diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26531.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26531.json new file mode 100644 index 00000000000..ac426e50fdf --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26531.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26531", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:07.410", + "lastModified": "2023-11-13T01:15:07.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a \u591a\u5408\u4e00\u641c\u7d22\u81ea\u52a8\u63a8\u9001\u7ba1\u7406\u63d2\u4ef6-\u652f\u6301Baidu/Google/Bing/IndexNow/Yandex/\u5934\u6761 plugin <=\u00a04.2.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/baidu-submit-link/wordpress-baidu-google-bing-indexnow-yandex-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26543.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26543.json new file mode 100644 index 00000000000..5897358424f --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26543.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26543", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:07.610", + "lastModified": "2023-11-13T01:15:07.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <=\u00a03.1.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-meteor/wordpress-wp-meteor-page-speed-optimization-topping-plugin-3-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32583.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32583.json new file mode 100644 index 00000000000..919bacb7bca --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32583.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32583", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:07.650", + "lastModified": "2023-11-13T02:15:07.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <=\u00a02.4.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-all-backup/wordpress-wp-all-backup-plugin-2-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32588.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32588.json new file mode 100644 index 00000000000..3bc1c1ab8cc --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32588.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32588", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:07.850", + "lastModified": "2023-11-13T02:15:07.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <=\u00a02.0.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-state-tags/wordpress-post-state-tags-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33207.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33207.json new file mode 100644 index 00000000000..827f4026f67 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33207.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33207", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:08.037", + "lastModified": "2023-11-13T02:15:08.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\u00f3rski Stop Referrer Spam plugin <=\u00a01.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/stop-referrer-spam/wordpress-stop-referrer-spam-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34378.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34378.json new file mode 100644 index 00000000000..7b6e5fd63bd --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34378.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34378", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:08.230", + "lastModified": "2023-11-13T02:15:08.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <=\u00a02.0.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-hide-post/wordpress-wp-hide-post-plugin-2-0-10-cross-site-request-forgery-csrf-leading-to-post-status-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34384.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34384.json new file mode 100644 index 00000000000..6dc9465b916 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34384.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34384", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:08.423", + "lastModified": "2023-11-13T02:15:08.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <=\u00a01.5.12 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kebo-twitter-feed/wordpress-kebo-twitter-feed-plugin-1-5-12-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json new file mode 100644 index 00000000000..7e41892feb0 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-38363", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-11-13T02:15:08.663", + "lastModified": "2023-11-13T02:15:08.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260818", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7067987", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38364.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38364.json new file mode 100644 index 00000000000..fd1ea8c3785 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38364.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38364", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-11-13T02:15:08.840", + "lastModified": "2023-11-13T02:15:08.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260821", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7066429", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46618.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46618.json new file mode 100644 index 00000000000..16033af9859 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46618.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46618", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:07.813", + "lastModified": "2023-11-13T01:15:07.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <=\u00a02.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46619.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46619.json new file mode 100644 index 00000000000..e3eebbc9ab1 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46619.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46619", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:08.020", + "lastModified": "2023-11-13T01:15:08.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <=\u00a01.0.15 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/spider-facebook/wordpress-wdsocialwidgets-plugin-1-0-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46620.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46620.json new file mode 100644 index 00000000000..c2bb12524e8 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46620.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46620", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:08.210", + "lastModified": "2023-11-13T01:15:08.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <=\u00a02.3.9.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-2-3-6-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46625.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46625.json new file mode 100644 index 00000000000..250774ebbe7 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46625.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46625", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:08.410", + "lastModified": "2023-11-13T01:15:08.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <=\u00a01.10.04 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/daext-autolinks-manager/wordpress-autolinks-manager-plugin-1-10-04-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46629.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46629.json new file mode 100644 index 00000000000..1a0983dae2b --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46629.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46629", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:08.617", + "lastModified": "2023-11-13T01:15:08.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <=\u00a01.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/remove-add-to-cart-woocommerce/wordpress-remove-add-to-cart-woocommerce-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46636.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46636.json new file mode 100644 index 00000000000..1a0471fc10f --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46636.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46636", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:08.833", + "lastModified": "2023-11-13T01:15:08.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in David St\u00f6ckl Custom Header Images plugin <=\u00a01.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/custom-header-images/wordpress-custom-header-images-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46638.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46638.json new file mode 100644 index 00000000000..c6de8a13406 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46638.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46638", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:09.017", + "lastModified": "2023-11-13T01:15:09.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <=\u00a02.5.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wcp-openweather/wordpress-wcp-openweather-plugin-2-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47230.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47230.json new file mode 100644 index 00000000000..94e45f06a6e --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47230.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47230", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T01:15:09.207", + "lastModified": "2023-11-13T01:15:09.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <=\u00a01.6.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-forms/wordpress-wordpress-contact-forms-by-cimatti-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47669.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47669.json new file mode 100644 index 00000000000..1c0ea8f3f8e --- /dev/null +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47669.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47669", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-13T02:15:09.043", + "lastModified": "2023-11-13T02:15:09.043", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin <=\u00a03.10.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/profile-builder/wordpress-user-profile-builder-plugin-3-10-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 31c3ffd5240..ace76f9a3f0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-13T00:55:19.523528+00:00 +2023-11-13T03:00:19.435903+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-13T00:15:09.127000+00:00 +2023-11-13T02:15:09.043000+00:00 ``` ### Last Data Feed Release @@ -23,48 +23,43 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-11-12T01:00:13.567630+00:00 +2023-11-13T01:00:13.552913+00:00 ``` ### Total Number of included CVEs ```plain -230384 +230402 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` +Recently added CVEs: `18` -* [CVE-2023-27417](CVE-2023/CVE-2023-274xx/CVE-2023-27417.json) (`2023-11-12T23:15:08.123`) -* [CVE-2023-27418](CVE-2023/CVE-2023-274xx/CVE-2023-27418.json) (`2023-11-12T23:15:08.320`) -* [CVE-2023-27431](CVE-2023/CVE-2023-274xx/CVE-2023-27431.json) (`2023-11-12T23:15:08.520`) -* [CVE-2023-27611](CVE-2023/CVE-2023-276xx/CVE-2023-27611.json) (`2023-11-12T23:15:08.713`) -* [CVE-2023-27623](CVE-2023/CVE-2023-276xx/CVE-2023-27623.json) (`2023-11-12T23:15:08.903`) -* [CVE-2023-27632](CVE-2023/CVE-2023-276xx/CVE-2023-27632.json) (`2023-11-12T23:15:09.093`) -* [CVE-2023-28134](CVE-2023/CVE-2023-281xx/CVE-2023-28134.json) (`2023-11-12T23:15:09.313`) -* [CVE-2023-28167](CVE-2023/CVE-2023-281xx/CVE-2023-28167.json) (`2023-11-12T23:15:09.407`) -* [CVE-2023-28172](CVE-2023/CVE-2023-281xx/CVE-2023-28172.json) (`2023-11-12T23:15:09.617`) -* [CVE-2023-28173](CVE-2023/CVE-2023-281xx/CVE-2023-28173.json) (`2023-11-12T23:15:09.813`) -* [CVE-2023-28419](CVE-2023/CVE-2023-284xx/CVE-2023-28419.json) (`2023-11-12T23:15:10.007`) -* [CVE-2023-28420](CVE-2023/CVE-2023-284xx/CVE-2023-28420.json) (`2023-11-12T23:15:10.203`) -* [CVE-2023-26514](CVE-2023/CVE-2023-265xx/CVE-2023-26514.json) (`2023-11-13T00:15:07.570`) -* [CVE-2023-26516](CVE-2023/CVE-2023-265xx/CVE-2023-26516.json) (`2023-11-13T00:15:07.773`) -* [CVE-2023-26518](CVE-2023/CVE-2023-265xx/CVE-2023-26518.json) (`2023-11-13T00:15:07.963`) -* [CVE-2023-26524](CVE-2023/CVE-2023-265xx/CVE-2023-26524.json) (`2023-11-13T00:15:08.153`) -* [CVE-2023-27434](CVE-2023/CVE-2023-274xx/CVE-2023-27434.json) (`2023-11-13T00:15:08.350`) -* [CVE-2023-27436](CVE-2023/CVE-2023-274xx/CVE-2023-27436.json) (`2023-11-13T00:15:08.537`) -* [CVE-2023-27438](CVE-2023/CVE-2023-274xx/CVE-2023-27438.json) (`2023-11-13T00:15:08.743`) -* [CVE-2023-27441](CVE-2023/CVE-2023-274xx/CVE-2023-27441.json) (`2023-11-13T00:15:08.937`) -* [CVE-2023-27445](CVE-2023/CVE-2023-274xx/CVE-2023-27445.json) (`2023-11-13T00:15:09.127`) +* [CVE-2023-26531](CVE-2023/CVE-2023-265xx/CVE-2023-26531.json) (`2023-11-13T01:15:07.410`) +* [CVE-2023-26543](CVE-2023/CVE-2023-265xx/CVE-2023-26543.json) (`2023-11-13T01:15:07.610`) +* [CVE-2023-46618](CVE-2023/CVE-2023-466xx/CVE-2023-46618.json) (`2023-11-13T01:15:07.813`) +* [CVE-2023-46619](CVE-2023/CVE-2023-466xx/CVE-2023-46619.json) (`2023-11-13T01:15:08.020`) +* [CVE-2023-46620](CVE-2023/CVE-2023-466xx/CVE-2023-46620.json) (`2023-11-13T01:15:08.210`) +* [CVE-2023-46625](CVE-2023/CVE-2023-466xx/CVE-2023-46625.json) (`2023-11-13T01:15:08.410`) +* [CVE-2023-46629](CVE-2023/CVE-2023-466xx/CVE-2023-46629.json) (`2023-11-13T01:15:08.617`) +* [CVE-2023-46636](CVE-2023/CVE-2023-466xx/CVE-2023-46636.json) (`2023-11-13T01:15:08.833`) +* [CVE-2023-46638](CVE-2023/CVE-2023-466xx/CVE-2023-46638.json) (`2023-11-13T01:15:09.017`) +* [CVE-2023-47230](CVE-2023/CVE-2023-472xx/CVE-2023-47230.json) (`2023-11-13T01:15:09.207`) +* [CVE-2023-32583](CVE-2023/CVE-2023-325xx/CVE-2023-32583.json) (`2023-11-13T02:15:07.650`) +* [CVE-2023-32588](CVE-2023/CVE-2023-325xx/CVE-2023-32588.json) (`2023-11-13T02:15:07.850`) +* [CVE-2023-33207](CVE-2023/CVE-2023-332xx/CVE-2023-33207.json) (`2023-11-13T02:15:08.037`) +* [CVE-2023-34378](CVE-2023/CVE-2023-343xx/CVE-2023-34378.json) (`2023-11-13T02:15:08.230`) +* [CVE-2023-34384](CVE-2023/CVE-2023-343xx/CVE-2023-34384.json) (`2023-11-13T02:15:08.423`) +* [CVE-2023-38363](CVE-2023/CVE-2023-383xx/CVE-2023-38363.json) (`2023-11-13T02:15:08.663`) +* [CVE-2023-38364](CVE-2023/CVE-2023-383xx/CVE-2023-38364.json) (`2023-11-13T02:15:08.840`) +* [CVE-2023-47669](CVE-2023/CVE-2023-476xx/CVE-2023-47669.json) (`2023-11-13T02:15:09.043`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -* [CVE-2019-13147](CVE-2019/CVE-2019-131xx/CVE-2019-13147.json) (`2023-11-12T23:15:07.857`) -* [CVE-2022-24599](CVE-2022/CVE-2022-245xx/CVE-2022-24599.json) (`2023-11-12T23:15:08.007`) ## Download and Usage