xx/CVE-2023-33314.json) (`2023-05-28T18:15:09.710`) +* [CVE-2023-33315](CVE-2023/CVE-2023-333xx/CVE-2023-33315.json) (`2023-05-28T18:15:09.783`) +* [CVE-2023-33326](CVE-2023/CVE-2023-333xx/CVE-2023-33326.json) (`2023-05-28T18:15:09.847`) +* [CVE-2023-33328](CVE-2023/CVE-2023-333xx/CVE-2023-33328.json) (`2023-05-28T18:15:09.920`) +* [CVE-2023-33931](CVE-2023/CVE-2023-339xx/CVE-2023-33931.json) (`2023-05-28T18:15:09.997`) +* [CVE-2023-28785](CVE-2023/CVE-2023-287xx/CVE-2023-28785.json) (`2023-05-28T19:15:09.207`) +* [CVE-2023-32800](CVE-2023/CVE-2023-328xx/CVE-2023-32800.json) (`2023-05-28T19:15:09.290`) +* [CVE-2023-33211](CVE-2023/CVE-2023-332xx/CVE-2023-33211.json) (`2023-05-28T19:15:09.357`) +* [CVE-2023-33311](CVE-2023/CVE-2023-333xx/CVE-2023-33311.json) (`2023-05-28T19:15:09.427`) +* [CVE-2023-33313](CVE-2023/CVE-2023-333xx/CVE-2023-33313.json) (`2023-05-28T19:15:09.503`) +* [CVE-2023-33316](CVE-2023/CVE-2023-333xx/CVE-2023-33316.json) (`2023-05-28T19:15:09.573`) +* [CVE-2023-33319](CVE-2023/CVE-2023-333xx/CVE-2023-33319.json) (`2023-05-28T19:15:09.643`) +* [CVE-2023-33332](CVE-2023/CVE-2023-333xx/CVE-2023-33332.json) (`2023-05-28T19:15:09.717`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `7` +* [CVE-2014-125101](CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json) (`2023-05-28T18:32:54.977`) +* [CVE-2015-10106](CVE-2015/CVE-2015-101xx/CVE-2015-10106.json) (`2023-05-28T18:32:54.977`) +* [CVE-2023-2948](CVE-2023/CVE-2023-29xx/CVE-2023-2948.json) (`2023-05-28T18:32:54.977`) +* [CVE-2023-2949](CVE-2023/CVE-2023-29xx/CVE-2023-2949.json) (`2023-05-28T18:32:54.977`) +* [CVE-2023-2950](CVE-2023/CVE-2023-29xx/CVE-2023-2950.json) (`2023-05-28T18:32:54.977`) +* [CVE-2023-2951](CVE-2023/CVE-2023-29xx/CVE-2023-2951.json) (`2023-05-28T18:32:54.977`) +* [CVE-2023-33216](CVE-2023/CVE-2023-332xx/CVE-2023-33216.json) (`2023-05-28T18:32:54.977`) ## Download and Usage