diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json new file mode 100644 index 00000000000..eb78e1ab833 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52221", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:56.907", + "lastModified": "2024-01-24T12:15:56.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json new file mode 100644 index 00000000000..421bd967199 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22134", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:57.297", + "lastModified": "2024-01-24T12:15:57.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json new file mode 100644 index 00000000000..f831fc92dfa --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22135", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:57.500", + "lastModified": "2024-01-24T12:15:57.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json new file mode 100644 index 00000000000..608d866aec4 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22152", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:57.700", + "lastModified": "2024-01-24T12:15:57.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json new file mode 100644 index 00000000000..22466a11baa --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22284", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:57.893", + "lastModified": "2024-01-24T12:15:57.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json new file mode 100644 index 00000000000..5e903e3fe64 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22294", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:58.093", + "lastModified": "2024-01-24T12:15:58.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json new file mode 100644 index 00000000000..86123e45bfd --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22301", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:58.290", + "lastModified": "2024-01-24T12:15:58.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json new file mode 100644 index 00000000000..05faba2bff6 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22308", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:58.483", + "lastModified": "2024-01-24T12:15:58.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22309.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22309.json new file mode 100644 index 00000000000..239c7e3aac5 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22309.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22309", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-24T12:15:58.677", + "lastModified": "2024-01-24T12:15:58.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ab30310e24c..5a11d42fec5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-24T11:00:24.811529+00:00 +2024-01-24T13:00:24.229357+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-24T10:15:09.533000+00:00 +2024-01-24T12:15:58.677000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236719 +236728 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `9` -* [CVE-2023-43988](CVE-2023/CVE-2023-439xx/CVE-2023-43988.json) (`2024-01-24T10:15:08.357`) -* [CVE-2023-43989](CVE-2023/CVE-2023-439xx/CVE-2023-43989.json) (`2024-01-24T10:15:08.410`) -* [CVE-2023-43990](CVE-2023/CVE-2023-439xx/CVE-2023-43990.json) (`2024-01-24T10:15:08.463`) -* [CVE-2023-43991](CVE-2023/CVE-2023-439xx/CVE-2023-43991.json) (`2024-01-24T10:15:08.510`) -* [CVE-2023-43992](CVE-2023/CVE-2023-439xx/CVE-2023-43992.json) (`2024-01-24T10:15:08.670`) -* [CVE-2023-43993](CVE-2023/CVE-2023-439xx/CVE-2023-43993.json) (`2024-01-24T10:15:08.843`) -* [CVE-2023-43994](CVE-2023/CVE-2023-439xx/CVE-2023-43994.json) (`2024-01-24T10:15:08.897`) -* [CVE-2023-43995](CVE-2023/CVE-2023-439xx/CVE-2023-43995.json) (`2024-01-24T10:15:08.950`) -* [CVE-2023-43996](CVE-2023/CVE-2023-439xx/CVE-2023-43996.json) (`2024-01-24T10:15:09.003`) -* [CVE-2023-43997](CVE-2023/CVE-2023-439xx/CVE-2023-43997.json) (`2024-01-24T10:15:09.140`) -* [CVE-2023-43998](CVE-2023/CVE-2023-439xx/CVE-2023-43998.json) (`2024-01-24T10:15:09.287`) -* [CVE-2023-43999](CVE-2023/CVE-2023-439xx/CVE-2023-43999.json) (`2024-01-24T10:15:09.343`) -* [CVE-2023-44000](CVE-2023/CVE-2023-440xx/CVE-2023-44000.json) (`2024-01-24T10:15:09.393`) -* [CVE-2023-44001](CVE-2023/CVE-2023-440xx/CVE-2023-44001.json) (`2024-01-24T10:15:09.440`) -* [CVE-2024-0854](CVE-2024/CVE-2024-08xx/CVE-2024-0854.json) (`2024-01-24T10:15:09.533`) +* [CVE-2023-52221](CVE-2023/CVE-2023-522xx/CVE-2023-52221.json) (`2024-01-24T12:15:56.907`) +* [CVE-2024-22134](CVE-2024/CVE-2024-221xx/CVE-2024-22134.json) (`2024-01-24T12:15:57.297`) +* [CVE-2024-22135](CVE-2024/CVE-2024-221xx/CVE-2024-22135.json) (`2024-01-24T12:15:57.500`) +* [CVE-2024-22152](CVE-2024/CVE-2024-221xx/CVE-2024-22152.json) (`2024-01-24T12:15:57.700`) +* [CVE-2024-22284](CVE-2024/CVE-2024-222xx/CVE-2024-22284.json) (`2024-01-24T12:15:57.893`) +* [CVE-2024-22294](CVE-2024/CVE-2024-222xx/CVE-2024-22294.json) (`2024-01-24T12:15:58.093`) +* [CVE-2024-22301](CVE-2024/CVE-2024-223xx/CVE-2024-22301.json) (`2024-01-24T12:15:58.290`) +* [CVE-2024-22308](CVE-2024/CVE-2024-223xx/CVE-2024-22308.json) (`2024-01-24T12:15:58.483`) +* [CVE-2024-22309](CVE-2024/CVE-2024-223xx/CVE-2024-22309.json) (`2024-01-24T12:15:58.677`) ### CVEs modified in the last Commit