diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json new file mode 100644 index 00000000000..67f931bf4c2 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5877", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:42.727", + "lastModified": "2024-01-01T15:15:42.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/39ed4934-3d91-4924-8acc-25759fef9e81", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json new file mode 100644 index 00000000000..39190227ce1 --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6000", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.100", + "lastModified": "2024-01-01T15:15:43.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json new file mode 100644 index 00000000000..14a925c74ee --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6037", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.147", + "lastModified": "2024-01-01T15:15:43.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/753df046-9fd7-4d15-9114-45cde6d6539b", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json new file mode 100644 index 00000000000..f81bbeddbda --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6064", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.197", + "lastModified": "2024-01-01T15:15:43.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/423c8881-628b-4380-9677-65b3f5165efe", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json new file mode 100644 index 00000000000..ae5031b659a --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6113", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.243", + "lastModified": "2024-01-01T15:15:43.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json new file mode 100644 index 00000000000..75665d55d68 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6271", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.293", + "lastModified": "2024-01-01T15:15:43.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json new file mode 100644 index 00000000000..3efc0fc5efe --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6421", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.347", + "lastModified": "2024-01-01T15:15:43.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json new file mode 100644 index 00000000000..5982953d050 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6485", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-01T15:15:43.393", + "lastModified": "2024-01-01T15:15:43.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1c660638c1f..b86b0eb4b62 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-01T09:00:24.647791+00:00 +2024-01-01T17:00:24.575509+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-01T08:15:36.087000+00:00 +2024-01-01T15:15:43.393000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234610 +234618 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `8` -* [CVE-2024-21732](CVE-2024/CVE-2024-217xx/CVE-2024-21732.json) (`2024-01-01T08:15:36.087`) +* [CVE-2023-5877](CVE-2023/CVE-2023-58xx/CVE-2023-5877.json) (`2024-01-01T15:15:42.727`) +* [CVE-2023-6000](CVE-2023/CVE-2023-60xx/CVE-2023-6000.json) (`2024-01-01T15:15:43.100`) +* [CVE-2023-6037](CVE-2023/CVE-2023-60xx/CVE-2023-6037.json) (`2024-01-01T15:15:43.147`) +* [CVE-2023-6064](CVE-2023/CVE-2023-60xx/CVE-2023-6064.json) (`2024-01-01T15:15:43.197`) +* [CVE-2023-6113](CVE-2023/CVE-2023-61xx/CVE-2023-6113.json) (`2024-01-01T15:15:43.243`) +* [CVE-2023-6271](CVE-2023/CVE-2023-62xx/CVE-2023-6271.json) (`2024-01-01T15:15:43.293`) +* [CVE-2023-6421](CVE-2023/CVE-2023-64xx/CVE-2023-6421.json) (`2024-01-01T15:15:43.347`) +* [CVE-2023-6485](CVE-2023/CVE-2023-64xx/CVE-2023-6485.json) (`2024-01-01T15:15:43.393`) ### CVEs modified in the last Commit