diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28495.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28495.json new file mode 100644 index 00000000000..b097063d050 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28495.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28495", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:28.580", + "lastModified": "2023-11-12T22:15:28.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <=\u00a01.4.16 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-shortcode/wordpress-wp-shortcode-by-mythemeshop-plugin-1-4-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28497.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28497.json new file mode 100644 index 00000000000..ad04848fdb8 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28497.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28497", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:28.820", + "lastModified": "2023-11-12T22:15:28.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <=\u00a01.7.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28498.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28498.json new file mode 100644 index 00000000000..a6e922ec358 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28498.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28498", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.007", + "lastModified": "2023-11-12T22:15:29.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <=\u00a04.6.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/motopress-hotel-booking-lite/wordpress-hotel-booking-lite-plugin-4-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28618.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28618.json new file mode 100644 index 00000000000..239b222176e --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28618.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28618", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.190", + "lastModified": "2023-11-12T22:15:29.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <=\u00a01.16 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/enhanced-plugin-admin/wordpress-enhanced-plugin-admin-plugin-1-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28694.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28694.json new file mode 100644 index 00000000000..084f2ad5ac0 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28694.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28694", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.370", + "lastModified": "2023-11-12T22:15:29.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs \u2013 BuddyPress Activity Social Share plugin <=\u00a03.5.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bp-activity-social-share/wordpress-wbcom-designs-buddypress-activity-social-share-plugin-3-4-0-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28696.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28696.json new file mode 100644 index 00000000000..ebd8c96df4d --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28696.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28696", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.560", + "lastModified": "2023-11-12T22:15:29.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <=\u00a03.9.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/i-recommend-this/wordpress-i-recommend-this-plugin-3-8-3-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28930.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28930.json new file mode 100644 index 00000000000..c1b443d70e0 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28930.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28930", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.777", + "lastModified": "2023-11-12T22:15:29.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <=\u00a01.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mobile-banner/wordpress-mobile-banner-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28987.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28987.json new file mode 100644 index 00000000000..633b31762cc --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28987.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28987", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:29.960", + "lastModified": "2023-11-12T22:15:29.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin\u00a0<= 2.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29238.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29238.json new file mode 100644 index 00000000000..eb59a4c7394 --- /dev/null +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29238.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29238", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:30.147", + "lastModified": "2023-11-12T22:15:30.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fundraising plugin <=\u00a03.12.15 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-whydonate/wordpress-whydonate-plugin-3-12-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29425.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29425.json new file mode 100644 index 00000000000..c6857c5d822 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29425.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29425", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-12T22:15:30.327", + "lastModified": "2023-11-12T22:15:30.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <=\u00a04.9.23 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/shiftcontroller/wordpress-shiftcontroller-employee-shift-scheduling-plugin-4-9-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 96553111c90..745f0fbaad9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-12T19:00:18.438756+00:00 +2023-11-12T23:00:18.416642+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-12T17:15:31.083000+00:00 +2023-11-12T22:15:30.327000+00:00 ``` ### Last Data Feed Release @@ -29,30 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230353 +230363 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `10` +* [CVE-2023-28495](CVE-2023/CVE-2023-284xx/CVE-2023-28495.json) (`2023-11-12T22:15:28.580`) +* [CVE-2023-28497](CVE-2023/CVE-2023-284xx/CVE-2023-28497.json) (`2023-11-12T22:15:28.820`) +* [CVE-2023-28498](CVE-2023/CVE-2023-284xx/CVE-2023-28498.json) (`2023-11-12T22:15:29.007`) +* [CVE-2023-28618](CVE-2023/CVE-2023-286xx/CVE-2023-28618.json) (`2023-11-12T22:15:29.190`) +* [CVE-2023-28694](CVE-2023/CVE-2023-286xx/CVE-2023-28694.json) (`2023-11-12T22:15:29.370`) +* [CVE-2023-28696](CVE-2023/CVE-2023-286xx/CVE-2023-28696.json) (`2023-11-12T22:15:29.560`) +* [CVE-2023-28930](CVE-2023/CVE-2023-289xx/CVE-2023-28930.json) (`2023-11-12T22:15:29.777`) +* [CVE-2023-28987](CVE-2023/CVE-2023-289xx/CVE-2023-28987.json) (`2023-11-12T22:15:29.960`) +* [CVE-2023-29238](CVE-2023/CVE-2023-292xx/CVE-2023-29238.json) (`2023-11-12T22:15:30.147`) +* [CVE-2023-29425](CVE-2023/CVE-2023-294xx/CVE-2023-29425.json) (`2023-11-12T22:15:30.327`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` +Recently modified CVEs: `0` -* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-11-12T17:15:30.030`) -* [CVE-2023-4257](CVE-2023/CVE-2023-42xx/CVE-2023-4257.json) (`2023-11-12T17:15:30.170`) -* [CVE-2023-4259](CVE-2023/CVE-2023-42xx/CVE-2023-4259.json) (`2023-11-12T17:15:30.270`) -* [CVE-2023-4260](CVE-2023/CVE-2023-42xx/CVE-2023-4260.json) (`2023-11-12T17:15:30.387`) -* [CVE-2023-4262](CVE-2023/CVE-2023-42xx/CVE-2023-4262.json) (`2023-11-12T17:15:30.490`) -* [CVE-2023-4263](CVE-2023/CVE-2023-42xx/CVE-2023-4263.json) (`2023-11-12T17:15:30.587`) -* [CVE-2023-4264](CVE-2023/CVE-2023-42xx/CVE-2023-4264.json) (`2023-11-12T17:15:30.680`) -* [CVE-2023-4265](CVE-2023/CVE-2023-42xx/CVE-2023-4265.json) (`2023-11-12T17:15:30.773`) -* [CVE-2023-5139](CVE-2023/CVE-2023-51xx/CVE-2023-5139.json) (`2023-11-12T17:15:30.870`) -* [CVE-2023-5184](CVE-2023/CVE-2023-51xx/CVE-2023-5184.json) (`2023-11-12T17:15:30.973`) -* [CVE-2023-5753](CVE-2023/CVE-2023-57xx/CVE-2023-5753.json) (`2023-11-12T17:15:31.083`) ## Download and Usage