Auto-Update: 2024-01-01T17:00:24.575509+00:00

CVE-2023/CVE-2023-58xx/CVE-2023-5877.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-5877",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:42.727",
+  "lastModified": "2024-01-01T15:15:42.727",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/39ed4934-3d91-4924-8acc-25759fef9e81",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-60xx/CVE-2023-6000.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-6000",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.100",
+  "lastModified": "2024-01-01T15:15:43.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-60xx/CVE-2023-6037.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-6037",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.147",
+  "lastModified": "2024-01-01T15:15:43.147",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/753df046-9fd7-4d15-9114-45cde6d6539b",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-60xx/CVE-2023-6064.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-6064",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.197",
+  "lastModified": "2024-01-01T15:15:43.197",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/423c8881-628b-4380-9677-65b3f5165efe",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-61xx/CVE-2023-6113.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-6113",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.243",
+  "lastModified": "2024-01-01T15:15:43.243",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-62xx/CVE-2023-6271.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-6271",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.293",
+  "lastModified": "2024-01-01T15:15:43.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://research.cleantalk.org/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/7ac217db-f332-404b-a265-6dc86fe747b9",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-64xx/CVE-2023-6421.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-6421",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.347",
+  "lastModified": "2024-01-01T15:15:43.347",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-64xx/CVE-2023-6485.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-6485",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-01-01T15:15:43.393",
+  "lastModified": "2024-01-01T15:15:43.393",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-01T09:00:24.647791+00:00
+2024-01-01T17:00:24.575509+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-01T08:15:36.087000+00:00
+2024-01-01T15:15:43.393000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,14 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-234610
+234618
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `8`
 
-* [CVE-2024-21732](CVE-2024/CVE-2024-217xx/CVE-2024-21732.json) (`2024-01-01T08:15:36.087`)
+* [CVE-2023-5877](CVE-2023/CVE-2023-58xx/CVE-2023-5877.json) (`2024-01-01T15:15:42.727`)
+* [CVE-2023-6000](CVE-2023/CVE-2023-60xx/CVE-2023-6000.json) (`2024-01-01T15:15:43.100`)
+* [CVE-2023-6037](CVE-2023/CVE-2023-60xx/CVE-2023-6037.json) (`2024-01-01T15:15:43.147`)
+* [CVE-2023-6064](CVE-2023/CVE-2023-60xx/CVE-2023-6064.json) (`2024-01-01T15:15:43.197`)
+* [CVE-2023-6113](CVE-2023/CVE-2023-61xx/CVE-2023-6113.json) (`2024-01-01T15:15:43.243`)
+* [CVE-2023-6271](CVE-2023/CVE-2023-62xx/CVE-2023-6271.json) (`2024-01-01T15:15:43.293`)
+* [CVE-2023-6421](CVE-2023/CVE-2023-64xx/CVE-2023-6421.json) (`2024-01-01T15:15:43.347`)
+* [CVE-2023-6485](CVE-2023/CVE-2023-64xx/CVE-2023-6485.json) (`2024-01-01T15:15:43.393`)
 
 
 ### CVEs modified in the last Commit