admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-04T14:00:25.277392+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-04 14:00:28 +00:00
parent 838c2a6742
commit f71507ae99
25 changed files with 1054 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2023/CVE-2023-28xx/CVE-2023-2813.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2813",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:08.997",
"lastModified": "2023-09-04T12:15:08.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2023/CVE-2023-304xx/CVE-2023-30485.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30485",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.140",
"lastModified": "2023-09-04T12:15:09.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider \u2013 Avartan Slider Lite plugin <=\u00a01.5.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/avartan-slider-lite/wordpress-avartan-slider-lite-plugin-1-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32102.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32102",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.220",
"lastModified": "2023-09-04T12:15:09.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <=\u00a02.0.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/library-viewer/wordpress-library-viewer-plugin-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32296.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32296",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.313",
"lastModified": "2023-09-04T12:15:09.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <=\u00a02.2.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kangu/wordpress-kangu-para-woocommerce-plugin-2-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32578.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32578",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.400",
"lastModified": "2023-09-04T12:15:09.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <=\u00a01.3.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/column-matic/wordpress-column-matic-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-32xx/CVE-2023-3221.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3221",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-04T13:15:32.853",
"lastModified": "2023-09-04T13:15:32.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-32xx/CVE-2023-3222.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3222",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-04T13:15:33.987",
"lastModified": "2023-09-04T13:15:33.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user\u00b4s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin",
"source": "cve-coordination@incibe.es"
}
]
}

32
CVE-2023/CVE-2023-34xx/CVE-2023-3499.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3499",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:09.493",
"lastModified": "2023-09-04T12:15:09.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ea29413b-494e-410e-ae42-42f96284899c",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-38xx/CVE-2023-3814.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3814",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:09.570",
"lastModified": "2023-09-04T12:15:09.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40196",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.647",
"lastModified": "2023-09-04T12:15:09.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <=\u00a03.1.11 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40197",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.737",
"lastModified": "2023-09-04T12:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <=\u00a01.9.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/flowpaper-lite-pdf-flipbook/wordpress-flowpaper-plugin-1-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-402xx/CVE-2023-40205.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40205",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.823",
"lastModified": "2023-09-04T12:15:09.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <=\u00a01.4.15 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-402xx/CVE-2023-40214.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40214",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.917",
"lastModified": "2023-09-04T12:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/business-pro/wordpress-business-pro-theme-1-10-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-40xx/CVE-2023-4019.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4019",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.037",
"lastModified": "2023-09-04T12:15:10.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-40xx/CVE-2023-4059.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4059",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.110",
"lastModified": "2023-09-04T12:15:10.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-41xx/CVE-2023-4151.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4151",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.187",
"lastModified": "2023-09-04T12:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4216.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4216",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.257",
"lastModified": "2023-09-04T12:15:10.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8189afc4-17b3-4696-89e1-731011cb9e2b",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4253.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4253",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.333",
"lastModified": "2023-09-04T12:15:10.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1cbbab9e-be3d-4081-bc0e-c52d500d9871",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4254.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4254",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.403",
"lastModified": "2023-09-04T12:15:10.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0dfffe48-e60d-4bab-b194-8a63554246c3",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4269.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4269",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.470",
"lastModified": "2023-09-04T12:15:10.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/db3e4336-117c-47f2-9b43-2ca115525297",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4279.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4279",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.547",
"lastModified": "2023-09-04T12:15:10.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2bd2579e-b383-4d12-b207-6fc32cfb82bc",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4284.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4284",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.627",
"lastModified": "2023-09-04T12:15:10.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4298.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4298",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.693",
"lastModified": "2023-09-04T12:15:10.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/36285052-8464-4fd6-b4b1-c175e730edad",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2023/CVE-2023-45xx/CVE-2023-4587.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4587",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-04T12:15:10.760",
"lastModified": "2023-09-04T12:15:10.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800",
"source": "cve-coordination@incibe.es"
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-04T12:00:25.206087+00:00
2023-09-04T14:00:25.277392+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-04T11:15:41.747000+00:00
2023-09-04T13:15:33.987000+00:00
```
### Last Data Feed Release
@ -29,38 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224094
224118
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `24`
* [CVE-2023-25465](CVE-2023/CVE-2023-254xx/CVE-2023-25465.json) (`2023-09-04T10:15:07.940`)
* [CVE-2023-36382](CVE-2023/CVE-2023-363xx/CVE-2023-36382.json) (`2023-09-04T10:15:08.730`)
* [CVE-2023-39162](CVE-2023/CVE-2023-391xx/CVE-2023-39162.json) (`2023-09-04T10:15:08.913`)
* [CVE-2023-39164](CVE-2023/CVE-2023-391xx/CVE-2023-39164.json) (`2023-09-04T10:15:09.097`)
* [CVE-2023-30494](CVE-2023/CVE-2023-304xx/CVE-2023-30494.json) (`2023-09-04T11:15:39.627`)
* [CVE-2023-31220](CVE-2023/CVE-2023-312xx/CVE-2023-31220.json) (`2023-09-04T11:15:40.123`)
* [CVE-2023-37393](CVE-2023/CVE-2023-373xx/CVE-2023-37393.json) (`2023-09-04T11:15:40.383`)
* [CVE-2023-39918](CVE-2023/CVE-2023-399xx/CVE-2023-39918.json) (`2023-09-04T11:15:40.483`)
* [CVE-2023-39919](CVE-2023/CVE-2023-399xx/CVE-2023-39919.json) (`2023-09-04T11:15:40.627`)
* [CVE-2023-39987](CVE-2023/CVE-2023-399xx/CVE-2023-39987.json) (`2023-09-04T11:15:40.737`)
* [CVE-2023-39988](CVE-2023/CVE-2023-399xx/CVE-2023-39988.json) (`2023-09-04T11:15:40.840`)
* [CVE-2023-39991](CVE-2023/CVE-2023-399xx/CVE-2023-39991.json) (`2023-09-04T11:15:40.933`)
* [CVE-2023-39992](CVE-2023/CVE-2023-399xx/CVE-2023-39992.json) (`2023-09-04T11:15:41.030`)
* [CVE-2023-40206](CVE-2023/CVE-2023-402xx/CVE-2023-40206.json) (`2023-09-04T11:15:41.133`)
* [CVE-2023-40208](CVE-2023/CVE-2023-402xx/CVE-2023-40208.json) (`2023-09-04T11:15:41.227`)
* [CVE-2023-4614](CVE-2023/CVE-2023-46xx/CVE-2023-4614.json) (`2023-09-04T11:15:41.560`)
* [CVE-2023-4615](CVE-2023/CVE-2023-46xx/CVE-2023-4615.json) (`2023-09-04T11:15:41.657`)
* [CVE-2023-4616](CVE-2023/CVE-2023-46xx/CVE-2023-4616.json) (`2023-09-04T11:15:41.747`)
* [CVE-2023-2813](CVE-2023/CVE-2023-28xx/CVE-2023-2813.json) (`2023-09-04T12:15:08.997`)
* [CVE-2023-30485](CVE-2023/CVE-2023-304xx/CVE-2023-30485.json) (`2023-09-04T12:15:09.140`)
* [CVE-2023-32102](CVE-2023/CVE-2023-321xx/CVE-2023-32102.json) (`2023-09-04T12:15:09.220`)
* [CVE-2023-32296](CVE-2023/CVE-2023-322xx/CVE-2023-32296.json) (`2023-09-04T12:15:09.313`)
* [CVE-2023-32578](CVE-2023/CVE-2023-325xx/CVE-2023-32578.json) (`2023-09-04T12:15:09.400`)
* [CVE-2023-3499](CVE-2023/CVE-2023-34xx/CVE-2023-3499.json) (`2023-09-04T12:15:09.493`)
* [CVE-2023-3814](CVE-2023/CVE-2023-38xx/CVE-2023-3814.json) (`2023-09-04T12:15:09.570`)
* [CVE-2023-40196](CVE-2023/CVE-2023-401xx/CVE-2023-40196.json) (`2023-09-04T12:15:09.647`)
* [CVE-2023-40197](CVE-2023/CVE-2023-401xx/CVE-2023-40197.json) (`2023-09-04T12:15:09.737`)
* [CVE-2023-40205](CVE-2023/CVE-2023-402xx/CVE-2023-40205.json) (`2023-09-04T12:15:09.823`)
* [CVE-2023-40214](CVE-2023/CVE-2023-402xx/CVE-2023-40214.json) (`2023-09-04T12:15:09.917`)
* [CVE-2023-4019](CVE-2023/CVE-2023-40xx/CVE-2023-4019.json) (`2023-09-04T12:15:10.037`)
* [CVE-2023-4059](CVE-2023/CVE-2023-40xx/CVE-2023-4059.json) (`2023-09-04T12:15:10.110`)
* [CVE-2023-4151](CVE-2023/CVE-2023-41xx/CVE-2023-4151.json) (`2023-09-04T12:15:10.187`)
* [CVE-2023-4216](CVE-2023/CVE-2023-42xx/CVE-2023-4216.json) (`2023-09-04T12:15:10.257`)
* [CVE-2023-4253](CVE-2023/CVE-2023-42xx/CVE-2023-4253.json) (`2023-09-04T12:15:10.333`)
* [CVE-2023-4254](CVE-2023/CVE-2023-42xx/CVE-2023-4254.json) (`2023-09-04T12:15:10.403`)
* [CVE-2023-4269](CVE-2023/CVE-2023-42xx/CVE-2023-4269.json) (`2023-09-04T12:15:10.470`)
* [CVE-2023-4279](CVE-2023/CVE-2023-42xx/CVE-2023-4279.json) (`2023-09-04T12:15:10.547`)
* [CVE-2023-4284](CVE-2023/CVE-2023-42xx/CVE-2023-4284.json) (`2023-09-04T12:15:10.627`)
* [CVE-2023-4298](CVE-2023/CVE-2023-42xx/CVE-2023-4298.json) (`2023-09-04T12:15:10.693`)
* [CVE-2023-4587](CVE-2023/CVE-2023-45xx/CVE-2023-4587.json) (`2023-09-04T12:15:10.760`)
* [CVE-2023-3221](CVE-2023/CVE-2023-32xx/CVE-2023-3221.json) (`2023-09-04T13:15:32.853`)
* [CVE-2023-3222](CVE-2023/CVE-2023-32xx/CVE-2023-3222.json) (`2023-09-04T13:15:33.987`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
* [CVE-2023-4613](CVE-2023/CVE-2023-46xx/CVE-2023-4613.json) (`2023-09-04T11:15:41.360`)
## Download and Usage