diff --git a/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json b/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json index b7e780bb162..43ddf00fc67 100644 --- a/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json +++ b/CVE-2022/CVE-2022-01xx/CVE-2022-0140.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0140", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-12T12:15:08.183", - "lastModified": "2023-07-20T18:12:18.663", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:09.763", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint." + "value": "The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint." }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-306" } ] } diff --git a/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json b/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json index 1549cfa3573..219a5542098 100644 --- a/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json +++ b/CVE-2022/CVE-2022-01xx/CVE-2022-0164.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0164", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-21T11:15:09.210", - "lastModified": "2023-07-20T18:09:50.423", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:09.897", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users" + "value": "The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,12 +79,16 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-863" + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" } ] } diff --git a/CVE-2022/CVE-2022-02xx/CVE-2022-0214.json b/CVE-2022/CVE-2022-02xx/CVE-2022-0214.json index 010a50f2462..e8c9fb1541d 100644 --- a/CVE-2022/CVE-2022-02xx/CVE-2022-0214.json +++ b/CVE-2022/CVE-2022-02xx/CVE-2022-0214.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0214", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-14T12:15:16.607", - "lastModified": "2023-07-21T16:53:32.157", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.017", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog" + "value": "The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-1284" } ] } diff --git a/CVE-2022/CVE-2022-02xx/CVE-2022-0229.json b/CVE-2022/CVE-2022-02xx/CVE-2022-0229.json index 358fcc18f32..b2381498244 100644 --- a/CVE-2022/CVE-2022-02xx/CVE-2022-0229.json +++ b/CVE-2022/CVE-2022-02xx/CVE-2022-0229.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0229", "sourceIdentifier": "contact@wpscan.com", "published": "2022-03-21T19:15:10.180", - "lastModified": "2023-07-21T16:53:27.873", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.123", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-02xx/CVE-2022-0287.json b/CVE-2022/CVE-2022-02xx/CVE-2022-0287.json index 01dcf2c35ae..a9ade5b14b7 100644 --- a/CVE-2022/CVE-2022-02xx/CVE-2022-0287.json +++ b/CVE-2022/CVE-2022-02xx/CVE-2022-0287.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0287", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-25T16:16:07.523", - "lastModified": "2023-07-21T16:53:03.447", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.227", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog" + "value": "The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-862" } ] } diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json index 86d8037178e..3bf6814628f 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0345.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0345", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-28T09:15:08.997", - "lastModified": "2023-07-20T18:05:39.020", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.333", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,12 +79,16 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" } ] } diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json index 1f44399fadc..07438c474d4 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0363.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0363", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-25T16:16:07.577", - "lastModified": "2023-07-20T18:07:13.247", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts." + "value": "The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts." }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0377.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0377.json index e06bf22d1ac..4a66587f53a 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0377.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0377.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0377", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-28T09:15:09.093", - "lastModified": "2023-07-21T16:55:22.610", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site." + "value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site." }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-73" + "value": "CWE-327" } ] } diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0398.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0398.json index 0137dc4f5e0..fdb88a2fab2 100644 --- a/CVE-2022/CVE-2022-03xx/CVE-2022-0398.json +++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0398.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0398", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-25T16:16:07.640", - "lastModified": "2023-07-21T16:53:23.377", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.623", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-04xx/CVE-2022-0404.json b/CVE-2022/CVE-2022-04xx/CVE-2022-0404.json index be8857b980d..ec07776843f 100644 --- a/CVE-2022/CVE-2022-04xx/CVE-2022-0404.json +++ b/CVE-2022/CVE-2022-04xx/CVE-2022-0404.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0404", "sourceIdentifier": "contact@wpscan.com", "published": "2022-04-04T16:15:09.150", - "lastModified": "2023-07-20T17:45:49.053", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -75,12 +75,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-863" + "value": "CWE-862" } ] } diff --git a/CVE-2022/CVE-2022-04xx/CVE-2022-0444.json b/CVE-2022/CVE-2022-04xx/CVE-2022-0444.json index 13a2377c1a5..88aa90b74f4 100644 --- a/CVE-2022/CVE-2022-04xx/CVE-2022-0444.json +++ b/CVE-2022/CVE-2022-04xx/CVE-2022-0444.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0444", "sourceIdentifier": "contact@wpscan.com", "published": "2022-06-27T09:15:08.390", - "lastModified": "2023-07-20T17:46:22.067", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.813", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2022/CVE-2022-08xx/CVE-2022-0885.json b/CVE-2022/CVE-2022-08xx/CVE-2022-0885.json index 81c063814e2..ceb843ba03e 100644 --- a/CVE-2022/CVE-2022-08xx/CVE-2022-0885.json +++ b/CVE-2022/CVE-2022-08xx/CVE-2022-0885.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0885", "sourceIdentifier": "contact@wpscan.com", "published": "2022-06-13T13:15:10.577", - "lastModified": "2023-07-21T17:13:41.570", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:10.920", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-862" + }, { "lang": "en", "value": "CWE-94" diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2834.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2834.json index 57158b8e58a..1991708803f 100644 --- a/CVE-2022/CVE-2022-28xx/CVE-2022-2834.json +++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2834.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2834", "sourceIdentifier": "contact@wpscan.com", "published": "2022-10-17T12:15:09.960", - "lastModified": "2023-07-21T16:38:15.433", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:11.043", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -50,12 +50,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-552" } ] } diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2891.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2891.json index 7e69a87793b..6ca41f7f196 100644 --- a/CVE-2022/CVE-2022-28xx/CVE-2022-2891.json +++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2891.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2891", "sourceIdentifier": "contact@wpscan.com", "published": "2022-10-10T21:15:10.877", - "lastModified": "2023-07-21T16:44:41.463", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T10:15:11.147", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -50,12 +50,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-203" } ] } diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3082.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3082.json index d6bcb2bfc1e..5e505d5f065 100644 --- a/CVE-2022/CVE-2022-30xx/CVE-2022-3082.json +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3082.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3082", "sourceIdentifier": "contact@wpscan.com", "published": "2022-10-17T12:15:10.040", - "lastModified": "2023-07-21T17:09:26.430", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T11:15:09.327", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -54,16 +54,16 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-284" + "value": "CWE-352" }, { "lang": "en", - "value": "CWE-352" + "value": "CWE-862" } ] } diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3206.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3206.json index 025b2b1d3dd..204e72728a9 100644 --- a/CVE-2022/CVE-2022-32xx/CVE-2022-3206.json +++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3206.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3206", "sourceIdentifier": "contact@wpscan.com", "published": "2022-10-17T12:15:10.530", - "lastModified": "2023-07-21T19:25:57.163", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T11:15:09.427", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -54,12 +54,16 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-326" + "value": "CWE-319" + }, + { + "lang": "en", + "value": "CWE-522" } ] } diff --git a/CVE-2022/CVE-2022-39xx/CVE-2022-3907.json b/CVE-2022/CVE-2022-39xx/CVE-2022-3907.json index 8523379bbcd..347e04f5e9b 100644 --- a/CVE-2022/CVE-2022-39xx/CVE-2022-3907.json +++ b/CVE-2022/CVE-2022-39xx/CVE-2022-3907.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3907", "sourceIdentifier": "contact@wpscan.com", "published": "2022-12-05T17:15:10.593", - "lastModified": "2023-07-21T20:26:08.603", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T11:15:09.543", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -46,12 +46,12 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-203" } ] } diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json new file mode 100644 index 00000000000..6b68f7d9925 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2309", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-07-24T11:15:09.653", + "lastModified": "2023-07-24T11:15:09.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json new file mode 100644 index 00000000000..46817c15363 --- /dev/null +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2761", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-07-24T11:15:09.733", + "lastModified": "2023-07-24T11:15:09.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json new file mode 100644 index 00000000000..9a6f6f4a8b2 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3248", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-07-24T11:15:09.810", + "lastModified": "2023-07-24T11:15:09.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/90c7496b-552f-4566-b7ae-8c953c965352", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json new file mode 100644 index 00000000000..e56102d8910 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3344", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-07-24T11:15:09.883", + "lastModified": "2023-07-24T11:15:09.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/d27bc628-3de1-421e-8a67-150e9d7a96dd", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json new file mode 100644 index 00000000000..bb2e5989dec --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-3417", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-07-24T11:15:09.953", + "lastModified": "2023-07-24T11:15:09.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1835582", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-27/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json index b133a95419c..933a4938599 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3600", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-12T14:15:10.143", - "lastModified": "2023-07-20T19:46:21.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-24T11:15:10.013", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2." + "value": "During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1." } ], "metrics": { @@ -86,6 +86,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-27/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/README.md b/README.md index d1b2033954b..04730e2eb4a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-24T10:00:25.563287+00:00 +2023-07-24T12:00:26.684210+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-24T09:15:10.147000+00:00 +2023-07-24T11:15:10.013000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220891 +220896 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `5` -* [CVE-2023-38056](CVE-2023/CVE-2023-380xx/CVE-2023-38056.json) (`2023-07-24T09:15:09.403`) -* [CVE-2023-38057](CVE-2023/CVE-2023-380xx/CVE-2023-38057.json) (`2023-07-24T09:15:09.927`) -* [CVE-2023-38058](CVE-2023/CVE-2023-380xx/CVE-2023-38058.json) (`2023-07-24T09:15:10.003`) -* [CVE-2023-38060](CVE-2023/CVE-2023-380xx/CVE-2023-38060.json) (`2023-07-24T09:15:10.073`) +* [CVE-2023-2309](CVE-2023/CVE-2023-23xx/CVE-2023-2309.json) (`2023-07-24T11:15:09.653`) +* [CVE-2023-2761](CVE-2023/CVE-2023-27xx/CVE-2023-2761.json) (`2023-07-24T11:15:09.733`) +* [CVE-2023-3248](CVE-2023/CVE-2023-32xx/CVE-2023-3248.json) (`2023-07-24T11:15:09.810`) +* [CVE-2023-3344](CVE-2023/CVE-2023-33xx/CVE-2023-3344.json) (`2023-07-24T11:15:09.883`) +* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-07-24T11:15:09.953`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `18` -* [CVE-2023-3139](CVE-2023/CVE-2023-31xx/CVE-2023-3139.json) (`2023-07-24T09:15:10.147`) +* [CVE-2022-0140](CVE-2022/CVE-2022-01xx/CVE-2022-0140.json) (`2023-07-24T10:15:09.763`) +* [CVE-2022-0164](CVE-2022/CVE-2022-01xx/CVE-2022-0164.json) (`2023-07-24T10:15:09.897`) +* [CVE-2022-0214](CVE-2022/CVE-2022-02xx/CVE-2022-0214.json) (`2023-07-24T10:15:10.017`) +* [CVE-2022-0229](CVE-2022/CVE-2022-02xx/CVE-2022-0229.json) (`2023-07-24T10:15:10.123`) +* [CVE-2022-0287](CVE-2022/CVE-2022-02xx/CVE-2022-0287.json) (`2023-07-24T10:15:10.227`) +* [CVE-2022-0345](CVE-2022/CVE-2022-03xx/CVE-2022-0345.json) (`2023-07-24T10:15:10.333`) +* [CVE-2022-0363](CVE-2022/CVE-2022-03xx/CVE-2022-0363.json) (`2023-07-24T10:15:10.433`) +* [CVE-2022-0377](CVE-2022/CVE-2022-03xx/CVE-2022-0377.json) (`2023-07-24T10:15:10.527`) +* [CVE-2022-0398](CVE-2022/CVE-2022-03xx/CVE-2022-0398.json) (`2023-07-24T10:15:10.623`) +* [CVE-2022-0404](CVE-2022/CVE-2022-04xx/CVE-2022-0404.json) (`2023-07-24T10:15:10.713`) +* [CVE-2022-0444](CVE-2022/CVE-2022-04xx/CVE-2022-0444.json) (`2023-07-24T10:15:10.813`) +* [CVE-2022-0885](CVE-2022/CVE-2022-08xx/CVE-2022-0885.json) (`2023-07-24T10:15:10.920`) +* [CVE-2022-2834](CVE-2022/CVE-2022-28xx/CVE-2022-2834.json) (`2023-07-24T10:15:11.043`) +* [CVE-2022-2891](CVE-2022/CVE-2022-28xx/CVE-2022-2891.json) (`2023-07-24T10:15:11.147`) +* [CVE-2022-3082](CVE-2022/CVE-2022-30xx/CVE-2022-3082.json) (`2023-07-24T11:15:09.327`) +* [CVE-2022-3206](CVE-2022/CVE-2022-32xx/CVE-2022-3206.json) (`2023-07-24T11:15:09.427`) +* [CVE-2022-3907](CVE-2022/CVE-2022-39xx/CVE-2022-3907.json) (`2023-07-24T11:15:09.543`) +* [CVE-2023-3600](CVE-2023/CVE-2023-36xx/CVE-2023-3600.json) (`2023-07-24T11:15:10.013`) ## Download and Usage