Auto-Update: 2023-07-31T12:00:26.987331+00:00

2025-05-08 11:37:26 +00:00 · 2023-07-31 12:00:30 +00:00 · 2023-07-31 12:00:30 +00:00 · 96ebe7188b
commit 96ebe7188b
parent 849b534d52
10 changed files with 276 additions and 8 deletions
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-4888",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:09.987",
+  "lastModified": "2023-07-31T10:15:09.987",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-0602",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.333",
+  "lastModified": "2023-07-31T10:15:10.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3130",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.420",
+  "lastModified": "2023-07-31T10:15:10.420",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/6e167864-c304-402e-8b2d-d47b5a3767d1",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3134",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.500",
+  "lastModified": "2023-07-31T10:15:10.500",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3292",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.577",
+  "lastModified": "2023-07-31T10:15:10.577",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d993c385-c3ad-49a6-b079-3a1b090864c8",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3345",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.653",
+  "lastModified": "2023-07-31T10:15:10.653",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3417",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-07-24T11:15:09.953",
-  "lastModified": "2023-07-31T04:15:09.987",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-07-31T10:15:10.727",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
@ -16,6 +16,10 @@
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1835582",
      "source": "security@mozilla.org"
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00032.html",
+      "source": "security@mozilla.org"
+    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5463",
      "source": "security@mozilla.org"
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3507",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.847",
+  "lastModified": "2023-07-31T10:15:10.847",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/e72bbe9b-e51d-40ab-820d-404e0cb86ee6",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3508",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-07-31T10:15:10.923",
+  "lastModified": "2023-07-31T10:15:10.923",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-31T08:00:26.351894+00:00
+2023-07-31T12:00:26.987331+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-31T06:15:09.873000+00:00
+2023-07-31T10:15:10.923000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-221294
+221302
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `8`

-* [CVE-2023-34360](CVE-2023/CVE-2023-343xx/CVE-2023-34360.json) (`2023-07-31T06:15:09.873`)
+* [CVE-2022-4888](CVE-2022/CVE-2022-48xx/CVE-2022-4888.json) (`2023-07-31T10:15:09.987`)
+* [CVE-2023-0602](CVE-2023/CVE-2023-06xx/CVE-2023-0602.json) (`2023-07-31T10:15:10.333`)
+* [CVE-2023-3130](CVE-2023/CVE-2023-31xx/CVE-2023-3130.json) (`2023-07-31T10:15:10.420`)
+* [CVE-2023-3134](CVE-2023/CVE-2023-31xx/CVE-2023-3134.json) (`2023-07-31T10:15:10.500`)
+* [CVE-2023-3292](CVE-2023/CVE-2023-32xx/CVE-2023-3292.json) (`2023-07-31T10:15:10.577`)
+* [CVE-2023-3345](CVE-2023/CVE-2023-33xx/CVE-2023-3345.json) (`2023-07-31T10:15:10.653`)
+* [CVE-2023-3507](CVE-2023/CVE-2023-35xx/CVE-2023-3507.json) (`2023-07-31T10:15:10.847`)
+* [CVE-2023-3508](CVE-2023/CVE-2023-35xx/CVE-2023-3508.json) (`2023-07-31T10:15:10.923`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-07-31T10:15:10.727`)


 ## Download and Usage