From b3187cde86d3cd69c73114274dd598d899975839 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 5 Jan 2024 11:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-05T11:00:26.148067+00:00 --- CVE-2020/CVE-2020-138xx/CVE-2020-13880.json | 20 ++++++++ CVE-2021/CVE-2021-229xx/CVE-2021-22930.json | 8 ++- CVE-2021/CVE-2021-229xx/CVE-2021-22931.json | 8 ++- CVE-2021/CVE-2021-229xx/CVE-2021-22939.json | 8 ++- CVE-2021/CVE-2021-229xx/CVE-2021-22940.json | 8 ++- CVE-2021/CVE-2021-36xx/CVE-2021-3672.json | 8 ++- CVE-2022/CVE-2022-49xx/CVE-2022-4904.json | 8 ++- CVE-2023/CVE-2023-500xx/CVE-2023-50027.json | 20 ++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50991.json | 20 ++++++++ CVE-2023/CVE-2023-515xx/CVE-2023-51535.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-515xx/CVE-2023-51538.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-515xx/CVE-2023-51539.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51668.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51673.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-516xx/CVE-2023-51678.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52119.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52120.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52121.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52122.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52123.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52127.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52128.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52129.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52130.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52136.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52145.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52149.json | 55 +++++++++++++++++++++ README.md | 43 +++++++++++----- 28 files changed, 1118 insertions(+), 23 deletions(-) create mode 100644 CVE-2020/CVE-2020-138xx/CVE-2020-13880.json create mode 100644 CVE-2023/CVE-2023-500xx/CVE-2023-50027.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50991.json create mode 100644 CVE-2023/CVE-2023-515xx/CVE-2023-51535.json create mode 100644 CVE-2023/CVE-2023-515xx/CVE-2023-51538.json create mode 100644 CVE-2023/CVE-2023-515xx/CVE-2023-51539.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51668.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51673.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51678.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52119.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52120.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52121.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52122.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52123.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52127.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52128.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52129.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52130.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52136.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52145.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52149.json diff --git a/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json b/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json new file mode 100644 index 00000000000..132410be256 --- /dev/null +++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-13880", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-05T09:15:08.587", + "lastModified": "2024-01-05T09:15:08.587", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/oicu0619/2de8f91ddc6b06b516475d5d67d7efba", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-229xx/CVE-2021-22930.json b/CVE-2021/CVE-2021-229xx/CVE-2021-22930.json index 466a15c672e..53128612580 100644 --- a/CVE-2021/CVE-2021-229xx/CVE-2021-22930.json +++ b/CVE-2021/CVE-2021-229xx/CVE-2021-22930.json @@ -2,8 +2,8 @@ "id": "CVE-2021-22930", "sourceIdentifier": "support@hackerone.com", "published": "2021-10-07T14:15:08.053", - "lastModified": "2022-11-03T20:41:26.027", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T10:15:07.943", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -197,6 +197,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "support@hackerone.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20211112-0002/", "source": "support@hackerone.com", diff --git a/CVE-2021/CVE-2021-229xx/CVE-2021-22931.json b/CVE-2021/CVE-2021-229xx/CVE-2021-22931.json index a0a81f02822..a7f94c4fc9f 100644 --- a/CVE-2021/CVE-2021-229xx/CVE-2021-22931.json +++ b/CVE-2021/CVE-2021-229xx/CVE-2021-22931.json @@ -2,8 +2,8 @@ "id": "CVE-2021-22931", "sourceIdentifier": "support@hackerone.com", "published": "2021-08-16T19:15:13.127", - "lastModified": "2022-08-12T18:27:10.267", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T10:15:09.183", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -255,6 +255,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "support@hackerone.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20210923-0001/", "source": "support@hackerone.com", diff --git a/CVE-2021/CVE-2021-229xx/CVE-2021-22939.json b/CVE-2021/CVE-2021-229xx/CVE-2021-22939.json index 310e1b3d43b..183268b218e 100644 --- a/CVE-2021/CVE-2021-229xx/CVE-2021-22939.json +++ b/CVE-2021/CVE-2021-229xx/CVE-2021-22939.json @@ -2,8 +2,8 @@ "id": "CVE-2021-22939", "sourceIdentifier": "support@hackerone.com", "published": "2021-08-16T19:15:13.897", - "lastModified": "2022-11-07T18:32:37.877", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T10:15:09.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -245,6 +245,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "support@hackerone.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20210917-0003/", "source": "support@hackerone.com", diff --git a/CVE-2021/CVE-2021-229xx/CVE-2021-22940.json b/CVE-2021/CVE-2021-229xx/CVE-2021-22940.json index 43affbd3db1..246efa65a3e 100644 --- a/CVE-2021/CVE-2021-229xx/CVE-2021-22940.json +++ b/CVE-2021/CVE-2021-229xx/CVE-2021-22940.json @@ -2,8 +2,8 @@ "id": "CVE-2021-22940", "sourceIdentifier": "support@hackerone.com", "published": "2021-08-16T19:15:13.987", - "lastModified": "2022-11-03T20:41:32.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T10:15:10.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -238,6 +238,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "support@hackerone.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20210923-0001/", "source": "support@hackerone.com", diff --git a/CVE-2021/CVE-2021-36xx/CVE-2021-3672.json b/CVE-2021/CVE-2021-36xx/CVE-2021-3672.json index 73336d927aa..b4099b8c9a9 100644 --- a/CVE-2021/CVE-2021-36xx/CVE-2021-3672.json +++ b/CVE-2021/CVE-2021-36xx/CVE-2021-3672.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3672", "sourceIdentifier": "secalert@redhat.com", "published": "2021-11-23T19:15:07.877", - "lastModified": "2022-10-18T14:57:14.040", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-05T10:15:10.213", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -362,6 +362,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "secalert@redhat.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4904.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4904.json index ba09689c970..35d407443fb 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4904.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4904.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4904", "sourceIdentifier": "secalert@redhat.com", "published": "2023-03-06T23:15:11.390", - "lastModified": "2023-11-07T03:59:17.603", + "lastModified": "2024-01-05T10:15:10.403", "vulnStatus": "Modified", "descriptions": [ { @@ -46,7 +46,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -134,6 +134,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "source": "secalert@redhat.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-02", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json new file mode 100644 index 00000000000..47539659bde --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50027", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-05T09:15:08.743", + "lastModified": "2024-01-05T09:15:08.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json new file mode 100644 index 00000000000..81720678de3 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50991", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-05T10:15:10.683", + "lastModified": "2024-01-05T10:15:10.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json new file mode 100644 index 00000000000..c51852448db --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51535", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:10.740", + "lastModified": "2024-01-05T10:15:10.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json new file mode 100644 index 00000000000..b83308de5d3 --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51538", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:11.090", + "lastModified": "2024-01-05T10:15:11.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin.This issue affects Awesome Support \u2013 WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json new file mode 100644 index 00000000000..bdfc427db52 --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51539", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:11.370", + "lastModified": "2024-01-05T10:15:11.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json new file mode 100644 index 00000000000..c2e947a4d31 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51668", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:11.727", + "lastModified": "2024-01-05T10:15:11.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/image-upload-for-bbpress/wordpress-inline-image-upload-for-bbpress-plugin-1-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json new file mode 100644 index 00000000000..edb03ef0f90 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51673", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:12.053", + "lastModified": "2024-01-05T10:15:12.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/stylish-price-list/wordpress-stylish-price-list-plugin-7-0-17-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json new file mode 100644 index 00000000000..85f2fe4e153 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51678", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:12.347", + "lastModified": "2024-01-05T10:15:12.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json new file mode 100644 index 00000000000..1bed02678a5 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52119", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:12.743", + "lastModified": "2024-01-05T10:15:12.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json new file mode 100644 index 00000000000..85b9d7408b5 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52120", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:13.110", + "lastModified": "2024-01-05T10:15:13.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more.This issue affects NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more: from n/a through 8.5.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json new file mode 100644 index 00000000000..64dc8420471 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52121", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:13.337", + "lastModified": "2024-01-05T10:15:13.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json new file mode 100644 index 00000000000..49e1c13bd47 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52122", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T10:15:13.683", + "lastModified": "2024-01-05T10:15:13.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json new file mode 100644 index 00000000000..5fc5f843ce4 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52123", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:08.800", + "lastModified": "2024-01-05T09:15:08.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json new file mode 100644 index 00000000000..f036322fd50 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52127", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:09.057", + "lastModified": "2024-01-05T09:15:09.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-product-bundle/wordpress-wpc-product-bundles-for-woocommerce-plugin-7-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json new file mode 100644 index 00000000000..58c6b9cd1b9 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52128", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:09.253", + "lastModified": "2024-01-05T09:15:09.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/white-label/wordpress-white-label-plugin-2-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json new file mode 100644 index 00000000000..9183c7df77a --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52129", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:09.443", + "lastModified": "2024-01-05T09:15:09.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json new file mode 100644 index 00000000000..f6098d1a7f1 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52130", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:09.657", + "lastModified": "2024-01-05T09:15:09.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json new file mode 100644 index 00000000000..da618fa559b --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52136", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:09.883", + "lastModified": "2024-01-05T09:15:09.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget: from n/a through 2.1.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-tweets-widget-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json new file mode 100644 index 00000000000..2834f13c0cb --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52145", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:10.117", + "lastModified": "2024-01-05T09:15:10.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/republish-old-posts/wordpress-republish-old-posts-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json new file mode 100644 index 00000000000..fc41d747b50 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52149", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T09:15:10.310", + "lastModified": "2024-01-05T09:15:10.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/floating-button/wordpress-floating-button-plugin-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c72dc1d8075..2c06ba7a28b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-05T09:00:25.886436+00:00 +2024-01-05T11:00:26.148067+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-05T08:15:43.573000+00:00 +2024-01-05T10:15:13.683000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234903 +234924 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `21` -* [CVE-2020-13878](CVE-2020/CVE-2020-138xx/CVE-2020-13878.json) (`2024-01-05T08:15:41.840`) -* [CVE-2020-13879](CVE-2020/CVE-2020-138xx/CVE-2020-13879.json) (`2024-01-05T08:15:42.663`) -* [CVE-2023-51502](CVE-2023/CVE-2023-515xx/CVE-2023-51502.json) (`2024-01-05T08:15:42.770`) -* [CVE-2023-52150](CVE-2023/CVE-2023-521xx/CVE-2023-52150.json) (`2024-01-05T08:15:43.077`) -* [CVE-2023-52178](CVE-2023/CVE-2023-521xx/CVE-2023-52178.json) (`2024-01-05T08:15:43.327`) -* [CVE-2023-52184](CVE-2023/CVE-2023-521xx/CVE-2023-52184.json) (`2024-01-05T08:15:43.573`) +* [CVE-2020-13880](CVE-2020/CVE-2020-138xx/CVE-2020-13880.json) (`2024-01-05T09:15:08.587`) +* [CVE-2023-50027](CVE-2023/CVE-2023-500xx/CVE-2023-50027.json) (`2024-01-05T09:15:08.743`) +* [CVE-2023-52123](CVE-2023/CVE-2023-521xx/CVE-2023-52123.json) (`2024-01-05T09:15:08.800`) +* [CVE-2023-52127](CVE-2023/CVE-2023-521xx/CVE-2023-52127.json) (`2024-01-05T09:15:09.057`) +* [CVE-2023-52128](CVE-2023/CVE-2023-521xx/CVE-2023-52128.json) (`2024-01-05T09:15:09.253`) +* [CVE-2023-52129](CVE-2023/CVE-2023-521xx/CVE-2023-52129.json) (`2024-01-05T09:15:09.443`) +* [CVE-2023-52130](CVE-2023/CVE-2023-521xx/CVE-2023-52130.json) (`2024-01-05T09:15:09.657`) +* [CVE-2023-52136](CVE-2023/CVE-2023-521xx/CVE-2023-52136.json) (`2024-01-05T09:15:09.883`) +* [CVE-2023-52145](CVE-2023/CVE-2023-521xx/CVE-2023-52145.json) (`2024-01-05T09:15:10.117`) +* [CVE-2023-52149](CVE-2023/CVE-2023-521xx/CVE-2023-52149.json) (`2024-01-05T09:15:10.310`) +* [CVE-2023-50991](CVE-2023/CVE-2023-509xx/CVE-2023-50991.json) (`2024-01-05T10:15:10.683`) +* [CVE-2023-51535](CVE-2023/CVE-2023-515xx/CVE-2023-51535.json) (`2024-01-05T10:15:10.740`) +* [CVE-2023-51538](CVE-2023/CVE-2023-515xx/CVE-2023-51538.json) (`2024-01-05T10:15:11.090`) +* [CVE-2023-51539](CVE-2023/CVE-2023-515xx/CVE-2023-51539.json) (`2024-01-05T10:15:11.370`) +* [CVE-2023-51668](CVE-2023/CVE-2023-516xx/CVE-2023-51668.json) (`2024-01-05T10:15:11.727`) +* [CVE-2023-51673](CVE-2023/CVE-2023-516xx/CVE-2023-51673.json) (`2024-01-05T10:15:12.053`) +* [CVE-2023-51678](CVE-2023/CVE-2023-516xx/CVE-2023-51678.json) (`2024-01-05T10:15:12.347`) +* [CVE-2023-52119](CVE-2023/CVE-2023-521xx/CVE-2023-52119.json) (`2024-01-05T10:15:12.743`) +* [CVE-2023-52120](CVE-2023/CVE-2023-521xx/CVE-2023-52120.json) (`2024-01-05T10:15:13.110`) +* [CVE-2023-52121](CVE-2023/CVE-2023-521xx/CVE-2023-52121.json) (`2024-01-05T10:15:13.337`) +* [CVE-2023-52122](CVE-2023/CVE-2023-521xx/CVE-2023-52122.json) (`2024-01-05T10:15:13.683`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `6` +* [CVE-2021-22930](CVE-2021/CVE-2021-229xx/CVE-2021-22930.json) (`2024-01-05T10:15:07.943`) +* [CVE-2021-22931](CVE-2021/CVE-2021-229xx/CVE-2021-22931.json) (`2024-01-05T10:15:09.183`) +* [CVE-2021-22939](CVE-2021/CVE-2021-229xx/CVE-2021-22939.json) (`2024-01-05T10:15:09.860`) +* [CVE-2021-22940](CVE-2021/CVE-2021-229xx/CVE-2021-22940.json) (`2024-01-05T10:15:10.103`) +* [CVE-2021-3672](CVE-2021/CVE-2021-36xx/CVE-2021-3672.json) (`2024-01-05T10:15:10.213`) +* [CVE-2022-4904](CVE-2022/CVE-2022-49xx/CVE-2022-4904.json) (`2024-01-05T10:15:10.403`) ## Download and Usage