From 9bed9e3ca3b8075caa5b9e0fe260c52e7bc93203 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Wed, 16 Aug 2023 06:00:38 +0000
Subject: [PATCH] Auto-Update: 2023-08-16T06:00:35.231234+00:00

---
 CVE-2023/CVE-2023-261xx/CVE-2023-26140.json | 51 ++++++++++++++++
 CVE-2023/CVE-2023-39xx/CVE-2023-3958.json   | 67 +++++++++++++++++++++
 CVE-2023/CVE-2023-43xx/CVE-2023-4374.json   | 63 +++++++++++++++++++
 README.md                                   | 24 +++-----
 4 files changed, 189 insertions(+), 16 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-261xx/CVE-2023-26140.json
 create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3958.json
 create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4374.json

diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json
new file mode 100644
index 00000000000..a0fdd565315
--- /dev/null
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json
@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-26140",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2023-08-16T05:15:09.810",
+  "lastModified": "2023-08-16T05:15:09.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/excalidraw/excalidraw/commit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/excalidraw/excalidraw/pull/6728",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658",
+      "source": "report@snyk.io"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json
new file mode 100644
index 00000000000..b662af9369e
--- /dev/null
+++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json
@@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-3958",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-16T05:15:10.220",
+  "lastModified": "2023-08-16T05:15:10.220",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-remote-users-sync/trunk/inc/api/class-wprus-api-abstract.php#L674",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2946667/wp-remote-users-sync#file127",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2953845/wp-remote-users-sync#file0",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json
new file mode 100644
index 00000000000..51dacf769b1
--- /dev/null
+++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json
@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4374",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-16T05:15:10.357",
+  "lastModified": "2023-08-16T05:15:10.357",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-remote-users-sync/trunk/inc/class-wprus-logger.php#L117",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2946667/wp-remote-users-sync#file130",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 6cbb2ecca3d..298350e8730 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-08-16T04:00:30.518548+00:00
+2023-08-16T06:00:35.231234+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-08-16T03:15:29.050000+00:00
+2023-08-16T05:15:10.357000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,30 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-222767
+222770
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `3`
 
+* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T05:15:09.810`)
+* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T05:15:10.220`)
+* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T05:15:10.357`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `11`
+Recently modified CVEs: `0`
 
-* [CVE-2019-19921](CVE-2019/CVE-2019-199xx/CVE-2019-19921.json) (`2023-08-16T03:15:09.430`)
-* [CVE-2022-40982](CVE-2022/CVE-2022-409xx/CVE-2022-40982.json) (`2023-08-16T03:15:11.310`)
-* [CVE-2022-41804](CVE-2022/CVE-2022-418xx/CVE-2022-41804.json) (`2023-08-16T03:15:22.103`)
-* [CVE-2023-0871](CVE-2023/CVE-2023-08xx/CVE-2023-0871.json) (`2023-08-16T03:15:25.313`)
-* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-16T03:15:26.010`)
-* [CVE-2023-23908](CVE-2023/CVE-2023-239xx/CVE-2023-23908.json) (`2023-08-16T03:15:26.350`)
-* [CVE-2023-27561](CVE-2023/CVE-2023-275xx/CVE-2023-27561.json) (`2023-08-16T03:15:26.440`)
-* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-16T03:15:28.467`)
-* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-08-16T03:15:28.537`)
-* [CVE-2023-32006](CVE-2023/CVE-2023-320xx/CVE-2023-32006.json) (`2023-08-16T03:15:28.987`)
-* [CVE-2023-38559](CVE-2023/CVE-2023-385xx/CVE-2023-38559.json) (`2023-08-16T03:15:29.050`)
 
 
 ## Download and Usage