Auto-Update: 2023-06-03T02:00:24.676648+00:00

2025-07-11 16:13:34 +00:00 · 2023-06-03 02:00:28 +00:00 · 2023-06-03 02:00:28 +00:00 · cccfcad9ee
commit cccfcad9ee
parent a9ff2852ce
9 changed files with 484 additions and 17 deletions
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2781.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2781.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-2781",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-03T00:15:09.353",
+  "lastModified": "2023-06-03T00:15:09.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-confirmation-email/tags/3.5.0/public/class-xlwuev-woocommerce-confirmation-email-public.php#L143",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-confirmation-email/tags/3.5.0/public/class-xlwuev-woocommerce-confirmation-email-public.php#L332",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/woo-confirmation-email/tags/3.5.0/public/class-xlwuev-woocommerce-confirmation-email-public.php#L506",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e31357-7fbc-414b-a4f4-53fa5f2fc715?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2998.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2998.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-2998",
  "sourceIdentifier": "security@huntr.dev",
  "published": "2023-05-31T01:15:43.103",
-  "lastModified": "2023-05-31T13:02:26.480",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-03T00:44:42.607",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -11,6 +11,28 @@
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "security@huntr.dev",
@ -46,14 +68,38 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "3.1.14",
+              "matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493",
-      "source": "security@huntr.dev"
+      "source": "security@huntr.dev",
+      "tags": [
+        "Patch"
+      ]
    },
    {
      "url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78",
-      "source": "security@huntr.dev"
+      "source": "security@huntr.dev",
+      "tags": [
+        "Permissions Required"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2999.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2999.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-2999",
  "sourceIdentifier": "security@huntr.dev",
  "published": "2023-05-31T01:15:43.163",
-  "lastModified": "2023-05-31T13:02:26.480",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-03T00:44:02.940",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -11,6 +11,28 @@
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "security@huntr.dev",
@ -46,14 +68,38 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "3.1.14",
+              "matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd",
-      "source": "security@huntr.dev"
+      "source": "security@huntr.dev",
+      "tags": [
+        "Patch"
+      ]
    },
    {
      "url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620",
-      "source": "security@huntr.dev"
+      "source": "security@huntr.dev",
+      "tags": [
+        "Permissions Required"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3051.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3051.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3051",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-03T00:15:09.437",
+  "lastModified": "2023-06-03T00:15:09.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2845",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2856",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24486605-9324-4f19-9ca3-340d006432db?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3052.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3052.json
@ -0,0 +1,75 @@
+{
+  "id": "CVE-2023-3052",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-03T00:15:09.503",
+  "lastModified": "2023-06-03T00:15:09.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4085",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4137",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4159",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4174",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4190",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e26035-ce4e-4b4b-aa3c-cd86b29b199a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3053.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3053.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3053",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-03T00:15:09.570",
+  "lastModified": "2023-06-03T00:15:09.570",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4085",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4137",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd56cb73-1c40-44b1-b713-c0291832d988?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3055.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3055.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3055",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-03T00:15:09.637",
+  "lastModified": "2023-06-03T00:15:09.637",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2721",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2efeffa2-b21a-4aa1-93b0-51c775758ab1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33143.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33143.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-33143",
+  "sourceIdentifier": "secure@microsoft.com",
+  "published": "2023-06-03T01:15:36.693",
+  "lastModified": "2023-06-03T01:15:36.693",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secure@microsoft.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.3
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33143",
+      "source": "secure@microsoft.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-02T23:55:24.031725+00:00
+2023-06-03T02:00:24.676648+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-02T23:15:09.580000+00:00
+2023-06-03T01:15:36.693000+00:00
 ```

 ### Last Data Feed Release
@ -23,28 +23,33 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-06-02T00:00:13.581584+00:00
+2023-06-03T00:00:13.572904+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-216791
+216797
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `6`

-* [CVE-2023-1297](CVE-2023/CVE-2023-12xx/CVE-2023-1297.json) (`2023-06-02T23:15:09.293`)
-* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-02T23:15:09.503`)
-* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-02T23:15:09.580`)
+* [CVE-2023-2781](CVE-2023/CVE-2023-27xx/CVE-2023-2781.json) (`2023-06-03T00:15:09.353`)
+* [CVE-2023-3051](CVE-2023/CVE-2023-30xx/CVE-2023-3051.json) (`2023-06-03T00:15:09.437`)
+* [CVE-2023-3052](CVE-2023/CVE-2023-30xx/CVE-2023-3052.json) (`2023-06-03T00:15:09.503`)
+* [CVE-2023-3053](CVE-2023/CVE-2023-30xx/CVE-2023-3053.json) (`2023-06-03T00:15:09.570`)
+* [CVE-2023-3055](CVE-2023/CVE-2023-30xx/CVE-2023-3055.json) (`2023-06-03T00:15:09.637`)
+* [CVE-2023-33143](CVE-2023/CVE-2023-331xx/CVE-2023-33143.json) (`2023-06-03T01:15:36.693`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `2`

+* [CVE-2023-2999](CVE-2023/CVE-2023-29xx/CVE-2023-2999.json) (`2023-06-03T00:44:02.940`)
+* [CVE-2023-2998](CVE-2023/CVE-2023-29xx/CVE-2023-2998.json) (`2023-06-03T00:44:42.607`)


 ## Download and Usage