Auto-Update: 2023-06-27T06:00:25.741606+00:00

2025-05-30 10:10:41 +00:00 · 2023-06-27 06:00:29 +00:00 · 2023-06-27 06:00:29 +00:00 · f161631f93
commit f161631f93
parent 63f9a09591
4 changed files with 185 additions and 32 deletions
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3411",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-27T04:15:10.267",
+  "lastModified": "2023-06-27T04:15:10.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/image-map-pro-lite/trunk/image-map-pro-wordpress-lite.php#L410",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3412.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3412.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3412",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-27T04:15:10.447",
+  "lastModified": "2023-06-27T04:15:10.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/image-map-pro-lite/trunk/image-map-pro-wordpress-lite.php#L410",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b58403df-af09-4d74-88e6-140e3f2f291b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3423.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3423.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3423",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-06-27T04:15:10.543",
+  "lastModified": "2023-06-27T04:15:10.543",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-521"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/7d4dab60352079953b7be120afe9bd14983ae3bc",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/dd19c7d0-70f1-4d86-a552-611dfa8e0139",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-27T04:00:27.780029+00:00
+2023-06-27T06:00:25.741606+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-27T03:15:09.913000+00:00
+2023-06-27T04:15:10.543000+00:00
 ```

 ### Last Data Feed Release
@ -29,46 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-218620
+218623
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

-* [CVE-2023-3371](CVE-2023/CVE-2023-33xx/CVE-2023-3371.json) (`2023-06-27T02:15:09.657`)
-* [CVE-2023-3132](CVE-2023/CVE-2023-31xx/CVE-2023-3132.json) (`2023-06-27T03:15:09.913`)
+* [CVE-2023-3411](CVE-2023/CVE-2023-34xx/CVE-2023-3411.json) (`2023-06-27T04:15:10.267`)
+* [CVE-2023-3412](CVE-2023/CVE-2023-34xx/CVE-2023-3412.json) (`2023-06-27T04:15:10.447`)
+* [CVE-2023-3423](CVE-2023/CVE-2023-34xx/CVE-2023-3423.json) (`2023-06-27T04:15:10.543`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `26`
+Recently modified CVEs: `0`

-* [CVE-2022-23603](CVE-2022/CVE-2022-236xx/CVE-2022-23603.json) (`2023-06-27T02:39:56.183`)
-* [CVE-2022-23591](CVE-2022/CVE-2022-235xx/CVE-2022-23591.json) (`2023-06-27T02:40:30.160`)
-* [CVE-2022-23547](CVE-2022/CVE-2022-235xx/CVE-2022-23547.json) (`2023-06-27T02:40:57.517`)
-* [CVE-2022-45378](CVE-2022/CVE-2022-453xx/CVE-2022-45378.json) (`2023-06-27T02:41:33.980`)
-* [CVE-2022-45143](CVE-2022/CVE-2022-451xx/CVE-2022-45143.json) (`2023-06-27T02:42:19.317`)
-* [CVE-2022-45097](CVE-2022/CVE-2022-450xx/CVE-2022-45097.json) (`2023-06-27T02:42:54.860`)
-* [CVE-2022-45069](CVE-2022/CVE-2022-450xx/CVE-2022-45069.json) (`2023-06-27T02:43:02.070`)
-* [CVE-2022-23766](CVE-2022/CVE-2022-237xx/CVE-2022-23766.json) (`2023-06-27T02:43:25.003`)
-* [CVE-2022-23724](CVE-2022/CVE-2022-237xx/CVE-2022-23724.json) (`2023-06-27T02:43:34.400`)
-* [CVE-2022-23620](CVE-2022/CVE-2022-236xx/CVE-2022-23620.json) (`2023-06-27T02:43:58.700`)
-* [CVE-2022-43566](CVE-2022/CVE-2022-435xx/CVE-2022-43566.json) (`2023-06-27T02:44:39.037`)
-* [CVE-2022-43978](CVE-2022/CVE-2022-439xx/CVE-2022-43978.json) (`2023-06-27T02:44:47.710`)
-* [CVE-2022-4409](CVE-2022/CVE-2022-44xx/CVE-2022-4409.json) (`2023-06-27T02:46:57.160`)
-* [CVE-2022-4257](CVE-2022/CVE-2022-42xx/CVE-2022-4257.json) (`2023-06-27T02:48:52.783`)
-* [CVE-2023-30625](CVE-2023/CVE-2023-306xx/CVE-2023-30625.json) (`2023-06-27T02:07:42.920`)
-* [CVE-2023-34474](CVE-2023/CVE-2023-344xx/CVE-2023-34474.json) (`2023-06-27T02:13:23.640`)
-* [CVE-2023-3214](CVE-2023/CVE-2023-32xx/CVE-2023-3214.json) (`2023-06-27T02:15:09.400`)
-* [CVE-2023-3215](CVE-2023/CVE-2023-32xx/CVE-2023-3215.json) (`2023-06-27T02:15:09.477`)
-* [CVE-2023-3216](CVE-2023/CVE-2023-32xx/CVE-2023-3216.json) (`2023-06-27T02:15:09.537`)
-* [CVE-2023-3217](CVE-2023/CVE-2023-32xx/CVE-2023-3217.json) (`2023-06-27T02:15:09.597`)
-* [CVE-2023-24032](CVE-2023/CVE-2023-240xx/CVE-2023-24032.json) (`2023-06-27T02:18:26.793`)
-* [CVE-2023-34475](CVE-2023/CVE-2023-344xx/CVE-2023-34475.json) (`2023-06-27T02:25:54.433`)
-* [CVE-2023-3195](CVE-2023/CVE-2023-31xx/CVE-2023-3195.json) (`2023-06-27T02:28:55.780`)
-* [CVE-2023-21618](CVE-2023/CVE-2023-216xx/CVE-2023-21618.json) (`2023-06-27T02:32:23.253`)
-* [CVE-2023-29321](CVE-2023/CVE-2023-293xx/CVE-2023-29321.json) (`2023-06-27T02:34:46.750`)


 ## Download and Usage