From d2523f0fd4a938df4f170a692259e037983285ef Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 4 Jul 2023 12:00:46 +0000 Subject: [PATCH] Auto-Update: 2023-07-04T12:00:43.130603+00:00 --- CVE-2022/CVE-2022-227xx/CVE-2022-22734.json | 10 ++--- CVE-2022/CVE-2022-25xx/CVE-2022-2552.json | 6 ++- CVE-2022/CVE-2022-39xx/CVE-2022-3911.json | 14 +++---- CVE-2023/CVE-2023-25xx/CVE-2023-2527.json | 14 +++---- README.md | 45 ++++----------------- 5 files changed, 32 insertions(+), 57 deletions(-) diff --git a/CVE-2022/CVE-2022-227xx/CVE-2022-22734.json b/CVE-2022/CVE-2022-227xx/CVE-2022-22734.json index b5549abadba..1bff78910f8 100644 --- a/CVE-2022/CVE-2022-227xx/CVE-2022-22734.json +++ b/CVE-2022/CVE-2022-227xx/CVE-2022-22734.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22734", "sourceIdentifier": "contact@wpscan.com", "published": "2022-03-14T15:15:10.973", - "lastModified": "2023-06-27T19:01:31.237", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-04T10:15:09.423", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-352" + "value": "CWE-116" } ] } diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json index b1a8378cd3e..4da8aeaba26 100644 --- a/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json +++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2552.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2552", "sourceIdentifier": "contact@wpscan.com", "published": "2022-08-22T15:15:15.373", - "lastModified": "2023-06-27T18:15:11.443", + "lastModified": "2023-07-04T10:15:09.520", "vulnStatus": "Modified", "descriptions": [ { @@ -43,6 +43,10 @@ "source": "contact@wpscan.com", "type": "Primary", "description": [ + { + "lang": "en", + "value": "CWE-306" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-39xx/CVE-2022-3911.json b/CVE-2022/CVE-2022-39xx/CVE-2022-3911.json index 08d74a6cd1e..5fd08251740 100644 --- a/CVE-2022/CVE-2022-39xx/CVE-2022-3911.json +++ b/CVE-2022/CVE-2022-39xx/CVE-2022-3911.json @@ -2,12 +2,12 @@ "id": "CVE-2022-3911", "sourceIdentifier": "contact@wpscan.com", "published": "2023-01-02T22:15:15.627", - "lastModified": "2023-06-27T18:34:57.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-04T10:15:09.620", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc" + "value": "The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc" } ], "metrics": { @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -50,16 +50,16 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-352" }, { "lang": "en", - "value": "CWE-352" + "value": "CWE-862" } ] } diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json index 59af3eef2e7..0ef1b29f860 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2527", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.270", - "lastModified": "2023-06-27T09:07:45.317", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-04T10:15:09.737", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + "value": "The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin" } ], "metrics": { @@ -36,22 +36,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-79" + "value": "CWE-89" } ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-89" + "value": "CWE-79" } ] } diff --git a/README.md b/README.md index eaae0ad5e9d..5a31826b683 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-04T10:00:27.032041+00:00 +2023-07-04T12:00:43.130603+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-04T09:15:11.737000+00:00 +2023-07-04T10:15:09.737000+00:00 ``` ### Last Data Feed Release @@ -34,47 +34,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `0` -* [CVE-2022-4623](CVE-2022/CVE-2022-46xx/CVE-2022-4623.json) (`2023-07-04T08:15:10.043`) -* [CVE-2023-1273](CVE-2023/CVE-2023-12xx/CVE-2023-1273.json) (`2023-07-04T08:15:10.123`) -* [CVE-2023-2010](CVE-2023/CVE-2023-20xx/CVE-2023-2010.json) (`2023-07-04T08:15:10.183`) -* [CVE-2023-2320](CVE-2023/CVE-2023-23xx/CVE-2023-2320.json) (`2023-07-04T08:15:10.240`) -* [CVE-2023-2321](CVE-2023/CVE-2023-23xx/CVE-2023-2321.json) (`2023-07-04T08:15:10.293`) -* [CVE-2023-2324](CVE-2023/CVE-2023-23xx/CVE-2023-2324.json) (`2023-07-04T08:15:10.347`) -* [CVE-2023-2333](CVE-2023/CVE-2023-23xx/CVE-2023-2333.json) (`2023-07-04T08:15:10.403`) -* [CVE-2023-3133](CVE-2023/CVE-2023-31xx/CVE-2023-3133.json) (`2023-07-04T08:15:10.460`) -* [CVE-2023-3139](CVE-2023/CVE-2023-31xx/CVE-2023-3139.json) (`2023-07-04T08:15:10.517`) -* [CVE-2023-3460](CVE-2023/CVE-2023-34xx/CVE-2023-3460.json) (`2023-07-04T08:15:10.573`) ### CVEs modified in the last Commit -Recently modified CVEs: `23` +Recently modified CVEs: `4` -* [CVE-2021-24209](CVE-2021/CVE-2021-242xx/CVE-2021-24209.json) (`2023-07-04T08:15:09.307`) -* [CVE-2021-24998](CVE-2021/CVE-2021-249xx/CVE-2021-24998.json) (`2023-07-04T08:15:09.557`) -* [CVE-2021-25116](CVE-2021/CVE-2021-251xx/CVE-2021-25116.json) (`2023-07-04T08:15:09.667`) -* [CVE-2022-0188](CVE-2022/CVE-2022-01xx/CVE-2022-0188.json) (`2023-07-04T08:15:09.773`) -* [CVE-2022-0220](CVE-2022/CVE-2022-02xx/CVE-2022-0220.json) (`2023-07-04T08:15:09.867`) -* [CVE-2022-0421](CVE-2022/CVE-2022-04xx/CVE-2022-0421.json) (`2023-07-04T08:15:09.947`) -* [CVE-2022-0450](CVE-2022/CVE-2022-04xx/CVE-2022-0450.json) (`2023-07-04T09:15:09.980`) -* [CVE-2022-0634](CVE-2022/CVE-2022-06xx/CVE-2022-0634.json) (`2023-07-04T09:15:10.493`) -* [CVE-2022-0952](CVE-2022/CVE-2022-09xx/CVE-2022-0952.json) (`2023-07-04T09:15:10.597`) -* [CVE-2022-1092](CVE-2022/CVE-2022-10xx/CVE-2022-1092.json) (`2023-07-04T09:15:10.697`) -* [CVE-2022-1203](CVE-2022/CVE-2022-12xx/CVE-2022-1203.json) (`2023-07-04T09:15:10.773`) -* [CVE-2022-1323](CVE-2022/CVE-2022-13xx/CVE-2022-1323.json) (`2023-07-04T09:15:10.860`) -* [CVE-2022-1570](CVE-2022/CVE-2022-15xx/CVE-2022-1570.json) (`2023-07-04T09:15:10.943`) -* [CVE-2022-1572](CVE-2022/CVE-2022-15xx/CVE-2022-1572.json) (`2023-07-04T09:15:11.033`) -* [CVE-2022-1574](CVE-2022/CVE-2022-15xx/CVE-2022-1574.json) (`2023-07-04T09:15:11.113`) -* [CVE-2022-1589](CVE-2022/CVE-2022-15xx/CVE-2022-1589.json) (`2023-07-04T09:15:11.187`) -* [CVE-2022-1598](CVE-2022/CVE-2022-15xx/CVE-2022-1598.json) (`2023-07-04T09:15:11.257`) -* [CVE-2022-2034](CVE-2022/CVE-2022-20xx/CVE-2022-2034.json) (`2023-07-04T09:15:11.333`) -* [CVE-2022-2099](CVE-2022/CVE-2022-20xx/CVE-2022-2099.json) (`2023-07-04T09:15:11.413`) -* [CVE-2022-2146](CVE-2022/CVE-2022-21xx/CVE-2022-2146.json) (`2023-07-04T09:15:11.497`) -* [CVE-2022-2241](CVE-2022/CVE-2022-22xx/CVE-2022-2241.json) (`2023-07-04T09:15:11.577`) -* [CVE-2022-2354](CVE-2022/CVE-2022-23xx/CVE-2022-2354.json) (`2023-07-04T09:15:11.657`) -* [CVE-2022-2370](CVE-2022/CVE-2022-23xx/CVE-2022-2370.json) (`2023-07-04T09:15:11.737`) +* [CVE-2022-22734](CVE-2022/CVE-2022-227xx/CVE-2022-22734.json) (`2023-07-04T10:15:09.423`) +* [CVE-2022-2552](CVE-2022/CVE-2022-25xx/CVE-2022-2552.json) (`2023-07-04T10:15:09.520`) +* [CVE-2022-3911](CVE-2022/CVE-2022-39xx/CVE-2022-3911.json) (`2023-07-04T10:15:09.620`) +* [CVE-2023-2527](CVE-2023/CVE-2023-25xx/CVE-2023-2527.json) (`2023-07-04T10:15:09.737`) ## Download and Usage