admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-12T08:00:26.231985+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-12 08:00:29 +00:00
parent 6a4c3b7c7e
commit c6bb73cb3f
12 changed files with 876 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
CVE-2020/CVE-2020-367xx/CVE-2020-36756.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2020-36756",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.203",
"lastModified": "2023-07-12T07:15:09.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2371142%40wd-google-analytics&new=2371142%40wd-google-analytics&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db29f17d-1d2b-4f78-a78d-1579e2a5d975?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2020/CVE-2020-367xx/CVE-2020-36757.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2020-36757",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.440",
"lastModified": "2023-07-12T07:15:09.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368289%40wp-hotel-booking&new=2368289%40wp-hotel-booking&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4419.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4419",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.577",
"lastModified": "2023-07-12T07:15:09.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-backgrounds-lite/trunk/inoplugs_background_plugin.php#L179",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7a05894-8f9d-442f-961c-2e80aa25c3db?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4420.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4420",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.747",
"lastModified": "2023-07-12T07:15:09.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2603629%40sell-media&new=2603629%40sell-media&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da4592b6-5e84-4a89-9ade-6cc227740d32?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4421.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4421",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.863",
"lastModified": "2023-07-12T07:15:09.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548724%40advanced-popups&new=2548724%40advanced-popups&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7b51e5-6eb7-41ba-add3-f083fb34c5e1?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4422.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4422",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.997",
"lastModified": "2023-07-12T07:15:09.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473579%40post-smtp&new=2473579%40post-smtp&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e018ca7c-06dd-4d40-91d4-4ed188b8aaf2?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4423.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4423",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:10.120",
"lastModified": "2023-07-12T07:15:10.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated attackers to update post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2572600/rays-grid/trunk/includes/class-db.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5911815-db53-46f2-a16d-ed21be20bbfb?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2021/CVE-2021-44xx/CVE-2021-4424.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2021-4424",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:10.240",
"lastModified": "2023-07-12T07:15:10.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2548890/slider-hero/trunk/qcld-slider-main.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d195cd-4df8-4926-b834-d695fc05f81d?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2023/CVE-2023-371xx/CVE-2023-37196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37196",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T07:15:10.377",
"lastModified": "2023-07-12T07:15:10.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the alert settings of endpoints on DCE.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf",
"source": "cybersecurity@se.com"
}
]
}

55
CVE-2023/CVE-2023-371xx/CVE-2023-37197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37197",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T07:15:10.500",
"lastModified": "2023-07-12T07:15:10.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the mass configuration settings of endpoints on DCE. \n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf",
"source": "cybersecurity@se.com"
}
]
}

55
CVE-2023/CVE-2023-371xx/CVE-2023-37198.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37198",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T07:15:10.597",
"lastModified": "2023-07-12T07:15:10.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\ncould cause remote code execution when an admin user on DCE uploads or tampers with install\npackages. \n\n \n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf",
"source": "cybersecurity@se.com"
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-12T06:00:28.628616+00:00
2023-07-12T08:00:26.231985+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-12T05:15:10.770000+00:00
2023-07-12T07:15:10.597000+00:00
```
### Last Data Feed Release
@ -29,38 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219969
219980
```
### CVEs added in the last Commit
Recently added CVEs: `37`
Recently added CVEs: `11`
* [CVE-2021-4417](CVE-2021/CVE-2021-44xx/CVE-2021-4417.json) (`2023-07-12T04:15:11.437`)
* [CVE-2023-2517](CVE-2023/CVE-2023-25xx/CVE-2023-2517.json) (`2023-07-12T05:15:09.010`)
* [CVE-2023-2561](CVE-2023/CVE-2023-25xx/CVE-2023-2561.json) (`2023-07-12T05:15:09.097`)
* [CVE-2023-2562](CVE-2023/CVE-2023-25xx/CVE-2023-2562.json) (`2023-07-12T05:15:09.180`)
* [CVE-2023-2869](CVE-2023/CVE-2023-28xx/CVE-2023-2869.json) (`2023-07-12T05:15:09.263`)
* [CVE-2023-3011](CVE-2023/CVE-2023-30xx/CVE-2023-3011.json) (`2023-07-12T05:15:09.350`)
* [CVE-2023-3023](CVE-2023/CVE-2023-30xx/CVE-2023-3023.json) (`2023-07-12T05:15:09.427`)
* [CVE-2023-3080](CVE-2023/CVE-2023-30xx/CVE-2023-3080.json) (`2023-07-12T05:15:09.513`)
* [CVE-2023-3081](CVE-2023/CVE-2023-30xx/CVE-2023-3081.json) (`2023-07-12T05:15:09.597`)
* [CVE-2023-3082](CVE-2023/CVE-2023-30xx/CVE-2023-3082.json) (`2023-07-12T05:15:09.677`)
* [CVE-2023-3087](CVE-2023/CVE-2023-30xx/CVE-2023-3087.json) (`2023-07-12T05:15:09.747`)
* [CVE-2023-3088](CVE-2023/CVE-2023-30xx/CVE-2023-3088.json) (`2023-07-12T05:15:09.823`)
* [CVE-2023-3092](CVE-2023/CVE-2023-30xx/CVE-2023-3092.json) (`2023-07-12T05:15:09.900`)
* [CVE-2023-3093](CVE-2023/CVE-2023-30xx/CVE-2023-3093.json) (`2023-07-12T05:15:09.980`)
* [CVE-2023-3105](CVE-2023/CVE-2023-31xx/CVE-2023-3105.json) (`2023-07-12T05:15:10.053`)
* [CVE-2023-3122](CVE-2023/CVE-2023-31xx/CVE-2023-3122.json) (`2023-07-12T05:15:10.133`)
* [CVE-2023-3135](CVE-2023/CVE-2023-31xx/CVE-2023-3135.json) (`2023-07-12T05:15:10.207`)
* [CVE-2023-3158](CVE-2023/CVE-2023-31xx/CVE-2023-3158.json) (`2023-07-12T05:15:10.277`)
* [CVE-2023-3166](CVE-2023/CVE-2023-31xx/CVE-2023-3166.json) (`2023-07-12T05:15:10.347`)
* [CVE-2023-3167](CVE-2023/CVE-2023-31xx/CVE-2023-3167.json) (`2023-07-12T05:15:10.417`)
* [CVE-2023-3168](CVE-2023/CVE-2023-31xx/CVE-2023-3168.json) (`2023-07-12T05:15:10.487`)
* [CVE-2023-3199](CVE-2023/CVE-2023-31xx/CVE-2023-3199.json) (`2023-07-12T05:15:10.553`)
* [CVE-2023-3202](CVE-2023/CVE-2023-32xx/CVE-2023-3202.json) (`2023-07-12T05:15:10.623`)
* [CVE-2023-3369](CVE-2023/CVE-2023-33xx/CVE-2023-3369.json) (`2023-07-12T05:15:10.693`)
* [CVE-2023-3525](CVE-2023/CVE-2023-35xx/CVE-2023-3525.json) (`2023-07-12T05:15:10.770`)
* [CVE-2020-36756](CVE-2020/CVE-2020-367xx/CVE-2020-36756.json) (`2023-07-12T07:15:09.203`)
* [CVE-2020-36757](CVE-2020/CVE-2020-367xx/CVE-2020-36757.json) (`2023-07-12T07:15:09.440`)
* [CVE-2021-4419](CVE-2021/CVE-2021-44xx/CVE-2021-4419.json) (`2023-07-12T07:15:09.577`)
* [CVE-2021-4420](CVE-2021/CVE-2021-44xx/CVE-2021-4420.json) (`2023-07-12T07:15:09.747`)
* [CVE-2021-4421](CVE-2021/CVE-2021-44xx/CVE-2021-4421.json) (`2023-07-12T07:15:09.863`)
* [CVE-2021-4422](CVE-2021/CVE-2021-44xx/CVE-2021-4422.json) (`2023-07-12T07:15:09.997`)
* [CVE-2021-4423](CVE-2021/CVE-2021-44xx/CVE-2021-4423.json) (`2023-07-12T07:15:10.120`)
* [CVE-2021-4424](CVE-2021/CVE-2021-44xx/CVE-2021-4424.json) (`2023-07-12T07:15:10.240`)
* [CVE-2023-37196](CVE-2023/CVE-2023-371xx/CVE-2023-37196.json) (`2023-07-12T07:15:10.377`)
* [CVE-2023-37197](CVE-2023/CVE-2023-371xx/CVE-2023-37197.json) (`2023-07-12T07:15:10.500`)
* [CVE-2023-37198](CVE-2023/CVE-2023-371xx/CVE-2023-37198.json) (`2023-07-12T07:15:10.597`)
### CVEs modified in the last Commit