Auto-Update: 2024-04-07T04:00:29.839977+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-07 04:03:21 +00:00 · 2024-04-07 04:03:21 +00:00 · a7b0d384a8
commit a7b0d384a8
parent 8e4e50aafc
3 changed files with 359 additions and 335 deletions
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6877.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6877.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-6877",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-04-07T02:15:07.450",
+  "lastModified": "2024-04-07T02:15:07.450",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3012849/feedzy-rss-feeds",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d25e85f-28f7-4cc5-9856-25cc5aaf1418?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-07T02:00:29.445860+00:00
+2024-04-07T04:00:29.839977+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-07T01:17:53.437000+00:00
+2024-04-07T02:15:07.450000+00:00
 ```

 ### Last Data Feed Release
@ -33,44 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-244298
+244299
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `1`

+- [CVE-2023-6877](CVE-2023/CVE-2023-68xx/CVE-2023-6877.json) (`2024-04-07T02:15:07.450`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `305`
+Recently modified CVEs: `0`

- [CVE-2024-30572](CVE-2024/CVE-2024-305xx/CVE-2024-30572.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-31025](CVE-2024/CVE-2024-310xx/CVE-2024-31025.json) (`2024-04-04T12:48:41.700`)
- [CVE-2024-31080](CVE-2024/CVE-2024-310xx/CVE-2024-31080.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31081](CVE-2024/CVE-2024-310xx/CVE-2024-31081.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31082](CVE-2024/CVE-2024-310xx/CVE-2024-31082.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-3116](CVE-2024/CVE-2024-31xx/CVE-2024-3116.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31207](CVE-2024/CVE-2024-312xx/CVE-2024-31207.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31209](CVE-2024/CVE-2024-312xx/CVE-2024-31209.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31215](CVE-2024/CVE-2024-312xx/CVE-2024-31215.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-31392](CVE-2024/CVE-2024-313xx/CVE-2024-31392.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-31393](CVE-2024/CVE-2024-313xx/CVE-2024-31393.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-31419](CVE-2024/CVE-2024-314xx/CVE-2024-31419.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-31420](CVE-2024/CVE-2024-314xx/CVE-2024-31420.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-3180](CVE-2024/CVE-2024-31xx/CVE-2024-3180.json) (`2024-04-04T12:48:41.700`)
- [CVE-2024-3250](CVE-2024/CVE-2024-32xx/CVE-2024-3250.json) (`2024-04-04T22:15:09.350`)
- [CVE-2024-3254](CVE-2024/CVE-2024-32xx/CVE-2024-3254.json) (`2024-04-03T12:38:04.840`)
- [CVE-2024-3255](CVE-2024/CVE-2024-32xx/CVE-2024-3255.json) (`2024-04-03T12:38:04.840`)
- [CVE-2024-3256](CVE-2024/CVE-2024-32xx/CVE-2024-3256.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-3257](CVE-2024/CVE-2024-32xx/CVE-2024-3257.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-3258](CVE-2024/CVE-2024-32xx/CVE-2024-3258.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-3259](CVE-2024/CVE-2024-32xx/CVE-2024-3259.json) (`2024-04-03T17:24:18.150`)
- [CVE-2024-3262](CVE-2024/CVE-2024-32xx/CVE-2024-3262.json) (`2024-04-04T12:48:22.650`)
- [CVE-2024-3270](CVE-2024/CVE-2024-32xx/CVE-2024-3270.json) (`2024-04-04T12:48:41.700`)
- [CVE-2024-3298](CVE-2024/CVE-2024-32xx/CVE-2024-3298.json) (`2024-04-04T16:33:06.610`)
- [CVE-2024-3299](CVE-2024/CVE-2024-32xx/CVE-2024-3299.json) (`2024-04-04T16:33:06.610`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv