Auto-Update: 2023-06-24T04:00:26.095666+00:00

CVE-2023/CVE-2023-17xx/CVE-2023-1722.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-1722",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-06-24T02:15:08.233",
+  "lastModified": "2023-06-24T02:15:08.233",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/wyckoff/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-31xx/CVE-2023-3197.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3197",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-24T03:15:09.080",
+  "lastModified": "2023-06-24T03:15:09.080",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2929891/mstore-api/trunk/controllers/helpers/vendor-wcfm.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30aab1af-a78f-4bac-b3c5-30ea854ccef7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-325xx/CVE-2023-32570.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-32570",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-05-10T05:15:12.190",
-  "lastModified": "2023-05-16T20:48:09.520",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-24T03:15:08.947",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -78,6 +78,10 @@
       "tags": [
         "Release Notes"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-33xx/CVE-2023-3387.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3387",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-24T03:15:09.157",
+  "lastModified": "2023-06-24T03:15:09.157",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/lana-text-to-image/tags/1.0.0/lana-text-to-image.php#L97",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2929913/lana-text-to-image",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8acb7893-85b2-404a-b3fe-b4c1a835b3eb?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-33xx/CVE-2023-3388.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3388",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-24T03:15:09.230",
+  "lastModified": "2023-06-24T03:15:09.230",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2857982%40beautiful-and-responsive-cookie-consent&new=2857982%40beautiful-and-responsive-cookie-consent&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/blog/2023/05/wordfence-firewall-blocks-bizarre-large-scale-xss-campaign/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542a4079-b1a2-49bc-9ddd-ba7978c9992e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-349xx/CVE-2023-34969.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-34969",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-06-08T03:15:08.970",
-  "lastModified": "2023-06-20T17:44:56.137",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-24T03:15:09.013",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -94,6 +94,10 @@
         "Patch",
         "Vendor Advisory"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/",
+      "source": "cve@mitre.org"
     }
   ]
 }

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-24T02:00:26.207473+00:00
+2023-06-24T04:00:26.095666+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-24T01:38:28.907000+00:00
+2023-06-24T03:15:09.230000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,26 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-218506
+218510
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `4`
 
-* [CVE-2023-1721](CVE-2023/CVE-2023-17xx/CVE-2023-1721.json) (`2023-06-24T00:15:09.140`)
-* [CVE-2023-1724](CVE-2023/CVE-2023-17xx/CVE-2023-1724.json) (`2023-06-24T01:15:08.543`)
+* [CVE-2023-1722](CVE-2023/CVE-2023-17xx/CVE-2023-1722.json) (`2023-06-24T02:15:08.233`)
+* [CVE-2023-3197](CVE-2023/CVE-2023-31xx/CVE-2023-3197.json) (`2023-06-24T03:15:09.080`)
+* [CVE-2023-3387](CVE-2023/CVE-2023-33xx/CVE-2023-3387.json) (`2023-06-24T03:15:09.157`)
+* [CVE-2023-3388](CVE-2023/CVE-2023-33xx/CVE-2023-3388.json) (`2023-06-24T03:15:09.230`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `5`
+Recently modified CVEs: `2`
 
-* [CVE-2022-47376](CVE-2022/CVE-2022-473xx/CVE-2022-47376.json) (`2023-06-24T01:14:41.157`)
-* [CVE-2023-31672](CVE-2023/CVE-2023-316xx/CVE-2023-31672.json) (`2023-06-24T01:18:15.200`)
-* [CVE-2023-34852](CVE-2023/CVE-2023-348xx/CVE-2023-34852.json) (`2023-06-24T01:26:15.970`)
-* [CVE-2023-32027](CVE-2023/CVE-2023-320xx/CVE-2023-32027.json) (`2023-06-24T01:32:49.960`)
-* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-06-24T01:38:28.907`)
+* [CVE-2023-32570](CVE-2023/CVE-2023-325xx/CVE-2023-32570.json) (`2023-06-24T03:15:08.947`)
+* [CVE-2023-34969](CVE-2023/CVE-2023-349xx/CVE-2023-34969.json) (`2023-06-24T03:15:09.013`)
 
 
 ## Download and Usage