Auto-Update: 2023-09-16T10:00:24.484233+00:00

2025-05-30 10:10:41 +00:00 · 2023-09-16 10:00:28 +00:00 · 2023-09-16 10:00:28 +00:00 · db027fe072
commit db027fe072
parent b75a0281d0
2 changed files with 63 additions and 4 deletions
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3025.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3025.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3025",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-09-16T09:15:07.447",
+  "lastModified": "2023-09-16T09:15:07.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-16T08:00:24.321301+00:00
+2023-09-16T10:00:24.484233+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-16T06:15:07.627000+00:00
+2023-09-16T09:15:07.447000+00:00
 ```

 ### Last Data Feed Release
@ -29,14 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-225714
+225715
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

-* [CVE-2023-41157](CVE-2023/CVE-2023-411xx/CVE-2023-41157.json) (`2023-09-16T06:15:07.627`)
+* [CVE-2023-3025](CVE-2023/CVE-2023-30xx/CVE-2023-3025.json) (`2023-09-16T09:15:07.447`)


 ### CVEs modified in the last Commit