diff --git a/2012/CVE-2012-0852.md b/2012/CVE-2012-0852.md index f09176dbb2..255affb8f2 100644 --- a/2012/CVE-2012-0852.md +++ b/2012/CVE-2012-0852.md @@ -11,6 +11,7 @@ The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 #### Reference - http://ffmpeg.org/security.html +- https://ffmpeg.org/trac/ffmpeg/ticket/794 #### Github No PoCs found on GitHub currently. diff --git a/2016/CVE-2016-10190.md b/2016/CVE-2016-10190.md index 5607ec74c3..14d1cd9079 100644 --- a/2016/CVE-2016-10190.md +++ b/2016/CVE-2016-10190.md @@ -10,6 +10,7 @@ Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x ### POC #### Reference +- https://ffmpeg.org/security.html - https://trac.ffmpeg.org/ticket/5992 #### Github diff --git a/2016/CVE-2016-10191.md b/2016/CVE-2016-10191.md index 120cba7257..eb2e7cb060 100644 --- a/2016/CVE-2016-10191.md +++ b/2016/CVE-2016-10191.md @@ -10,7 +10,7 @@ Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0 ### POC #### Reference -No PoCs from references. +- https://ffmpeg.org/security.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2016/CVE-2016-10192.md b/2016/CVE-2016-10192.md index 6ad9976c64..916b2aaf93 100644 --- a/2016/CVE-2016-10192.md +++ b/2016/CVE-2016-10192.md @@ -10,6 +10,7 @@ Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3 ### POC #### Reference +- https://ffmpeg.org/security.html - https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156 #### Github diff --git a/2016/CVE-2016-2804.md b/2016/CVE-2016-2804.md index f909752de4..db9d25da44 100644 --- a/2016/CVE-2016-2804.md +++ b/2016/CVE-2016-2804.md @@ -10,6 +10,7 @@ Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 - https://bugzilla.mozilla.org/show_bug.cgi?id=1240880 diff --git a/2016/CVE-2016-2806.md b/2016/CVE-2016-2806.md index b35704a5d8..02f017995f 100644 --- a/2016/CVE-2016-2806.md +++ b/2016/CVE-2016-2806.md @@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be #### Reference - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 #### Github diff --git a/2016/CVE-2016-2807.md b/2016/CVE-2016-2807.md index aca1bc782b..0df7825852 100644 --- a/2016/CVE-2016-2807.md +++ b/2016/CVE-2016-2807.md @@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be #### Reference - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 #### Github diff --git a/2016/CVE-2016-2808.md b/2016/CVE-2016-2808.md index c8f623af83..06accff182 100644 --- a/2016/CVE-2016-2808.md +++ b/2016/CVE-2016-2808.md @@ -11,6 +11,7 @@ The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0 #### Reference - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 - https://bugzilla.mozilla.org/show_bug.cgi?id=1246061 diff --git a/2016/CVE-2016-2811.md b/2016/CVE-2016-2811.md index 7872aa5eb5..c9b34b6277 100644 --- a/2016/CVE-2016-2811.md +++ b/2016/CVE-2016-2811.md @@ -10,6 +10,7 @@ Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worke ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 - https://bugzilla.mozilla.org/show_bug.cgi?id=1252330 diff --git a/2016/CVE-2016-2812.md b/2016/CVE-2016-2812.md index 133d26d1d5..509044f796 100644 --- a/2016/CVE-2016-2812.md +++ b/2016/CVE-2016-2812.md @@ -10,6 +10,7 @@ Race condition in the get implementation in the ServiceWorkerManager class in th ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 #### Github diff --git a/2016/CVE-2016-2814.md b/2016/CVE-2016-2814.md index fc74d64f45..76709d9a97 100644 --- a/2016/CVE-2016-2814.md +++ b/2016/CVE-2016-2814.md @@ -11,6 +11,7 @@ Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo #### Reference - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 #### Github diff --git a/2016/CVE-2016-2816.md b/2016/CVE-2016-2816.md index f132948c7a..8201348e9d 100644 --- a/2016/CVE-2016-2816.md +++ b/2016/CVE-2016-2816.md @@ -10,6 +10,7 @@ Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Securi ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 - https://bugzilla.mozilla.org/show_bug.cgi?id=1223743 diff --git a/2016/CVE-2016-2817.md b/2016/CVE-2016-2817.md index 4230bd1059..6da0ae9152 100644 --- a/2016/CVE-2016-2817.md +++ b/2016/CVE-2016-2817.md @@ -10,6 +10,7 @@ The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 #### Github diff --git a/2016/CVE-2016-2820.md b/2016/CVE-2016-2820.md index 5d7219b922..2494678847 100644 --- a/2016/CVE-2016-2820.md +++ b/2016/CVE-2016-2820.md @@ -10,6 +10,7 @@ The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Fi ### POC #### Reference +- http://www.ubuntu.com/usn/USN-2936-1 - http://www.ubuntu.com/usn/USN-2936-3 - https://bugzilla.mozilla.org/show_bug.cgi?id=870870 diff --git a/2016/CVE-2016-3062.md b/2016/CVE-2016-3062.md index 55c8879591..03956b1408 100644 --- a/2016/CVE-2016-3062.md +++ b/2016/CVE-2016-3062.md @@ -11,6 +11,7 @@ The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg #### Reference - https://bugzilla.libav.org/show_bug.cgi?id=929 +- https://ffmpeg.org/security.html #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-12778.md b/2017/CVE-2017-12778.md index 29af63198e..d87d49db8a 100644 --- a/2017/CVE-2017-12778.md +++ b/2017/CVE-2017-12778.md @@ -10,6 +10,7 @@ ### POC #### Reference +- http://archive.is/eF2GR - https://medium.com/@BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada #### Github diff --git a/2018/CVE-2018-1271.md b/2018/CVE-2018-1271.md index 6a124bd097..50bb02a6f2 100644 --- a/2018/CVE-2018-1271.md +++ b/2018/CVE-2018-1271.md @@ -34,6 +34,7 @@ Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 a - https://github.com/pen4uin/vulnerability-research-list - https://github.com/sobinge/nuclei-templates - https://github.com/superfish9/pt +- https://github.com/tanjiti/sec_profile - https://github.com/tomoyamachi/gocarts - https://github.com/userprofilesecured/Path-transversal-payloads - https://github.com/x-f1v3/Vulnerability_Environment diff --git a/2020/CVE-2020-19762.md b/2020/CVE-2020-19762.md new file mode 100644 index 0000000000..6b408b48a2 --- /dev/null +++ b/2020/CVE-2020-19762.md @@ -0,0 +1,17 @@ +### [CVE-2020-19762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19762) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. + +### POC + +#### Reference +- https://github.com/ismailerkek/CVEs/blob/main/CVE-2020-19762-RESERVED.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2021/CVE-2021-41073.md b/2021/CVE-2021-41073.md index 8af09e2379..62bfa655f8 100644 --- a/2021/CVE-2021-41073.md +++ b/2021/CVE-2021-41073.md @@ -13,6 +13,7 @@ loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows loc - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc #### Github +- https://github.com/0ptyx/cve-2024-0582 - https://github.com/ARPSyndicate/cvemon - https://github.com/Ch4nc3n/PublicExploitation - https://github.com/DarkFunct/CVE_Exploits diff --git a/2021/CVE-2021-42285.md b/2021/CVE-2021-42285.md new file mode 100644 index 0000000000..478937afaa --- /dev/null +++ b/2021/CVE-2021-42285.md @@ -0,0 +1,52 @@ +### [CVE-2021-42285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42285) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%202004&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%207%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%208.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%20version%202004&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%20version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.19119%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.4770%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.2300%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.18363.1916%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19041.1348%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.1348%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19043.1348%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.350%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.25769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.25769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.23517%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20174%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) + +### Description + +Windows Kernel Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/T-RN-R/PatchDiffWednesday + diff --git a/2021/CVE-2021-45614.md b/2021/CVE-2021-45614.md new file mode 100644 index 0000000000..92de5f8d10 --- /dev/null +++ b/2021/CVE-2021-45614.md @@ -0,0 +1,17 @@ +### [CVE-2021-45614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45614) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58. + +### POC + +#### Reference +- https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-24528.md b/2022/CVE-2022-24528.md index 33657af118..1566c69f74 100644 --- a/2022/CVE-2022-24528.md +++ b/2022/CVE-2022-24528.md @@ -55,6 +55,7 @@ No PoCs from references. - https://github.com/Cruxer8Mech/Idk - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review +- https://github.com/T-RN-R/PatchDiffWednesday - https://github.com/WhooAmii/POC_to_review - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC diff --git a/2023/CVE-2023-0033.md b/2023/CVE-2023-0033.md new file mode 100644 index 0000000000..9434600074 --- /dev/null +++ b/2023/CVE-2023-0033.md @@ -0,0 +1,17 @@ +### [CVE-2023-0033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0033) +![](https://img.shields.io/static/v1?label=Product&message=PDF%20Viewer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2d9ae43b-75a7-4fcc-bce3-d9e9d7a97ec0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0034.md b/2023/CVE-2023-0034.md new file mode 100644 index 0000000000..bfaea9d7f6 --- /dev/null +++ b/2023/CVE-2023-0034.md @@ -0,0 +1,17 @@ +### [CVE-2023-0034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0034) +![](https://img.shields.io/static/v1?label=Product&message=JetWidgets%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ffbdb8a1-19c3-45e9-81b0-ad47a0791c4a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0037.md b/2023/CVE-2023-0037.md new file mode 100644 index 0000000000..5bb928e571 --- /dev/null +++ b/2023/CVE-2023-0037.md @@ -0,0 +1,17 @@ +### [CVE-2023-0037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0037) +![](https://img.shields.io/static/v1?label=Product&message=10Web%20Map%20Builder%20for%20Google%20Maps&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.73%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection + +### POC + +#### Reference +- https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0043.md b/2023/CVE-2023-0043.md new file mode 100644 index 0000000000..505c9c230e --- /dev/null +++ b/2023/CVE-2023-0043.md @@ -0,0 +1,17 @@ +### [CVE-2023-0043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0043) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Add%20User&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e012f23a-7daf-4ef3-b116-d0e2ed5bd0a3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0045.md b/2023/CVE-2023-0045.md index bf5e14448e..3bd24d11fa 100644 --- a/2023/CVE-2023-0045.md +++ b/2023/CVE-2023-0045.md @@ -18,5 +18,7 @@ The current implementation of the prctl syscall does not issue an IBPB immediate - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC - https://github.com/xu-xiang/awesome-security-vul-llm +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0058.md b/2023/CVE-2023-0058.md new file mode 100644 index 0000000000..944a22438f --- /dev/null +++ b/2023/CVE-2023-0058.md @@ -0,0 +1,18 @@ +### [CVE-2023-0058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0058) +![](https://img.shields.io/static/v1?label=Product&message=Tiempo.com&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0059.md b/2023/CVE-2023-0059.md new file mode 100644 index 0000000000..e8efc7c664 --- /dev/null +++ b/2023/CVE-2023-0059.md @@ -0,0 +1,17 @@ +### [CVE-2023-0059](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0059) +![](https://img.shields.io/static/v1?label=Product&message=Youzify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5e26c485-9a5a-44a3-95b3-6c063a1c321c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0060.md b/2023/CVE-2023-0060.md new file mode 100644 index 0000000000..39e9988af0 --- /dev/null +++ b/2023/CVE-2023-0060.md @@ -0,0 +1,17 @@ +### [CVE-2023-0060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0060) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Gallery%20Grid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/be2fc859-3158-4f06-861d-382381a7551b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0061.md b/2023/CVE-2023-0061.md new file mode 100644 index 0000000000..bb03471d78 --- /dev/null +++ b/2023/CVE-2023-0061.md @@ -0,0 +1,17 @@ +### [CVE-2023-0061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0061) +![](https://img.shields.io/static/v1?label=Product&message=Judge.me%20Product%20Reviews%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a1d0d131-c773-487e-88f8-e3d63936fbbb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0062.md b/2023/CVE-2023-0062.md new file mode 100644 index 0000000000..72e2fc3d37 --- /dev/null +++ b/2023/CVE-2023-0062.md @@ -0,0 +1,17 @@ +### [CVE-2023-0062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0062) +![](https://img.shields.io/static/v1?label=Product&message=EAN%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/450f94a3-56b1-41c7-ac29-fbda1dc04794 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0063.md b/2023/CVE-2023-0063.md new file mode 100644 index 0000000000..6a2dc918f4 --- /dev/null +++ b/2023/CVE-2023-0063.md @@ -0,0 +1,17 @@ +### [CVE-2023-0063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0063) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Shortcodes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2262f2fc-8122-46ed-8e67-8c34ee35fc97 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0064.md b/2023/CVE-2023-0064.md new file mode 100644 index 0000000000..3a478fb57a --- /dev/null +++ b/2023/CVE-2023-0064.md @@ -0,0 +1,17 @@ +### [CVE-2023-0064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0064) +![](https://img.shields.io/static/v1?label=Product&message=eVision%20Responsive%20Column%20Layout%20Shortcodes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/97be5795-b5b8-40c7-80bf-7da95da7705a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0065.md b/2023/CVE-2023-0065.md new file mode 100644 index 0000000000..178a52281b --- /dev/null +++ b/2023/CVE-2023-0065.md @@ -0,0 +1,17 @@ +### [CVE-2023-0065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0065) +![](https://img.shields.io/static/v1?label=Product&message=i2%20Pros%20%26%20Cons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/42c3ac68-4bbc-4d47-ad53-2c9ed48cd677 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0066.md b/2023/CVE-2023-0066.md new file mode 100644 index 0000000000..005b7b2d28 --- /dev/null +++ b/2023/CVE-2023-0066.md @@ -0,0 +1,17 @@ +### [CVE-2023-0066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0066) +![](https://img.shields.io/static/v1?label=Product&message=Companion%20Sitemap%20Generator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/545c9e2f-bacd-4f30-ae01-de1583e26d32 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0067.md b/2023/CVE-2023-0067.md new file mode 100644 index 0000000000..42f7db998e --- /dev/null +++ b/2023/CVE-2023-0067.md @@ -0,0 +1,17 @@ +### [CVE-2023-0067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0067) +![](https://img.shields.io/static/v1?label=Product&message=Timed%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.73%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/92f43da9-9903-4bcf-99e8-0e269072d389 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0068.md b/2023/CVE-2023-0068.md new file mode 100644 index 0000000000..24efc30c9a --- /dev/null +++ b/2023/CVE-2023-0068.md @@ -0,0 +1,17 @@ +### [CVE-2023-0068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0068) +![](https://img.shields.io/static/v1?label=Product&message=Product%20GTIN%20(EAN%2C%20UPC%2C%20ISBN)%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4abd1454-380c-4c23-8474-d7da4b2f3b8e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0069.md b/2023/CVE-2023-0069.md new file mode 100644 index 0000000000..dd828b58dd --- /dev/null +++ b/2023/CVE-2023-0069.md @@ -0,0 +1,17 @@ +### [CVE-2023-0069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0069) +![](https://img.shields.io/static/v1?label=Product&message=WPaudio%20MP3%20Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d9f00bcb-3746-4a9d-a222-4d532e84615f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0070.md b/2023/CVE-2023-0070.md new file mode 100644 index 0000000000..b24b5a8abd --- /dev/null +++ b/2023/CVE-2023-0070.md @@ -0,0 +1,17 @@ +### [CVE-2023-0070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0070) +![](https://img.shields.io/static/v1?label=Product&message=ResponsiveVoice%20Text%20To%20Speech&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0d8fbd1a-9fac-42ac-94e0-f8921deb1696 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0071.md b/2023/CVE-2023-0071.md new file mode 100644 index 0000000000..c719e32ae7 --- /dev/null +++ b/2023/CVE-2023-0071.md @@ -0,0 +1,17 @@ +### [CVE-2023-0071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0071) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Tabs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3834a162-2cdc-41e9-9c9d-2b576eed4db9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0072.md b/2023/CVE-2023-0072.md new file mode 100644 index 0000000000..11bd403f99 --- /dev/null +++ b/2023/CVE-2023-0072.md @@ -0,0 +1,17 @@ +### [CVE-2023-0072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0072) +![](https://img.shields.io/static/v1?label=Product&message=WC%20Vendors%20Marketplace&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/bb2b876f-7216-4f31-9d1f-a45405c545ce + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0073.md b/2023/CVE-2023-0073.md new file mode 100644 index 0000000000..90015506a7 --- /dev/null +++ b/2023/CVE-2023-0073.md @@ -0,0 +1,17 @@ +### [CVE-2023-0073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0073) +![](https://img.shields.io/static/v1?label=Product&message=Client%20Logo%20Carousel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e5599968-a435-405a-8829-9840a2144987 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0074.md b/2023/CVE-2023-0074.md new file mode 100644 index 0000000000..c8c2055a4a --- /dev/null +++ b/2023/CVE-2023-0074.md @@ -0,0 +1,17 @@ +### [CVE-2023-0074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0074) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Social%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/82f543e3-9397-4364-9546-af5ea134fcd4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0075.md b/2023/CVE-2023-0075.md new file mode 100644 index 0000000000..deb6639c07 --- /dev/null +++ b/2023/CVE-2023-0075.md @@ -0,0 +1,17 @@ +### [CVE-2023-0075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0075) +![](https://img.shields.io/static/v1?label=Product&message=Amazon%20JS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/097acd6f-3291-4cdc-a054-4432b6350411 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0076.md b/2023/CVE-2023-0076.md new file mode 100644 index 0000000000..610ef298ff --- /dev/null +++ b/2023/CVE-2023-0076.md @@ -0,0 +1,17 @@ +### [CVE-2023-0076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0076) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Attachments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0078.md b/2023/CVE-2023-0078.md new file mode 100644 index 0000000000..d10429739b --- /dev/null +++ b/2023/CVE-2023-0078.md @@ -0,0 +1,17 @@ +### [CVE-2023-0078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0078) +![](https://img.shields.io/static/v1?label=Product&message=Resume%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e667854f-56f8-4dbe-9573-6652a8aacc2c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0079.md b/2023/CVE-2023-0079.md new file mode 100644 index 0000000000..1fad840fad --- /dev/null +++ b/2023/CVE-2023-0079.md @@ -0,0 +1,17 @@ +### [CVE-2023-0079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0079) +![](https://img.shields.io/static/v1?label=Product&message=Customer%20Reviews%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.17.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fdaba4d1-950d-4512-95de-cd43fe9e73e5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0080.md b/2023/CVE-2023-0080.md new file mode 100644 index 0000000000..9ab038c37e --- /dev/null +++ b/2023/CVE-2023-0080.md @@ -0,0 +1,17 @@ +### [CVE-2023-0080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0080) +![](https://img.shields.io/static/v1?label=Product&message=Customer%20Reviews%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.16.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0081.md b/2023/CVE-2023-0081.md new file mode 100644 index 0000000000..3fffcefa87 --- /dev/null +++ b/2023/CVE-2023-0081.md @@ -0,0 +1,17 @@ +### [CVE-2023-0081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0081) +![](https://img.shields.io/static/v1?label=Product&message=MonsterInsights&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/76d2963c-ebff-498f-9484-3c3008750c14 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0082.md b/2023/CVE-2023-0082.md new file mode 100644 index 0000000000..d3a446f59f --- /dev/null +++ b/2023/CVE-2023-0082.md @@ -0,0 +1,17 @@ +### [CVE-2023-0082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0082) +![](https://img.shields.io/static/v1?label=Product&message=ExactMetrics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e1ba5047-0c39-478f-89c7-b0bb638efdff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0094.md b/2023/CVE-2023-0094.md new file mode 100644 index 0000000000..0cf0f98014 --- /dev/null +++ b/2023/CVE-2023-0094.md @@ -0,0 +1,17 @@ +### [CVE-2023-0094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0094) +![](https://img.shields.io/static/v1?label=Product&message=UpQode%20Google%20Maps&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1453471f-164d-4487-a736-8cea086212fe/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0095.md b/2023/CVE-2023-0095.md new file mode 100644 index 0000000000..ce147f4e52 --- /dev/null +++ b/2023/CVE-2023-0095.md @@ -0,0 +1,17 @@ +### [CVE-2023-0095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0095) +![](https://img.shields.io/static/v1?label=Product&message=Page%20View%20Count&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/009ca72e-e8fa-4fdc-ab2d-4210f8f4710f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0096.md b/2023/CVE-2023-0096.md new file mode 100644 index 0000000000..b0315398ef --- /dev/null +++ b/2023/CVE-2023-0096.md @@ -0,0 +1,17 @@ +### [CVE-2023-0096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0096) +![](https://img.shields.io/static/v1?label=Product&message=Form%20builder%20to%20get%20in%20touch%20with%20visitors%2C%20grow%20your%20email%20list%20and%20collect%20payments%20%E2%80%94%20Happyforms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b28150e7-214b-4bcd-85c0-e819c4223484 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0097.md b/2023/CVE-2023-0097.md new file mode 100644 index 0000000000..3698652ab0 --- /dev/null +++ b/2023/CVE-2023-0097.md @@ -0,0 +1,17 @@ +### [CVE-2023-0097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0097) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Grid%2C%20Post%20Carousel%2C%20%26%20List%20Category%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19379f08-d667-4b1e-a774-0f4a17ad7bff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0099.md b/2023/CVE-2023-0099.md index 807e14ae47..886a5be7c8 100644 --- a/2023/CVE-2023-0099.md +++ b/2023/CVE-2023-0099.md @@ -11,6 +11,7 @@ The Simple URLs WordPress plugin before 115 does not sanitise and escape some pa #### Reference - http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-0118.md b/2023/CVE-2023-0118.md new file mode 100644 index 0000000000..c8f6f14b9a --- /dev/null +++ b/2023/CVE-2023-0118.md @@ -0,0 +1,21 @@ +### [CVE-2023-0118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0118) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.11%20for%20RHEL%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.11%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.12%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.13%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.14%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-0119.md b/2023/CVE-2023-0119.md new file mode 100644 index 0000000000..82d2da5286 --- /dev/null +++ b/2023/CVE-2023-0119.md @@ -0,0 +1,18 @@ +### [CVE-2023-0119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0119) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.13%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.14%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-0143.md b/2023/CVE-2023-0143.md new file mode 100644 index 0000000000..0a1b53cd20 --- /dev/null +++ b/2023/CVE-2023-0143.md @@ -0,0 +1,17 @@ +### [CVE-2023-0143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0143) +![](https://img.shields.io/static/v1?label=Product&message=Send%20PDF%20for%20Contact%20Form%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c4cd3d98-9678-49cb-9d1a-551ef8a810b9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0144.md b/2023/CVE-2023-0144.md new file mode 100644 index 0000000000..f5ac6d6940 --- /dev/null +++ b/2023/CVE-2023-0144.md @@ -0,0 +1,17 @@ +### [CVE-2023-0144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0144) +![](https://img.shields.io/static/v1?label=Product&message=Event%20Manager%20and%20Tickets%20Selling%20Plugin%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d7b3917a-d11f-4216-9d2c-30771d83a7b4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0145.md b/2023/CVE-2023-0145.md new file mode 100644 index 0000000000..81bddbe01e --- /dev/null +++ b/2023/CVE-2023-0145.md @@ -0,0 +1,17 @@ +### [CVE-2023-0145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0145) +![](https://img.shields.io/static/v1?label=Product&message=Saan%20World%20Clock&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f4e4b4a2-c7cb-42ce-9d5b-bd84efcbf54d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0146.md b/2023/CVE-2023-0146.md new file mode 100644 index 0000000000..23c2feb6ec --- /dev/null +++ b/2023/CVE-2023-0146.md @@ -0,0 +1,17 @@ +### [CVE-2023-0146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0146) +![](https://img.shields.io/static/v1?label=Product&message=Naver%20Map&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d1218c69-4f6a-4b2d-a537-5cc16a46ba7b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0147.md b/2023/CVE-2023-0147.md new file mode 100644 index 0000000000..e2d7b1bf32 --- /dev/null +++ b/2023/CVE-2023-0147.md @@ -0,0 +1,17 @@ +### [CVE-2023-0147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0147) +![](https://img.shields.io/static/v1?label=Product&message=Flexible%20Captcha&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/af9cbb4a-42fc-43c5-88f3-349b417f1a6a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0148.md b/2023/CVE-2023-0148.md new file mode 100644 index 0000000000..393a69cfce --- /dev/null +++ b/2023/CVE-2023-0148.md @@ -0,0 +1,17 @@ +### [CVE-2023-0148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0148) +![](https://img.shields.io/static/v1?label=Product&message=Gallery%20Factory%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f15f2f2c-2053-4b93-8064-15b5243a4021 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0149.md b/2023/CVE-2023-0149.md new file mode 100644 index 0000000000..56aad91ecb --- /dev/null +++ b/2023/CVE-2023-0149.md @@ -0,0 +1,17 @@ +### [CVE-2023-0149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0149) +![](https://img.shields.io/static/v1?label=Product&message=WordPrezi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6b6f9e42-7f7f-4daa-99c9-14a24a6d76b0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0150.md b/2023/CVE-2023-0150.md new file mode 100644 index 0000000000..9571458fbd --- /dev/null +++ b/2023/CVE-2023-0150.md @@ -0,0 +1,17 @@ +### [CVE-2023-0150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0150) +![](https://img.shields.io/static/v1?label=Product&message=Cloak%20Front%20End%20Email&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/517154dc-d6bd-462d-b955-061a7b7f8da5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0151.md b/2023/CVE-2023-0151.md new file mode 100644 index 0000000000..e9485d2d0a --- /dev/null +++ b/2023/CVE-2023-0151.md @@ -0,0 +1,17 @@ +### [CVE-2023-0151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0151) +![](https://img.shields.io/static/v1?label=Product&message=uTubeVideo%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d9fc6f5f-efc1-4e23-899b-e9a49330ed13 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0152.md b/2023/CVE-2023-0152.md new file mode 100644 index 0000000000..54dba3674a --- /dev/null +++ b/2023/CVE-2023-0152.md @@ -0,0 +1,17 @@ +### [CVE-2023-0152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0152) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Multi%20Store%20Locator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8281fce2-6f24-4d3f-895f-4d8694806609 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0153.md b/2023/CVE-2023-0153.md new file mode 100644 index 0000000000..5245903b3a --- /dev/null +++ b/2023/CVE-2023-0153.md @@ -0,0 +1,17 @@ +### [CVE-2023-0153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0153) +![](https://img.shields.io/static/v1?label=Product&message=Vimeo%20Video%20Autoplay%20Automute&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f3459868-28aa-4a5d-94d8-bbc17e3ce653 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0154.md b/2023/CVE-2023-0154.md new file mode 100644 index 0000000000..9b175768de --- /dev/null +++ b/2023/CVE-2023-0154.md @@ -0,0 +1,17 @@ +### [CVE-2023-0154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0154) +![](https://img.shields.io/static/v1?label=Product&message=GamiPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5e66e173-776d-4423-b4a2-eb7316b2502f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0156.md b/2023/CVE-2023-0156.md index 8a44b004d2..4298fe5dd8 100644 --- a/2023/CVE-2023-0156.md +++ b/2023/CVE-2023-0156.md @@ -10,7 +10,7 @@ The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759 #### Github - https://github.com/b0marek/CVE-2023-0156 diff --git a/2023/CVE-2023-0157.md b/2023/CVE-2023-0157.md index 039151b409..36a739c0a1 100644 --- a/2023/CVE-2023-0157.md +++ b/2023/CVE-2023-0157.md @@ -10,7 +10,7 @@ The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/8248b550-6485-4108-a701-8446ffa35f06 #### Github - https://github.com/b0marek/CVE-2023-0157 diff --git a/2023/CVE-2023-0159.md b/2023/CVE-2023-0159.md index 54ca7ec3f6..6ef451b994 100644 --- a/2023/CVE-2023-0159.md +++ b/2023/CVE-2023-0159.md @@ -10,7 +10,7 @@ The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809 #### Github - https://github.com/im-hanzou/EVCer diff --git a/2023/CVE-2023-0165.md b/2023/CVE-2023-0165.md new file mode 100644 index 0000000000..ecf1613f22 --- /dev/null +++ b/2023/CVE-2023-0165.md @@ -0,0 +1,17 @@ +### [CVE-2023-0165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0165) +![](https://img.shields.io/static/v1?label=Product&message=Cost%20Calculator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f00b82f7-d8ad-4f6b-b791-81cc16b6336b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0166.md b/2023/CVE-2023-0166.md new file mode 100644 index 0000000000..dedf7bc2a7 --- /dev/null +++ b/2023/CVE-2023-0166.md @@ -0,0 +1,17 @@ +### [CVE-2023-0166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0166) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Slider%20for%20WooCommerce%20by%20PickPlugins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.13.42%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f5d43062-4ef3-4dd1-b916-0127f0016f5c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0167.md b/2023/CVE-2023-0167.md new file mode 100644 index 0000000000..bc99fe23d7 --- /dev/null +++ b/2023/CVE-2023-0167.md @@ -0,0 +1,17 @@ +### [CVE-2023-0167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0167) +![](https://img.shields.io/static/v1?label=Product&message=GetResponse%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fafbf666-b908-48ef-9041-fea653e9bfeb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0168.md b/2023/CVE-2023-0168.md new file mode 100644 index 0000000000..0cf7347555 --- /dev/null +++ b/2023/CVE-2023-0168.md @@ -0,0 +1,17 @@ +### [CVE-2023-0168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0168) +![](https://img.shields.io/static/v1?label=Product&message=Olevmedia%20Shortcodes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e854efee-16fc-4379-9e66-d2883e01fb32 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0169.md b/2023/CVE-2023-0169.md new file mode 100644 index 0000000000..14f6f2cfb0 --- /dev/null +++ b/2023/CVE-2023-0169.md @@ -0,0 +1,17 @@ +### [CVE-2023-0169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0169) +![](https://img.shields.io/static/v1?label=Product&message=Form%20plugin%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/178d71f2-4666-4f7e-ada5-cb72a50fd663 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0170.md b/2023/CVE-2023-0170.md new file mode 100644 index 0000000000..ee6c93236d --- /dev/null +++ b/2023/CVE-2023-0170.md @@ -0,0 +1,17 @@ +### [CVE-2023-0170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0170) +![](https://img.shields.io/static/v1?label=Product&message=Html5%20Audio%20Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19ee5e33-acc8-40c5-8f54-c9cb0fa491f0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0171.md b/2023/CVE-2023-0171.md new file mode 100644 index 0000000000..5814501bf3 --- /dev/null +++ b/2023/CVE-2023-0171.md @@ -0,0 +1,17 @@ +### [CVE-2023-0171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0171) +![](https://img.shields.io/static/v1?label=Product&message=jQuery%20T(-)%20Countdown%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/32324655-ff91-4a53-a2c5-ebe6678d4a9d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0172.md b/2023/CVE-2023-0172.md new file mode 100644 index 0000000000..9b37a2fd41 --- /dev/null +++ b/2023/CVE-2023-0172.md @@ -0,0 +1,17 @@ +### [CVE-2023-0172](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0172) +![](https://img.shields.io/static/v1?label=Product&message=Embed%2C%20curate%20%26%20aggregate%20social%20media%20feeds%20into%20your%20website%20using%20JUICER&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c8982b8d-985f-4a5d-840d-e8be7c3405bd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0173.md b/2023/CVE-2023-0173.md new file mode 100644 index 0000000000..a8f6d1cb6d --- /dev/null +++ b/2023/CVE-2023-0173.md @@ -0,0 +1,17 @@ +### [CVE-2023-0173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0173) +![](https://img.shields.io/static/v1?label=Product&message=Drag%20%26%20Drop%20Sales%20Funnel%20Builder%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0174.md b/2023/CVE-2023-0174.md new file mode 100644 index 0000000000..1478fde6ef --- /dev/null +++ b/2023/CVE-2023-0174.md @@ -0,0 +1,17 @@ +### [CVE-2023-0174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0174) +![](https://img.shields.io/static/v1?label=Product&message=WP%20VR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6b53d0e6-def9-4907-bd2b-884b2afa52b3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0175.md b/2023/CVE-2023-0175.md new file mode 100644 index 0000000000..58388a862a --- /dev/null +++ b/2023/CVE-2023-0175.md @@ -0,0 +1,17 @@ +### [CVE-2023-0175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0175) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Clients%20Logo%20Gallery%20Plugin%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cdcd3c2c-cb29-4b21-8d3d-7eafbc1d3098 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0176.md b/2023/CVE-2023-0176.md new file mode 100644 index 0000000000..de662fbecb --- /dev/null +++ b/2023/CVE-2023-0176.md @@ -0,0 +1,17 @@ +### [CVE-2023-0176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0176) +![](https://img.shields.io/static/v1?label=Product&message=Giveaways%20and%20Contests%20by%20RafflePress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a762c25b-5c47-400e-8964-407cf4c94e9f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0177.md b/2023/CVE-2023-0177.md new file mode 100644 index 0000000000..9327d77103 --- /dev/null +++ b/2023/CVE-2023-0177.md @@ -0,0 +1,17 @@ +### [CVE-2023-0177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0177) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Like%20Box%20and%20Page%20by%20WpDevArt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.8.41%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/712c2154-37f4-424c-ba3b-26ba6aa95bca + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0178.md b/2023/CVE-2023-0178.md new file mode 100644 index 0000000000..b145ea83af --- /dev/null +++ b/2023/CVE-2023-0178.md @@ -0,0 +1,17 @@ +### [CVE-2023-0178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0178) +![](https://img.shields.io/static/v1?label=Product&message=Annual%20Archive&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cc308e15-7937-4d41-809d-74f8c13bee23 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0179.md b/2023/CVE-2023-0179.md index 778ebc5985..4c4b5a7934 100644 --- a/2023/CVE-2023-0179.md +++ b/2023/CVE-2023-0179.md @@ -34,5 +34,7 @@ A buffer overflow vulnerability was found in the Netfilter subsystem in the Linu - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/taielab/awesome-hacking-lists - https://github.com/tanjiti/sec_profile +- https://github.com/whoforget/CVE-POC - https://github.com/xairy/linux-kernel-exploitation +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0212.md b/2023/CVE-2023-0212.md new file mode 100644 index 0000000000..e6ae77d6e9 --- /dev/null +++ b/2023/CVE-2023-0212.md @@ -0,0 +1,17 @@ +### [CVE-2023-0212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0212) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Recent%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5fdd44aa-7f3f-423a-9fb0-dc9dc36f33a3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0219.md b/2023/CVE-2023-0219.md new file mode 100644 index 0000000000..c64f20c3ec --- /dev/null +++ b/2023/CVE-2023-0219.md @@ -0,0 +1,17 @@ +### [CVE-2023-0219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0219) +![](https://img.shields.io/static/v1?label=Product&message=FluentSMTP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/71662b72-311c-42db-86c5-a0276d25535c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0220.md b/2023/CVE-2023-0220.md new file mode 100644 index 0000000000..a9d9c138fe --- /dev/null +++ b/2023/CVE-2023-0220.md @@ -0,0 +1,17 @@ +### [CVE-2023-0220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0220) +![](https://img.shields.io/static/v1?label=Product&message=Pinpoint%20Booking%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.9.9.2.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d6d976be-31d1-419d-8729-4a36fbd2755c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0224.md b/2023/CVE-2023-0224.md new file mode 100644 index 0000000000..5c4ccb5662 --- /dev/null +++ b/2023/CVE-2023-0224.md @@ -0,0 +1,17 @@ +### [CVE-2023-0224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0224) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.24.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0230.md b/2023/CVE-2023-0230.md new file mode 100644 index 0000000000..e086ddb6fc --- /dev/null +++ b/2023/CVE-2023-0230.md @@ -0,0 +1,17 @@ +### [CVE-2023-0230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0230) +![](https://img.shields.io/static/v1?label=Product&message=VK%20All%20in%20One%20Expansion%20Unit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.86.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a4ad73b2-6a70-48ff-bf4c-28f81b193748 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0231.md b/2023/CVE-2023-0231.md new file mode 100644 index 0000000000..a64df00452 --- /dev/null +++ b/2023/CVE-2023-0231.md @@ -0,0 +1,17 @@ +### [CVE-2023-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0231) +![](https://img.shields.io/static/v1?label=Product&message=ShopLentor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/533c19d5-219c-4389-a8bf-8b3a35b33b20 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0233.md b/2023/CVE-2023-0233.md new file mode 100644 index 0000000000..06850ba9d4 --- /dev/null +++ b/2023/CVE-2023-0233.md @@ -0,0 +1,17 @@ +### [CVE-2023-0233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0233) +![](https://img.shields.io/static/v1?label=Product&message=ActiveCampaign&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.1.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e95c85fd-fa47-45bd-b8e0-a7f33edd7130 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0234.md b/2023/CVE-2023-0234.md new file mode 100644 index 0000000000..596366d304 --- /dev/null +++ b/2023/CVE-2023-0234.md @@ -0,0 +1,17 @@ +### [CVE-2023-0234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0234) +![](https://img.shields.io/static/v1?label=Product&message=SiteGround%20Security&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0252.md b/2023/CVE-2023-0252.md new file mode 100644 index 0000000000..51ffe3d6dc --- /dev/null +++ b/2023/CVE-2023-0252.md @@ -0,0 +1,17 @@ +### [CVE-2023-0252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0252) +![](https://img.shields.io/static/v1?label=Product&message=Contextual%20Related%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5754a4fd-1adf-47aa-976f-3b28750058c2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0255.md b/2023/CVE-2023-0255.md index 5bac5e06fb..3eaf8cf2b0 100644 --- a/2023/CVE-2023-0255.md +++ b/2023/CVE-2023-0255.md @@ -10,7 +10,7 @@ The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/b0239208-1e23-4774-9b8c-9611704a07a0 #### Github - https://github.com/codeb0ss/CVE-2023-0255-PoC diff --git a/2023/CVE-2023-0259.md b/2023/CVE-2023-0259.md new file mode 100644 index 0000000000..3f7432c869 --- /dev/null +++ b/2023/CVE-2023-0259.md @@ -0,0 +1,17 @@ +### [CVE-2023-0259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0259) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Google%20Review%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2011.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d3bb0eac-1f4e-4191-8f3b-104a5bb54558 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0260.md b/2023/CVE-2023-0260.md new file mode 100644 index 0000000000..7fa6a72e76 --- /dev/null +++ b/2023/CVE-2023-0260.md @@ -0,0 +1,17 @@ +### [CVE-2023-0260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0260) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Review%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2012.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9165d46b-2a27-4e83-a096-73ffe9057c80 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0261.md b/2023/CVE-2023-0261.md index bd9baf5ca3..f1cb4eae32 100644 --- a/2023/CVE-2023-0261.md +++ b/2023/CVE-2023-0261.md @@ -10,7 +10,7 @@ The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/6a3b6752-8d72-4ab4-9d49-b722a947d2b0 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-0262.md b/2023/CVE-2023-0262.md new file mode 100644 index 0000000000..b65ee72db0 --- /dev/null +++ b/2023/CVE-2023-0262.md @@ -0,0 +1,17 @@ +### [CVE-2023-0262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0262) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Airbnb%20Review%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5d8c28ac-a46c-45d3-acc9-2cd2e6356ba2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0263.md b/2023/CVE-2023-0263.md new file mode 100644 index 0000000000..427a125606 --- /dev/null +++ b/2023/CVE-2023-0263.md @@ -0,0 +1,17 @@ +### [CVE-2023-0263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0263) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Yelp%20Review%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2b4a6459-3e49-4048-8a9f-d7bb350aa2f6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0266.md b/2023/CVE-2023-0266.md index 8fe50c1d26..5706f957ad 100644 --- a/2023/CVE-2023-0266.md +++ b/2023/CVE-2023-0266.md @@ -16,5 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/SeanHeelan/claude_opus_cve_2023_0266 +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-0267.md b/2023/CVE-2023-0267.md new file mode 100644 index 0000000000..deb99ec809 --- /dev/null +++ b/2023/CVE-2023-0267.md @@ -0,0 +1,17 @@ +### [CVE-2023-0267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0267) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Carousel%20For%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7ba7849d-e07b-465a-bfb7-10c8186be140 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0268.md b/2023/CVE-2023-0268.md new file mode 100644 index 0000000000..23ddd3ea15 --- /dev/null +++ b/2023/CVE-2023-0268.md @@ -0,0 +1,17 @@ +### [CVE-2023-0268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0268) +![](https://img.shields.io/static/v1?label=Product&message=Mega%20Addons%20For%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/99389641-ad1e-45c1-a42f-2a010ee22d76 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0270.md b/2023/CVE-2023-0270.md new file mode 100644 index 0000000000..fd8bdce5d8 --- /dev/null +++ b/2023/CVE-2023-0270.md @@ -0,0 +1,17 @@ +### [CVE-2023-0270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0270) +![](https://img.shields.io/static/v1?label=Product&message=YaMaps%20for%20WordPress%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.6.26%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ca3ca694-54ca-4e7e-82e6-33aa240754e1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0271.md b/2023/CVE-2023-0271.md new file mode 100644 index 0000000000..e902261de9 --- /dev/null +++ b/2023/CVE-2023-0271.md @@ -0,0 +1,17 @@ +### [CVE-2023-0271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0271) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Font%20Awesome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fd7aaf06-4be7-48d6-83a1-cd5cd6c3d9c2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0272.md b/2023/CVE-2023-0272.md new file mode 100644 index 0000000000..be71b87221 --- /dev/null +++ b/2023/CVE-2023-0272.md @@ -0,0 +1,17 @@ +### [CVE-2023-0272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0272) +![](https://img.shields.io/static/v1?label=Product&message=NEX-Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/047b50c0-0eb3-4371-9e5d-3778fdafc66b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0273.md b/2023/CVE-2023-0273.md new file mode 100644 index 0000000000..2be0427f9a --- /dev/null +++ b/2023/CVE-2023-0273.md @@ -0,0 +1,17 @@ +### [CVE-2023-0273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0273) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Content%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5cafbba6-478f-4f5d-a2d4-60c6a22f2f1e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0274.md b/2023/CVE-2023-0274.md new file mode 100644 index 0000000000..f70d3aeb94 --- /dev/null +++ b/2023/CVE-2023-0274.md @@ -0,0 +1,17 @@ +### [CVE-2023-0274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0274) +![](https://img.shields.io/static/v1?label=Product&message=URL%20Params&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0275.md b/2023/CVE-2023-0275.md new file mode 100644 index 0000000000..108c3a1fce --- /dev/null +++ b/2023/CVE-2023-0275.md @@ -0,0 +1,17 @@ +### [CVE-2023-0275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0275) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Accept%20Payments%20for%20PayPal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.9.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/aab5d803-d621-4b12-a901-ff4447334d88 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0276.md b/2023/CVE-2023-0276.md new file mode 100644 index 0000000000..1130ce2a15 --- /dev/null +++ b/2023/CVE-2023-0276.md @@ -0,0 +1,17 @@ +### [CVE-2023-0276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0276) +![](https://img.shields.io/static/v1?label=Product&message=Weaver%20Xtreme%20Theme%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d00824a3-7df5-4b52-a31b-5fdfb19c970f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0277.md b/2023/CVE-2023-0277.md new file mode 100644 index 0000000000..7dcd700887 --- /dev/null +++ b/2023/CVE-2023-0277.md @@ -0,0 +1,17 @@ +### [CVE-2023-0277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0277) +![](https://img.shields.io/static/v1?label=Product&message=WC%20Fields%20Factory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/69ffb2f1-b291-49bf-80a8-08d03ceca53b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0278.md b/2023/CVE-2023-0278.md new file mode 100644 index 0000000000..db382ab57a --- /dev/null +++ b/2023/CVE-2023-0278.md @@ -0,0 +1,17 @@ +### [CVE-2023-0278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0278) +![](https://img.shields.io/static/v1?label=Product&message=GeoDirectory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/98deb84e-01ca-4b70-a8f8-0a226daa85a6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0279.md b/2023/CVE-2023-0279.md new file mode 100644 index 0000000000..d929b8de01 --- /dev/null +++ b/2023/CVE-2023-0279.md @@ -0,0 +1,17 @@ +### [CVE-2023-0279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0279) +![](https://img.shields.io/static/v1?label=Product&message=Media%20Library%20Assistant&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/42db1ba5-1b14-41bd-a2b3-7243a84c9d3d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0280.md b/2023/CVE-2023-0280.md new file mode 100644 index 0000000000..7e7ae3faaf --- /dev/null +++ b/2023/CVE-2023-0280.md @@ -0,0 +1,17 @@ +### [CVE-2023-0280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0280) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Carousel%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cb7ed9e6-0fa0-4ebb-9109-8f33defc8b32 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0282.md b/2023/CVE-2023-0282.md new file mode 100644 index 0000000000..224be4402b --- /dev/null +++ b/2023/CVE-2023-0282.md @@ -0,0 +1,17 @@ +### [CVE-2023-0282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0282) +![](https://img.shields.io/static/v1?label=Product&message=YourChannel%3A%20Everything%20you%20want%20in%20a%20YouTube%20plugin.&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/93693d45-5217-4571-bae5-aab8878cfe62 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0297.md b/2023/CVE-2023-0297.md index 1ff564e30f..864740a2f9 100644 --- a/2023/CVE-2023-0297.md +++ b/2023/CVE-2023-0297.md @@ -35,4 +35,6 @@ Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/overgrowncarrot1/CVE-2023-0297 - https://github.com/sota70/PC-Easy-Writeup +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0315.md b/2023/CVE-2023-0315.md index 40a3099b62..c2c70e8333 100644 --- a/2023/CVE-2023-0315.md +++ b/2023/CVE-2023-0315.md @@ -23,4 +23,6 @@ Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. - https://github.com/manas3c/CVE-POC - https://github.com/mhaskar/CVE-2023-0315 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0328.md b/2023/CVE-2023-0328.md new file mode 100644 index 0000000000..c74feb0385 --- /dev/null +++ b/2023/CVE-2023-0328.md @@ -0,0 +1,17 @@ +### [CVE-2023-0328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0328) +![](https://img.shields.io/static/v1?label=Product&message=WPCode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0329.md b/2023/CVE-2023-0329.md index 9d5f826cf7..8ae73eacd9 100644 --- a/2023/CVE-2023-0329.md +++ b/2023/CVE-2023-0329.md @@ -11,6 +11,7 @@ The Elementor Website Builder WordPress plugin before 3.12.2 does not properly s #### Reference - http://packetstormsecurity.com/files/175639/Elementor-Website-Builder-SQL-Injection.html +- https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-0330.md b/2023/CVE-2023-0330.md new file mode 100644 index 0000000000..8fb429706b --- /dev/null +++ b/2023/CVE-2023-0330.md @@ -0,0 +1,17 @@ +### [CVE-2023-0330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0330) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. + +### POC + +#### Reference +- https://bugzilla.redhat.com/show_bug.cgi?id=2160151 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0331.md b/2023/CVE-2023-0331.md new file mode 100644 index 0000000000..cdcdb1dc7f --- /dev/null +++ b/2023/CVE-2023-0331.md @@ -0,0 +1,17 @@ +### [CVE-2023-0331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0331) +![](https://img.shields.io/static/v1?label=Product&message=Correos%20Oficial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b4dbaf3-1364-4103-9a7b-b5a1355c685b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0333.md b/2023/CVE-2023-0333.md new file mode 100644 index 0000000000..85712e2482 --- /dev/null +++ b/2023/CVE-2023-0333.md @@ -0,0 +1,17 @@ +### [CVE-2023-0333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0333) +![](https://img.shields.io/static/v1?label=Product&message=TemplatesNext%20ToolKit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0334.md b/2023/CVE-2023-0334.md new file mode 100644 index 0000000000..b228e37778 --- /dev/null +++ b/2023/CVE-2023-0334.md @@ -0,0 +1,17 @@ +### [CVE-2023-0334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0334) +![](https://img.shields.io/static/v1?label=Product&message=ShortPixel%20Adaptive%20Images&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.6.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b027a8db-0fd6-444d-b14a-0ae58f04f931 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0335.md b/2023/CVE-2023-0335.md new file mode 100644 index 0000000000..5b4d3c8749 --- /dev/null +++ b/2023/CVE-2023-0335.md @@ -0,0 +1,18 @@ +### [CVE-2023-0335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0335) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Shamsi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0336.md b/2023/CVE-2023-0336.md new file mode 100644 index 0000000000..b05e6d4308 --- /dev/null +++ b/2023/CVE-2023-0336.md @@ -0,0 +1,18 @@ +### [CVE-2023-0336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0336) +![](https://img.shields.io/static/v1?label=Product&message=OoohBoi%20Steroids%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0340.md b/2023/CVE-2023-0340.md new file mode 100644 index 0000000000..83d2661b0f --- /dev/null +++ b/2023/CVE-2023-0340.md @@ -0,0 +1,17 @@ +### [CVE-2023-0340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0340) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Content%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/71956598-90aa-4557-947a-c4716674543d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0360.md b/2023/CVE-2023-0360.md new file mode 100644 index 0000000000..5f82a1fa32 --- /dev/null +++ b/2023/CVE-2023-0360.md @@ -0,0 +1,17 @@ +### [CVE-2023-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0360) +![](https://img.shields.io/static/v1?label=Product&message=Location%20Weather&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ba653457-415f-4ab3-a792-42640b59302b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0362.md b/2023/CVE-2023-0362.md new file mode 100644 index 0000000000..74e89bda4f --- /dev/null +++ b/2023/CVE-2023-0362.md @@ -0,0 +1,17 @@ +### [CVE-2023-0362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0362) +![](https://img.shields.io/static/v1?label=Product&message=Themify%20Portfolio%20Post&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/95ee3257-cfda-480d-b3f7-28235564cf6d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0363.md b/2023/CVE-2023-0363.md new file mode 100644 index 0000000000..0e06a25eb8 --- /dev/null +++ b/2023/CVE-2023-0363.md @@ -0,0 +1,17 @@ +### [CVE-2023-0363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0363) +![](https://img.shields.io/static/v1?label=Product&message=Scheduled%20Announcements%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6d332a47-e96c-455b-9e8f-db6dbb59b518 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0364.md b/2023/CVE-2023-0364.md new file mode 100644 index 0000000000..6811ba42ff --- /dev/null +++ b/2023/CVE-2023-0364.md @@ -0,0 +1,17 @@ +### [CVE-2023-0364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0364) +![](https://img.shields.io/static/v1?label=Product&message=real.Kit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e56759ae-7530-467a-b9ba-e9a404afb872 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0365.md b/2023/CVE-2023-0365.md new file mode 100644 index 0000000000..a501dcca99 --- /dev/null +++ b/2023/CVE-2023-0365.md @@ -0,0 +1,17 @@ +### [CVE-2023-0365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0365) +![](https://img.shields.io/static/v1?label=Product&message=React%20Webcam&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d268d7a3-82fd-4444-bc0e-27c7cc279b5a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0366.md b/2023/CVE-2023-0366.md new file mode 100644 index 0000000000..39c83a681d --- /dev/null +++ b/2023/CVE-2023-0366.md @@ -0,0 +1,17 @@ +### [CVE-2023-0366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0366) +![](https://img.shields.io/static/v1?label=Product&message=Loan%20Comparison&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7d68b0df-7169-46b2-b8e3-4d0c2aa8d605 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0367.md b/2023/CVE-2023-0367.md new file mode 100644 index 0000000000..99877ab558 --- /dev/null +++ b/2023/CVE-2023-0367.md @@ -0,0 +1,17 @@ +### [CVE-2023-0367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0367) +![](https://img.shields.io/static/v1?label=Product&message=Pricing%20Tables%20For%20WPBakery%20Page%20Builder%20(formerly%20Visual%20Composer)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d7685af2-6034-49ea-93ef-4debe72689bc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0368.md b/2023/CVE-2023-0368.md new file mode 100644 index 0000000000..4613a5b6c0 --- /dev/null +++ b/2023/CVE-2023-0368.md @@ -0,0 +1,17 @@ +### [CVE-2023-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0368) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Tabs%20For%20WPBakery%20Page%20Builder%20(formerly%20Visual%20Composer)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0369.md b/2023/CVE-2023-0369.md new file mode 100644 index 0000000000..34a1351632 --- /dev/null +++ b/2023/CVE-2023-0369.md @@ -0,0 +1,17 @@ +### [CVE-2023-0369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0369) +![](https://img.shields.io/static/v1?label=Product&message=GoToWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/351f31e0-cd13-4079-8fd1-447f319133c9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0370.md b/2023/CVE-2023-0370.md new file mode 100644 index 0000000000..747637ead4 --- /dev/null +++ b/2023/CVE-2023-0370.md @@ -0,0 +1,17 @@ +### [CVE-2023-0370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0370) +![](https://img.shields.io/static/v1?label=Product&message=WPB%20Advanced%20FAQ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4f5597f9-ab27-42d2-847c-14455b7d0849 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0371.md b/2023/CVE-2023-0371.md new file mode 100644 index 0000000000..d4548f34fa --- /dev/null +++ b/2023/CVE-2023-0371.md @@ -0,0 +1,17 @@ +### [CVE-2023-0371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0371) +![](https://img.shields.io/static/v1?label=Product&message=EmbedSocial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0b6381cd-fa31-4cc7-8b42-063a4c545577 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0372.md b/2023/CVE-2023-0372.md new file mode 100644 index 0000000000..49717096c8 --- /dev/null +++ b/2023/CVE-2023-0372.md @@ -0,0 +1,17 @@ +### [CVE-2023-0372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0372) +![](https://img.shields.io/static/v1?label=Product&message=EmbedStories&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.7.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9cf90ad8-4aa4-466c-a33e-4f2706815765 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0373.md b/2023/CVE-2023-0373.md new file mode 100644 index 0000000000..32ba21af5c --- /dev/null +++ b/2023/CVE-2023-0373.md @@ -0,0 +1,17 @@ +### [CVE-2023-0373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0373) +![](https://img.shields.io/static/v1?label=Product&message=Lightweight%20Accordion&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fe60ea83-b584-465a-8128-b7358d8da3af + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0374.md b/2023/CVE-2023-0374.md new file mode 100644 index 0000000000..bfc51e698a --- /dev/null +++ b/2023/CVE-2023-0374.md @@ -0,0 +1,17 @@ +### [CVE-2023-0374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0374) +![](https://img.shields.io/static/v1?label=Product&message=W4%20Post%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ddb10f2e-73b8-444c-90b2-5c84cdf6de5c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0375.md b/2023/CVE-2023-0375.md new file mode 100644 index 0000000000..9c52eee210 --- /dev/null +++ b/2023/CVE-2023-0375.md @@ -0,0 +1,17 @@ +### [CVE-2023-0375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0375) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Affiliate%20Links&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/915d6add-d3e2-4ced-969e-9523981ac886 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0376.md b/2023/CVE-2023-0376.md new file mode 100644 index 0000000000..04f7e41b31 --- /dev/null +++ b/2023/CVE-2023-0376.md @@ -0,0 +1,17 @@ +### [CVE-2023-0376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0376) +![](https://img.shields.io/static/v1?label=Product&message=Qubely&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b1aa6f32-c1d5-4fc6-9a4e-d4c5fae78389/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0377.md b/2023/CVE-2023-0377.md new file mode 100644 index 0000000000..55ec1822e3 --- /dev/null +++ b/2023/CVE-2023-0377.md @@ -0,0 +1,17 @@ +### [CVE-2023-0377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0377) +![](https://img.shields.io/static/v1?label=Product&message=Scriptless%20Social%20Sharing&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b1aacd1-3f75-4a6f-8146-cbb98a713724 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0378.md b/2023/CVE-2023-0378.md new file mode 100644 index 0000000000..cda6b555c5 --- /dev/null +++ b/2023/CVE-2023-0378.md @@ -0,0 +1,17 @@ +### [CVE-2023-0378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0378) +![](https://img.shields.io/static/v1?label=Product&message=Greenshift&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3313cc05-2267-4d93-a8a8-2c0701c21f66 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0379.md b/2023/CVE-2023-0379.md new file mode 100644 index 0000000000..38ba147da9 --- /dev/null +++ b/2023/CVE-2023-0379.md @@ -0,0 +1,17 @@ +### [CVE-2023-0379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0379) +![](https://img.shields.io/static/v1?label=Product&message=Spotlight%20Social%20Feeds%20%5BBlock%2C%20Shortcode%2C%20and%20Widget%5D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/14b4f0c5-c7b1-4ac4-8c9c-f8c35ca5de4a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0380.md b/2023/CVE-2023-0380.md new file mode 100644 index 0000000000..881e767888 --- /dev/null +++ b/2023/CVE-2023-0380.md @@ -0,0 +1,17 @@ +### [CVE-2023-0380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0380) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Digital%20Downloads&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.0.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3256e090-1131-459d-ade5-f052cd5d189f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0381.md b/2023/CVE-2023-0381.md new file mode 100644 index 0000000000..3c0ab9c2f8 --- /dev/null +++ b/2023/CVE-2023-0381.md @@ -0,0 +1,17 @@ +### [CVE-2023-0381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0381) +![](https://img.shields.io/static/v1?label=Product&message=GigPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/39c964fa-6d8d-404d-ac38-72f6f88d203c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0386.md b/2023/CVE-2023-0386.md index 5af1292c84..44c0b06fd3 100644 --- a/2023/CVE-2023-0386.md +++ b/2023/CVE-2023-0386.md @@ -24,6 +24,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution - https://github.com/DataDog/security-labs-pocs - https://github.com/Disturbante/Linux-Pentest - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/EstamelGG/CVE-2023-0386-libs - https://github.com/Fanxiaoyao66/CVE-2023-0386 - https://github.com/Fanxiaoyao66/Hack-The-Box-TwoMillion - https://github.com/GhostTroops/TOP @@ -34,6 +35,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution - https://github.com/abylinjohnson/linux-kernel-exploits - https://github.com/beruangsalju/LocalPrivilegeEscalation - https://github.com/chenaotian/CVE-2023-0386 +- https://github.com/churamanib/CVE-2023-0386 - https://github.com/djytmdj/Tool_Summary - https://github.com/hktalent/TOP - https://github.com/hshivhare67/kernel_v4.19.72_CVE-2023-0386 @@ -43,6 +45,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/puckiestyle/CVE-2023-0386 +- https://github.com/shungo0222/shungo0222 - https://github.com/silentEAG/awesome-stars - https://github.com/sxlmnwb/CVE-2023-0386 - https://github.com/talent-x90c/cve_list @@ -50,6 +53,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution - https://github.com/toastytoastytoasty/toastydz.github.io - https://github.com/tycloud97/awesome-stars - https://github.com/veritas501/CVE-2023-0386 +- https://github.com/whoami13apt/files2 - https://github.com/x3t2con/Rttools-2 - https://github.com/x90hack/vulnerabilty_lab - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-0388.md b/2023/CVE-2023-0388.md new file mode 100644 index 0000000000..e004ceec5a --- /dev/null +++ b/2023/CVE-2023-0388.md @@ -0,0 +1,17 @@ +### [CVE-2023-0388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0388) +![](https://img.shields.io/static/v1?label=Product&message=Random%20Text&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/77861a2e-879a-4bd0-b4c0-cd19481ace5d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0389.md b/2023/CVE-2023-0389.md new file mode 100644 index 0000000000..8c7861ef4b --- /dev/null +++ b/2023/CVE-2023-0389.md @@ -0,0 +1,17 @@ +### [CVE-2023-0389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0389) +![](https://img.shields.io/static/v1?label=Product&message=Calculated%20Fields%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.151%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/090a3922-febc-4294-82d2-d8339d461893/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0395.md b/2023/CVE-2023-0395.md new file mode 100644 index 0000000000..fde2fa60ea --- /dev/null +++ b/2023/CVE-2023-0395.md @@ -0,0 +1,17 @@ +### [CVE-2023-0395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0395) +![](https://img.shields.io/static/v1?label=Product&message=menu%20shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3f2565cd-7050-4ebd-9a50-cd9b9f7c3341 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0399.md b/2023/CVE-2023-0399.md new file mode 100644 index 0000000000..eb7e6da786 --- /dev/null +++ b/2023/CVE-2023-0399.md @@ -0,0 +1,17 @@ +### [CVE-2023-0399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0399) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Over%20Image%20For%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/702d7bbe-93cc-4bc2-b41d-cb66e08c99a7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0405.md b/2023/CVE-2023-0405.md new file mode 100644 index 0000000000..57b69ea835 --- /dev/null +++ b/2023/CVE-2023-0405.md @@ -0,0 +1,17 @@ +### [CVE-2023-0405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0405) +![](https://img.shields.io/static/v1?label=Product&message=GPT%20AI%20Power%3A%20Content%20Writer%20%26%20ChatGPT%20%26%20Image%20Generator%20%26%20WooCommerce%20Product%20Writer%20%26%20AI%20Training&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3ca9ac21-2bce-4480-9079-b4045b261273 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0418.md b/2023/CVE-2023-0418.md new file mode 100644 index 0000000000..5c149b80f1 --- /dev/null +++ b/2023/CVE-2023-0418.md @@ -0,0 +1,17 @@ +### [CVE-2023-0418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0418) +![](https://img.shields.io/static/v1?label=Product&message=Video%20Central%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/821751bb-feaf-45b8-91a9-e173cb0c05fc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0420.md b/2023/CVE-2023-0420.md new file mode 100644 index 0000000000..e2dc3f848c --- /dev/null +++ b/2023/CVE-2023-0420.md @@ -0,0 +1,18 @@ +### [CVE-2023-0420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0420) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Post%20Type%20and%20Taxonomy%20GUI%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF + +### POC + +#### Reference +- https://wpscan.com/vulnerability/266e417f-ece7-4ff5-a724-4d9c8e2f3faa + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0421.md b/2023/CVE-2023-0421.md new file mode 100644 index 0000000000..da2bfc57a0 --- /dev/null +++ b/2023/CVE-2023-0421.md @@ -0,0 +1,17 @@ +### [CVE-2023-0421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0421) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0422.md b/2023/CVE-2023-0422.md new file mode 100644 index 0000000000..75d0eee077 --- /dev/null +++ b/2023/CVE-2023-0422.md @@ -0,0 +1,17 @@ +### [CVE-2023-0422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0422) +![](https://img.shields.io/static/v1?label=Product&message=Article%20Directory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0423.md b/2023/CVE-2023-0423.md new file mode 100644 index 0000000000..728fd27e38 --- /dev/null +++ b/2023/CVE-2023-0423.md @@ -0,0 +1,17 @@ +### [CVE-2023-0423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0423) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Amazon%20S3%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/73d588d7-26ae-42e2-8282-aa02bcb109b6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0424.md b/2023/CVE-2023-0424.md new file mode 100644 index 0000000000..949f057f1d --- /dev/null +++ b/2023/CVE-2023-0424.md @@ -0,0 +1,17 @@ +### [CVE-2023-0424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0424) +![](https://img.shields.io/static/v1?label=Product&message=MS-Reviews&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b0f8713f-54b2-4ab2-a475-60a1692a50e9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0428.md b/2023/CVE-2023-0428.md new file mode 100644 index 0000000000..68f6059a26 --- /dev/null +++ b/2023/CVE-2023-0428.md @@ -0,0 +1,17 @@ +### [CVE-2023-0428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0428) +![](https://img.shields.io/static/v1?label=Product&message=Watu%20Quiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c933460b-f77d-4986-9f5a-32d9f3f8b412 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0429.md b/2023/CVE-2023-0429.md new file mode 100644 index 0000000000..724620fa9d --- /dev/null +++ b/2023/CVE-2023-0429.md @@ -0,0 +1,17 @@ +### [CVE-2023-0429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0429) +![](https://img.shields.io/static/v1?label=Product&message=Watu%20Quiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/67d84549-d368-4504-9fa9-b1fce63cb967 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0431.md b/2023/CVE-2023-0431.md new file mode 100644 index 0000000000..ed1548f385 --- /dev/null +++ b/2023/CVE-2023-0431.md @@ -0,0 +1,17 @@ +### [CVE-2023-0431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0431) +![](https://img.shields.io/static/v1?label=Product&message=File%20Away&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fdcbd9a3-552d-439e-b283-1d3d934889af + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0439.md b/2023/CVE-2023-0439.md new file mode 100644 index 0000000000..b5121ff4b1 --- /dev/null +++ b/2023/CVE-2023-0439.md @@ -0,0 +1,17 @@ +### [CVE-2023-0439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0439) +![](https://img.shields.io/static/v1?label=Product&message=NEX-Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.4.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/04cea9aa-b21c-49f8-836b-2d312253e09a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0441.md b/2023/CVE-2023-0441.md new file mode 100644 index 0000000000..be77effdc9 --- /dev/null +++ b/2023/CVE-2023-0441.md @@ -0,0 +1,17 @@ +### [CVE-2023-0441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0441) +![](https://img.shields.io/static/v1?label=Product&message=Gallery%20Blocks%20with%20Lightbox.%20Image%20Gallery%2C%20(HTML5%20video%20%2C%20YouTube%2C%20Vimeo)%20Video%20Gallery%20and%20Lightbox%20for%20native%20gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0442.md b/2023/CVE-2023-0442.md new file mode 100644 index 0000000000..cfb233732a --- /dev/null +++ b/2023/CVE-2023-0442.md @@ -0,0 +1,17 @@ +### [CVE-2023-0442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0442) +![](https://img.shields.io/static/v1?label=Product&message=Loan%20Comparison&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/34d95d88-4114-4597-b4db-e9f5ef80d322 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0443.md b/2023/CVE-2023-0443.md new file mode 100644 index 0000000000..5b4c61486f --- /dev/null +++ b/2023/CVE-2023-0443.md @@ -0,0 +1,17 @@ +### [CVE-2023-0443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0443) +![](https://img.shields.io/static/v1?label=Product&message=AnyWhere%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.2.5%3C%201.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0453.md b/2023/CVE-2023-0453.md new file mode 100644 index 0000000000..5c29fbdf3f --- /dev/null +++ b/2023/CVE-2023-0453.md @@ -0,0 +1,17 @@ +### [CVE-2023-0453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0453) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Private%20Message&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0467.md b/2023/CVE-2023-0467.md new file mode 100644 index 0000000000..b62d631e69 --- /dev/null +++ b/2023/CVE-2023-0467.md @@ -0,0 +1,17 @@ +### [CVE-2023-0467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0467) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Dark%20Mode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8eb431a6-59a5-4cee-84e0-156c0b31cfc4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0477.md b/2023/CVE-2023-0477.md new file mode 100644 index 0000000000..d61bf8ebee --- /dev/null +++ b/2023/CVE-2023-0477.md @@ -0,0 +1,17 @@ +### [CVE-2023-0477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0477) +![](https://img.shields.io/static/v1?label=Product&message=Auto%20Featured%20Image%20(Auto%20Post%20Thumbnail)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.9.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e5ef74a2-e04a-4a14-bd0e-d6910cd1c4b4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0479.md b/2023/CVE-2023-0479.md new file mode 100644 index 0000000000..0cd928e809 --- /dev/null +++ b/2023/CVE-2023-0479.md @@ -0,0 +1,17 @@ +### [CVE-2023-0479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0479) +![](https://img.shields.io/static/v1?label=Product&message=Print%20Invoice%20%26%20Delivery%20Notes%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/50963747-ae8e-42b4-bb42-cc848be7b92e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0484.md b/2023/CVE-2023-0484.md new file mode 100644 index 0000000000..f9b634738f --- /dev/null +++ b/2023/CVE-2023-0484.md @@ -0,0 +1,17 @@ +### [CVE-2023-0484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0484) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%207%20Widget%20For%20Elementor%20Page%20Builder%20%26%20Gutenberg%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e61fb245-0d7f-42b0-9b96-c17ade8c04c5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0487.md b/2023/CVE-2023-0487.md new file mode 100644 index 0000000000..f4b920599f --- /dev/null +++ b/2023/CVE-2023-0487.md @@ -0,0 +1,17 @@ +### [CVE-2023-0487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0487) +![](https://img.shields.io/static/v1?label=Product&message=All-in-one%20Floating%20Contact%20Form%2C%20Call%2C%20Chat%2C%20and%2050%2B%20Social%20Icon%20Tabs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0e874a1d-c866-45fa-b456-c8012dca32af + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0489.md b/2023/CVE-2023-0489.md new file mode 100644 index 0000000000..e66095714b --- /dev/null +++ b/2023/CVE-2023-0489.md @@ -0,0 +1,17 @@ +### [CVE-2023-0489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0489) +![](https://img.shields.io/static/v1?label=Product&message=SlideOnline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/238842ee-6392-4eb2-96cb-08e4ece6fca1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0490.md b/2023/CVE-2023-0490.md new file mode 100644 index 0000000000..78c363d943 --- /dev/null +++ b/2023/CVE-2023-0490.md @@ -0,0 +1,17 @@ +### [CVE-2023-0490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0490) +![](https://img.shields.io/static/v1?label=Product&message=f(x)%20TOC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9b497d21-f075-41a9-afec-3e24034c8c63 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0492.md b/2023/CVE-2023-0492.md new file mode 100644 index 0000000000..6a9b8b2bd5 --- /dev/null +++ b/2023/CVE-2023-0492.md @@ -0,0 +1,17 @@ +### [CVE-2023-0492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0492) +![](https://img.shields.io/static/v1?label=Product&message=GS%20Products%20Slider%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ea3b129d-32d8-40e3-b1af-8b92a760db23 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0495.md b/2023/CVE-2023-0495.md new file mode 100644 index 0000000000..7a32a839fd --- /dev/null +++ b/2023/CVE-2023-0495.md @@ -0,0 +1,17 @@ +### [CVE-2023-0495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0495) +![](https://img.shields.io/static/v1?label=Product&message=HT%20Slider%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0496.md b/2023/CVE-2023-0496.md new file mode 100644 index 0000000000..a89da5bde7 --- /dev/null +++ b/2023/CVE-2023-0496.md @@ -0,0 +1,17 @@ +### [CVE-2023-0496](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0496) +![](https://img.shields.io/static/v1?label=Product&message=HT%20Event&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/451b47d5-7bd2-4a82-9c8e-fe6601bcd2ab + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0497.md b/2023/CVE-2023-0497.md new file mode 100644 index 0000000000..d5c343397e --- /dev/null +++ b/2023/CVE-2023-0497.md @@ -0,0 +1,17 @@ +### [CVE-2023-0497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0497) +![](https://img.shields.io/static/v1?label=Product&message=HT%20Portfolio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ae5b7776-9d0d-4db8-81c3-237b16cd9c62 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0498.md b/2023/CVE-2023-0498.md new file mode 100644 index 0000000000..9538eb2727 --- /dev/null +++ b/2023/CVE-2023-0498.md @@ -0,0 +1,17 @@ +### [CVE-2023-0498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0498) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Education&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8fa051ad-5b35-46d8-be95-0ac4e73d5eff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0499.md b/2023/CVE-2023-0499.md new file mode 100644 index 0000000000..1e9fa2636b --- /dev/null +++ b/2023/CVE-2023-0499.md @@ -0,0 +1,17 @@ +### [CVE-2023-0499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0499) +![](https://img.shields.io/static/v1?label=Product&message=QuickSwish&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9342470a-a0ad-4f0b-b95f-7daa39a6362b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0500.md b/2023/CVE-2023-0500.md new file mode 100644 index 0000000000..485ae6eb2a --- /dev/null +++ b/2023/CVE-2023-0500.md @@ -0,0 +1,17 @@ +### [CVE-2023-0500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0500) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Film%20Studio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/95a6a11e-da5d-4fac-aff6-a3f7624682b7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0501.md b/2023/CVE-2023-0501.md new file mode 100644 index 0000000000..b491c9e2d8 --- /dev/null +++ b/2023/CVE-2023-0501.md @@ -0,0 +1,17 @@ +### [CVE-2023-0501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0501) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Insurance&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/36fd6c0d-3f0c-4f7d-aa17-5b2d084ab94c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0502.md b/2023/CVE-2023-0502.md new file mode 100644 index 0000000000..7780e99550 --- /dev/null +++ b/2023/CVE-2023-0502.md @@ -0,0 +1,17 @@ +### [CVE-2023-0502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0502) +![](https://img.shields.io/static/v1?label=Product&message=WP%20News&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c959f4ce-b6ea-4aee-9a98-aa98d2a62138 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0503.md b/2023/CVE-2023-0503.md new file mode 100644 index 0000000000..c1b162398a --- /dev/null +++ b/2023/CVE-2023-0503.md @@ -0,0 +1,17 @@ +### [CVE-2023-0503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0503) +![](https://img.shields.io/static/v1?label=Product&message=Free%20WooCommerce%20Theme%2099fy%20Extension&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3cb148fb-1f30-4316-a421-10da51d849f3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0504.md b/2023/CVE-2023-0504.md new file mode 100644 index 0000000000..f2230c72dc --- /dev/null +++ b/2023/CVE-2023-0504.md @@ -0,0 +1,17 @@ +### [CVE-2023-0504](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0504) +![](https://img.shields.io/static/v1?label=Product&message=HT%20Politic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b427841d-a3ad-4e3a-8964-baad90a9aedb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0505.md b/2023/CVE-2023-0505.md new file mode 100644 index 0000000000..a18c8e0b0c --- /dev/null +++ b/2023/CVE-2023-0505.md @@ -0,0 +1,17 @@ +### [CVE-2023-0505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0505) +![](https://img.shields.io/static/v1?label=Product&message=Ever%20Compare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dbabff3e-b021-49ed-aaf3-b73a77d4b354 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0514.md b/2023/CVE-2023-0514.md new file mode 100644 index 0000000000..2b2f027a5e --- /dev/null +++ b/2023/CVE-2023-0514.md @@ -0,0 +1,17 @@ +### [CVE-2023-0514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0514) +![](https://img.shields.io/static/v1?label=Product&message=Membership%20Database&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c6cc400a-9bfb-417d-9206-5582a49d0f05 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0520.md b/2023/CVE-2023-0520.md new file mode 100644 index 0000000000..612d859233 --- /dev/null +++ b/2023/CVE-2023-0520.md @@ -0,0 +1,18 @@ +### [CVE-2023-0520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0520) +![](https://img.shields.io/static/v1?label=Product&message=RapidExpCart&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/be4f7ff9-af79-477b-9f47-e40e25a3558e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0522.md b/2023/CVE-2023-0522.md new file mode 100644 index 0000000000..2bb6fe3949 --- /dev/null +++ b/2023/CVE-2023-0522.md @@ -0,0 +1,17 @@ +### [CVE-2023-0522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0522) +![](https://img.shields.io/static/v1?label=Product&message=Enable%2FDisable%20Auto%20Login%20when%20Register&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c7984bfb-86a3-4530-90ae-17ab39af1c54 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0526.md b/2023/CVE-2023-0526.md new file mode 100644 index 0000000000..5f92010cf3 --- /dev/null +++ b/2023/CVE-2023-0526.md @@ -0,0 +1,17 @@ +### [CVE-2023-0526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0526) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0ec58310-243d-40c8-9fa6-8753947bfa89 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0535.md b/2023/CVE-2023-0535.md new file mode 100644 index 0000000000..fe3374d40a --- /dev/null +++ b/2023/CVE-2023-0535.md @@ -0,0 +1,17 @@ +### [CVE-2023-0535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0535) +![](https://img.shields.io/static/v1?label=Product&message=Donation%20Block%20For%20PayPal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8c50321a-dba8-4379-9b9c-4c349e44b2ed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0536.md b/2023/CVE-2023-0536.md new file mode 100644 index 0000000000..c33d809c27 --- /dev/null +++ b/2023/CVE-2023-0536.md @@ -0,0 +1,17 @@ +### [CVE-2023-0536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0536) +![](https://img.shields.io/static/v1?label=Product&message=Wp-D3&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7b19d792-8083-4c0c-a45e-a99c1f5f0df0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0537.md b/2023/CVE-2023-0537.md index 49bf650a88..f7d5d7da6a 100644 --- a/2023/CVE-2023-0537.md +++ b/2023/CVE-2023-0537.md @@ -10,7 +10,7 @@ The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/d7369f1d-d1a0-4576-a676-c70525a6c743 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-0538.md b/2023/CVE-2023-0538.md new file mode 100644 index 0000000000..f30de48b2e --- /dev/null +++ b/2023/CVE-2023-0538.md @@ -0,0 +1,17 @@ +### [CVE-2023-0538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0538) +![](https://img.shields.io/static/v1?label=Product&message=Campaign%20URL%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4869fdc7-4fc7-4917-bc00-b6ced9ccc871 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0539.md b/2023/CVE-2023-0539.md new file mode 100644 index 0000000000..add6bc7567 --- /dev/null +++ b/2023/CVE-2023-0539.md @@ -0,0 +1,17 @@ +### [CVE-2023-0539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0539) +![](https://img.shields.io/static/v1?label=Product&message=GS%20Insever%20Portfolio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a4b6a83a-6394-4dfc-8bb3-4982867dab7d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0540.md b/2023/CVE-2023-0540.md new file mode 100644 index 0000000000..2778a2101d --- /dev/null +++ b/2023/CVE-2023-0540.md @@ -0,0 +1,17 @@ +### [CVE-2023-0540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0540) +![](https://img.shields.io/static/v1?label=Product&message=GS%20Filterable%20Portfolio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b35b3da2-468d-4fe5-bff6-812432197a38 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0541.md b/2023/CVE-2023-0541.md new file mode 100644 index 0000000000..fff3117d0a --- /dev/null +++ b/2023/CVE-2023-0541.md @@ -0,0 +1,17 @@ +### [CVE-2023-0541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0541) +![](https://img.shields.io/static/v1?label=Product&message=GS%20Books%20Showcase&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8453e587-cc8c-491a-af09-fc4ab215134b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0542.md b/2023/CVE-2023-0542.md new file mode 100644 index 0000000000..1becc6b3f1 --- /dev/null +++ b/2023/CVE-2023-0542.md @@ -0,0 +1,17 @@ +### [CVE-2023-0542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0542) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Post%20Type%20List%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/17de2f77-3e6c-4c22-9196-6e5577ee7fcf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0543.md b/2023/CVE-2023-0543.md new file mode 100644 index 0000000000..5e1e89fb56 --- /dev/null +++ b/2023/CVE-2023-0543.md @@ -0,0 +1,17 @@ +### [CVE-2023-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0543) +![](https://img.shields.io/static/v1?label=Product&message=Arigato%20Autoresponder%20and%20Newsletter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e3771938-40b5-4e8b-bb5a-847131a2b4a7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0544.md b/2023/CVE-2023-0544.md new file mode 100644 index 0000000000..f5a996e26a --- /dev/null +++ b/2023/CVE-2023-0544.md @@ -0,0 +1,17 @@ +### [CVE-2023-0544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0544) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Login%20Box&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8ef9585f-67d7-4651-977a-fcad113882bd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0545.md b/2023/CVE-2023-0545.md new file mode 100644 index 0000000000..a936624aa0 --- /dev/null +++ b/2023/CVE-2023-0545.md @@ -0,0 +1,17 @@ +### [CVE-2023-0545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0545) +![](https://img.shields.io/static/v1?label=Product&message=Hostel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b604afc8-61d0-4e98-8950-f3d29f9e9ee1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0546.md b/2023/CVE-2023-0546.md new file mode 100644 index 0000000000..1d7c8ac0a1 --- /dev/null +++ b/2023/CVE-2023-0546.md @@ -0,0 +1,17 @@ +### [CVE-2023-0546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0546) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.3.25%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/078f33cd-0f5c-46fe-b858-2107a09c6b69 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0548.md b/2023/CVE-2023-0548.md new file mode 100644 index 0000000000..5d040759ad --- /dev/null +++ b/2023/CVE-2023-0548.md @@ -0,0 +1,17 @@ +### [CVE-2023-0548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0548) +![](https://img.shields.io/static/v1?label=Product&message=Namaste!%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.9.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b6c1ed7a-5b2d-4985-847d-56586b1aae9b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0551.md b/2023/CVE-2023-0551.md new file mode 100644 index 0000000000..b491aeb517 --- /dev/null +++ b/2023/CVE-2023-0551.md @@ -0,0 +1,18 @@ +### [CVE-2023-0551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0551) +![](https://img.shields.io/static/v1?label=Product&message=REST%20API%20TO%20MiniProgram&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments + +### POC + +#### Reference +- https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0552.md b/2023/CVE-2023-0552.md new file mode 100644 index 0000000000..365292f514 --- /dev/null +++ b/2023/CVE-2023-0552.md @@ -0,0 +1,17 @@ +### [CVE-2023-0552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0552) +![](https://img.shields.io/static/v1?label=Product&message=Registration%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.8.1.4%3C%203.8.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability + +### POC + +#### Reference +- https://wpscan.com/vulnerability/832c6155-a413-4641-849c-b98ba55e8551 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0559.md b/2023/CVE-2023-0559.md new file mode 100644 index 0000000000..417011f805 --- /dev/null +++ b/2023/CVE-2023-0559.md @@ -0,0 +1,17 @@ +### [CVE-2023-0559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0559) +![](https://img.shields.io/static/v1?label=Product&message=GS%20Portfolio%20for%20Envato&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e5549261-66e2-4a5e-8781-bc555b629ccc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0567.md b/2023/CVE-2023-0567.md index 292fc13077..9dcf71c376 100644 --- a/2023/CVE-2023-0567.md +++ b/2023/CVE-2023-0567.md @@ -14,4 +14,5 @@ In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/mdisec/mdisec-twitch-yayinlari diff --git a/2023/CVE-2023-0579.md b/2023/CVE-2023-0579.md new file mode 100644 index 0000000000..d899bd0d9b --- /dev/null +++ b/2023/CVE-2023-0579.md @@ -0,0 +1,17 @@ +### [CVE-2023-0579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0579) +![](https://img.shields.io/static/v1?label=Product&message=YARPP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.30.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0588.md b/2023/CVE-2023-0588.md new file mode 100644 index 0000000000..52292012ac --- /dev/null +++ b/2023/CVE-2023-0588.md @@ -0,0 +1,17 @@ +### [CVE-2023-0588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0588) +![](https://img.shields.io/static/v1?label=Product&message=Catalyst%20Connect%20Zoho%20CRM%20Client%20Portal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/84be272e-0891-461c-91ad-496b64f92f8f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0589.md b/2023/CVE-2023-0589.md new file mode 100644 index 0000000000..b1c274e2f6 --- /dev/null +++ b/2023/CVE-2023-0589.md @@ -0,0 +1,17 @@ +### [CVE-2023-0589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0589) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Image%20Carousel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/58649228-69a6-4028-8487-166b0a07fcf7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0600.md b/2023/CVE-2023-0600.md index 1fe96a320b..c9e7c83078 100644 --- a/2023/CVE-2023-0600.md +++ b/2023/CVE-2023-0600.md @@ -10,7 +10,7 @@ The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does n ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4 #### Github - https://github.com/truocphan/VulnBox diff --git a/2023/CVE-2023-0602.md b/2023/CVE-2023-0602.md new file mode 100644 index 0000000000..4725af2b93 --- /dev/null +++ b/2023/CVE-2023-0602.md @@ -0,0 +1,17 @@ +### [CVE-2023-0602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0602) +![](https://img.shields.io/static/v1?label=Product&message=Twittee%20Text%20Tweet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0603.md b/2023/CVE-2023-0603.md new file mode 100644 index 0000000000..bad215df1a --- /dev/null +++ b/2023/CVE-2023-0603.md @@ -0,0 +1,18 @@ +### [CVE-2023-0603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0603) +![](https://img.shields.io/static/v1?label=Product&message=Sloth%20Logo%20Customizer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1c93ea8f-4e68-4da1-994e-35a5873278ba + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0604.md b/2023/CVE-2023-0604.md new file mode 100644 index 0000000000..9531de22b1 --- /dev/null +++ b/2023/CVE-2023-0604.md @@ -0,0 +1,17 @@ +### [CVE-2023-0604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0604) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Food%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4492b5ad-c339-47f5-9003-a9c5f23efdd9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0605.md b/2023/CVE-2023-0605.md new file mode 100644 index 0000000000..3a8d4cb863 --- /dev/null +++ b/2023/CVE-2023-0605.md @@ -0,0 +1,17 @@ +### [CVE-2023-0605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0605) +![](https://img.shields.io/static/v1?label=Product&message=Auto%20Rename%20Media%20On%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/57267c3c-d55e-4b37-a6d0-c5cd8569625c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0609.md b/2023/CVE-2023-0609.md index 9838916f48..1c531f6d1f 100644 --- a/2023/CVE-2023-0609.md +++ b/2023/CVE-2023-0609.md @@ -15,4 +15,5 @@ Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bAuh0lz/Vulnerabilities +- https://github.com/kolewttd/wtt diff --git a/2023/CVE-2023-0630.md b/2023/CVE-2023-0630.md index ee182e4c52..274dbb6598 100644 --- a/2023/CVE-2023-0630.md +++ b/2023/CVE-2023-0630.md @@ -10,7 +10,7 @@ The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscrib ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55 #### Github - https://github.com/RandomRobbieBF/CVE-2023-0630 diff --git a/2023/CVE-2023-0631.md b/2023/CVE-2023-0631.md new file mode 100644 index 0000000000..3a1404af1b --- /dev/null +++ b/2023/CVE-2023-0631.md @@ -0,0 +1,17 @@ +### [CVE-2023-0631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0631) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Memberships%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.5.5%3C%202.9.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19ef92fd-b493-4488-91f0-e6ba51362f79 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0644.md b/2023/CVE-2023-0644.md new file mode 100644 index 0000000000..ec39506ff9 --- /dev/null +++ b/2023/CVE-2023-0644.md @@ -0,0 +1,17 @@ +### [CVE-2023-0644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0644) +![](https://img.shields.io/static/v1?label=Product&message=Push%20Notifications%20for%20WordPress%20by%20PushAssist&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/08f5089c-36f3-4d12-bca5-99cd3ae78f67 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0660.md b/2023/CVE-2023-0660.md new file mode 100644 index 0000000000..46c22bfe79 --- /dev/null +++ b/2023/CVE-2023-0660.md @@ -0,0 +1,17 @@ +### [CVE-2023-0660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0660) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Slider%203&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.5.1.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0669.md b/2023/CVE-2023-0669.md index e3ab6d00b1..52207b70a2 100644 --- a/2023/CVE-2023-0669.md +++ b/2023/CVE-2023-0669.md @@ -23,6 +23,7 @@ Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors @@ -36,5 +37,7 @@ Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication - https://github.com/tanjiti/sec_profile - https://github.com/trhacknon/CVE-2023-0669 - https://github.com/trhacknon/CVE-2023-0669-bis +- https://github.com/whoforget/CVE-POC - https://github.com/yosef0x01/CVE-2023-0669-Analysis +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0733.md b/2023/CVE-2023-0733.md new file mode 100644 index 0000000000..f5d116877e --- /dev/null +++ b/2023/CVE-2023-0733.md @@ -0,0 +1,17 @@ +### [CVE-2023-0733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0733) +![](https://img.shields.io/static/v1?label=Product&message=Newsletter%20Popup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fed1e184-ff56-44fe-9876-d17c0156447a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0748.md b/2023/CVE-2023-0748.md index c56c5d2800..c1d37e8f45 100644 --- a/2023/CVE-2023-0748.md +++ b/2023/CVE-2023-0748.md @@ -18,4 +18,6 @@ Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-0749.md b/2023/CVE-2023-0749.md new file mode 100644 index 0000000000..f3f061d22a --- /dev/null +++ b/2023/CVE-2023-0749.md @@ -0,0 +1,17 @@ +### [CVE-2023-0749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0749) +![](https://img.shields.io/static/v1?label=Product&message=Ocean%20Extra&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9caa8d2e-383b-47d7-8d21-d2ed6b1664cb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0761.md b/2023/CVE-2023-0761.md new file mode 100644 index 0000000000..f2f5d980d0 --- /dev/null +++ b/2023/CVE-2023-0761.md @@ -0,0 +1,17 @@ +### [CVE-2023-0761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0761) +![](https://img.shields.io/static/v1?label=Product&message=Clock%20In%20Portal-%20Staff%20%26%20Attendance%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/88fb064e-0001-446c-8e43-9fe3feff6c1f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0762.md b/2023/CVE-2023-0762.md new file mode 100644 index 0000000000..914b4c97aa --- /dev/null +++ b/2023/CVE-2023-0762.md @@ -0,0 +1,17 @@ +### [CVE-2023-0762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0762) +![](https://img.shields.io/static/v1?label=Product&message=Clock%20In%20Portal-%20Staff%20%26%20Attendance%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9be952e0-d8ae-440f-8819-cb19485f35f3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0763.md b/2023/CVE-2023-0763.md new file mode 100644 index 0000000000..eb717ff7f2 --- /dev/null +++ b/2023/CVE-2023-0763.md @@ -0,0 +1,17 @@ +### [CVE-2023-0763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0763) +![](https://img.shields.io/static/v1?label=Product&message=Clock%20In%20Portal-%20Staff%20%26%20Attendance%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4b55f868-62f8-43a1-9817-68cd1fc6190f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0764.md b/2023/CVE-2023-0764.md new file mode 100644 index 0000000000..09bfe86a00 --- /dev/null +++ b/2023/CVE-2023-0764.md @@ -0,0 +1,17 @@ +### [CVE-2023-0764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0764) +![](https://img.shields.io/static/v1?label=Product&message=Gallery%20by%20BestWebSoft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0765.md b/2023/CVE-2023-0765.md new file mode 100644 index 0000000000..dc13fd429e --- /dev/null +++ b/2023/CVE-2023-0765.md @@ -0,0 +1,17 @@ +### [CVE-2023-0765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0765) +![](https://img.shields.io/static/v1?label=Product&message=Gallery%20by%20BestWebSoft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0766.md b/2023/CVE-2023-0766.md new file mode 100644 index 0000000000..5cd7373065 --- /dev/null +++ b/2023/CVE-2023-0766.md @@ -0,0 +1,17 @@ +### [CVE-2023-0766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0766) +![](https://img.shields.io/static/v1?label=Product&message=Newsletter%20Popup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0768.md b/2023/CVE-2023-0768.md new file mode 100644 index 0000000000..acd3c4816d --- /dev/null +++ b/2023/CVE-2023-0768.md @@ -0,0 +1,17 @@ +### [CVE-2023-0768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0768) +![](https://img.shields.io/static/v1?label=Product&message=Avirato%20hotels%20online%20booking%20engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/03d061b4-1b71-44f5-b3dc-f82a5fcd92eb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0769.md b/2023/CVE-2023-0769.md new file mode 100644 index 0000000000..ffb05c982c --- /dev/null +++ b/2023/CVE-2023-0769.md @@ -0,0 +1,17 @@ +### [CVE-2023-0769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0769) +![](https://img.shields.io/static/v1?label=Product&message=hiWeb%20Migration%20Simple&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1d4a2f0e-a371-4e27-98de-528e070f41b0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0772.md b/2023/CVE-2023-0772.md new file mode 100644 index 0000000000..95498bf10b --- /dev/null +++ b/2023/CVE-2023-0772.md @@ -0,0 +1,17 @@ +### [CVE-2023-0772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0772) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20Builder%20by%20OptinMonster&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.12.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/28754886-b7b4-44f7-9042-b81c542d3c9c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0812.md b/2023/CVE-2023-0812.md new file mode 100644 index 0000000000..cad4e8b7c1 --- /dev/null +++ b/2023/CVE-2023-0812.md @@ -0,0 +1,17 @@ +### [CVE-2023-0812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0812) +![](https://img.shields.io/static/v1?label=Product&message=Active%20Directory%20Integration%20%2F%20LDAP%20Integration&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0ed5e1b3-f2a3-4eb1-b8ae-d3a62f600107 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0813.md b/2023/CVE-2023-0813.md new file mode 100644 index 0000000000..f3909577bd --- /dev/null +++ b/2023/CVE-2023-0813.md @@ -0,0 +1,17 @@ +### [CVE-2023-0813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0813) +![](https://img.shields.io/static/v1?label=Product&message=NETWORK-OBSERVABILITY-1.1.0-RHEL-8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) + +### Description + +A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-0816.md b/2023/CVE-2023-0816.md new file mode 100644 index 0000000000..904d19a68d --- /dev/null +++ b/2023/CVE-2023-0816.md @@ -0,0 +1,17 @@ +### [CVE-2023-0816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0816) +![](https://img.shields.io/static/v1?label=Product&message=Formidable%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen) + +### Description + +The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0820.md b/2023/CVE-2023-0820.md new file mode 100644 index 0000000000..12621f5090 --- /dev/null +++ b/2023/CVE-2023-0820.md @@ -0,0 +1,17 @@ +### [CVE-2023-0820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0820) +![](https://img.shields.io/static/v1?label=Product&message=User%20Role%20by%20BestWebSoft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0823.md b/2023/CVE-2023-0823.md new file mode 100644 index 0000000000..ea947477be --- /dev/null +++ b/2023/CVE-2023-0823.md @@ -0,0 +1,17 @@ +### [CVE-2023-0823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0823) +![](https://img.shields.io/static/v1?label=Product&message=Cookie%20Notice%20%26%20Compliance%20for%20GDPR%20%2F%20CCPA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/83f23a9f-9ace-47d2-a5f3-a4915129b16c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0824.md b/2023/CVE-2023-0824.md new file mode 100644 index 0000000000..08e0b0e8a2 --- /dev/null +++ b/2023/CVE-2023-0824.md @@ -0,0 +1,18 @@ +### [CVE-2023-0824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0824) +![](https://img.shields.io/static/v1?label=Product&message=User%20registration%20%26%20user%20profile&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/48a3a542-9130-4524-9d19-ff9eccecb148/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0833.md b/2023/CVE-2023-0833.md new file mode 100644 index 0000000000..d0239938f4 --- /dev/null +++ b/2023/CVE-2023-0833.md @@ -0,0 +1,29 @@ +### [CVE-2023-0833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0833) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Streams%202.2.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Streams%202.4.0&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Generation%20of%20Error%20Message%20Containing%20Sensitive%20Information&color=brighgreen) + +### Description + +A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 + diff --git a/2023/CVE-2023-0844.md b/2023/CVE-2023-0844.md new file mode 100644 index 0000000000..2df35dba77 --- /dev/null +++ b/2023/CVE-2023-0844.md @@ -0,0 +1,17 @@ +### [CVE-2023-0844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0844) +![](https://img.shields.io/static/v1?label=Product&message=Namaste!%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8d8e5852-3787-47f9-9931-8308bb81beb1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0865.md b/2023/CVE-2023-0865.md new file mode 100644 index 0000000000..532eec8fbd --- /dev/null +++ b/2023/CVE-2023-0865.md @@ -0,0 +1,17 @@ +### [CVE-2023-0865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0865) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Multiple%20Customer%20Addresses%20%26%20Shipping&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2021.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0873.md b/2023/CVE-2023-0873.md new file mode 100644 index 0000000000..a3cfc398f1 --- /dev/null +++ b/2023/CVE-2023-0873.md @@ -0,0 +1,17 @@ +### [CVE-2023-0873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0873) +![](https://img.shields.io/static/v1?label=Product&message=Kanban%20Boards%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8816d4c1-9e8e-4b6f-a36a-10a98a7ccfcd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0874.md b/2023/CVE-2023-0874.md new file mode 100644 index 0000000000..cb61c5b9fe --- /dev/null +++ b/2023/CVE-2023-0874.md @@ -0,0 +1,17 @@ +### [CVE-2023-0874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0874) +![](https://img.shields.io/static/v1?label=Product&message=Klaviyo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/495e39db-793d-454b-9ef1-dd91cae2c49b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0875.md b/2023/CVE-2023-0875.md new file mode 100644 index 0000000000..8e0ec17117 --- /dev/null +++ b/2023/CVE-2023-0875.md @@ -0,0 +1,17 @@ +### [CVE-2023-0875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0875) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Meta%20SEO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d44e9a45-cbdf-46b1-8b48-7d934b617534 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0876.md b/2023/CVE-2023-0876.md new file mode 100644 index 0000000000..8d61cec877 --- /dev/null +++ b/2023/CVE-2023-0876.md @@ -0,0 +1,17 @@ +### [CVE-2023-0876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0876) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Meta%20SEO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1a8c97f9-98fa-4e29-b7f7-bb9abe0c42ea + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0889.md b/2023/CVE-2023-0889.md new file mode 100644 index 0000000000..5b4f381cbf --- /dev/null +++ b/2023/CVE-2023-0889.md @@ -0,0 +1,18 @@ +### [CVE-2023-0889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0889) +![](https://img.shields.io/static/v1?label=Product&message=Themeflection%20Numbers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c39473a7-47fc-4bce-99ad-28d03f41e74e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0890.md b/2023/CVE-2023-0890.md new file mode 100644 index 0000000000..feb1525afc --- /dev/null +++ b/2023/CVE-2023-0890.md @@ -0,0 +1,17 @@ +### [CVE-2023-0890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0890) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Shortcodes%20Plugin%20%E2%80%94%20Shortcodes%20Ultimate&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.12.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8a466f15-f112-4527-8b02-4544a8032671 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0891.md b/2023/CVE-2023-0891.md new file mode 100644 index 0000000000..8ecc68bc18 --- /dev/null +++ b/2023/CVE-2023-0891.md @@ -0,0 +1,17 @@ +### [CVE-2023-0891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0891) +![](https://img.shields.io/static/v1?label=Product&message=StagTools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/72397fee-9768-462b-933c-400181a5487c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0892.md b/2023/CVE-2023-0892.md new file mode 100644 index 0000000000..d12e6c9af2 --- /dev/null +++ b/2023/CVE-2023-0892.md @@ -0,0 +1,17 @@ +### [CVE-2023-0892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0892) +![](https://img.shields.io/static/v1?label=Product&message=BizLibrary&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/54150be5-a53f-4b94-8ce5-04e073e3ab1f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0893.md b/2023/CVE-2023-0893.md new file mode 100644 index 0000000000..13dbbbc117 --- /dev/null +++ b/2023/CVE-2023-0893.md @@ -0,0 +1,17 @@ +### [CVE-2023-0893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0893) +![](https://img.shields.io/static/v1?label=Product&message=Time%20Sheets&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.29.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fd6ef6ee-15e9-44ac-a2db-976393a3b71a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0894.md b/2023/CVE-2023-0894.md new file mode 100644 index 0000000000..83bd62a62d --- /dev/null +++ b/2023/CVE-2023-0894.md @@ -0,0 +1,17 @@ +### [CVE-2023-0894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0894) +![](https://img.shields.io/static/v1?label=Product&message=Pickup%20%7C%20Delivery%20%7C%20Dine-in%20date%20time&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d42eff41-096f-401d-bbfb-dcd6e08faca5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0899.md b/2023/CVE-2023-0899.md new file mode 100644 index 0000000000..78173d5d22 --- /dev/null +++ b/2023/CVE-2023-0899.md @@ -0,0 +1,17 @@ +### [CVE-2023-0899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0899) +![](https://img.shields.io/static/v1?label=Product&message=Steveas%20WP%20Live%20Chat%20Shoutbox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e95f925f-118e-4fa1-8e8f-9dc1bc698f12 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0900.md b/2023/CVE-2023-0900.md new file mode 100644 index 0000000000..cda42956cf --- /dev/null +++ b/2023/CVE-2023-0900.md @@ -0,0 +1,17 @@ +### [CVE-2023-0900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0900) +![](https://img.shields.io/static/v1?label=Product&message=Pricing%20Table%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0911.md b/2023/CVE-2023-0911.md new file mode 100644 index 0000000000..25cd073a66 --- /dev/null +++ b/2023/CVE-2023-0911.md @@ -0,0 +1,17 @@ +### [CVE-2023-0911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0911) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Shortcodes%20Plugin%20%E2%80%94%20Shortcodes%20Ultimate&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.12.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/35404d16-7213-4293-ac0d-926bd6c17444 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0913.md b/2023/CVE-2023-0913.md index 0bc90bec26..da7ac8d630 100644 --- a/2023/CVE-2023-0913.md +++ b/2023/CVE-2023-0913.md @@ -13,6 +13,7 @@ A vulnerability classified as critical was found in SourceCodester Auto Dealer M - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20SQL%20Injection%20-%202.md #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/ARPSyndicate/cvemon - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security diff --git a/2023/CVE-2023-0923.md b/2023/CVE-2023-0923.md new file mode 100644 index 0000000000..faf1ab83f2 --- /dev/null +++ b/2023/CVE-2023-0923.md @@ -0,0 +1,17 @@ +### [CVE-2023-0923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0923) +![](https://img.shields.io/static/v1?label=Product&message=RHODS-1.22-RHEL-8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization&color=brighgreen) + +### Description + +A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-0924.md b/2023/CVE-2023-0924.md new file mode 100644 index 0000000000..3cdcb342ac --- /dev/null +++ b/2023/CVE-2023-0924.md @@ -0,0 +1,17 @@ +### [CVE-2023-0924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0924) +![](https://img.shields.io/static/v1?label=Product&message=ZYREX%20POPUP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0937.md b/2023/CVE-2023-0937.md index c0c31e02fb..bb0c41da37 100644 --- a/2023/CVE-2023-0937.md +++ b/2023/CVE-2023-0937.md @@ -10,7 +10,7 @@ The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escap ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/5110ff02-c721-43eb-b13e-50aca25e1162 #### Github - https://github.com/karimhabush/cyberowl diff --git a/2023/CVE-2023-0940.md b/2023/CVE-2023-0940.md new file mode 100644 index 0000000000..fe60ea2240 --- /dev/null +++ b/2023/CVE-2023-0940.md @@ -0,0 +1,17 @@ +### [CVE-2023-0940](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0940) +![](https://img.shields.io/static/v1?label=Product&message=ProfileGrid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0943.md b/2023/CVE-2023-0943.md index 931af1ae89..0de290a743 100644 --- a/2023/CVE-2023-0943.md +++ b/2023/CVE-2023-0943.md @@ -5,7 +5,7 @@ ### Description -A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. +A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. ### POC @@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, has been found in SourceCo - https://vuldb.com/?id.221591 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-0948.md b/2023/CVE-2023-0948.md new file mode 100644 index 0000000000..a6f0553d1f --- /dev/null +++ b/2023/CVE-2023-0948.md @@ -0,0 +1,17 @@ +### [CVE-2023-0948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0948) +![](https://img.shields.io/static/v1?label=Product&message=Japanized%20For%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0955.md b/2023/CVE-2023-0955.md new file mode 100644 index 0000000000..84b5b621e9 --- /dev/null +++ b/2023/CVE-2023-0955.md @@ -0,0 +1,17 @@ +### [CVE-2023-0955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0955) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Statistics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2014.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-0983.md b/2023/CVE-2023-0983.md new file mode 100644 index 0000000000..a7d81c6515 --- /dev/null +++ b/2023/CVE-2023-0983.md @@ -0,0 +1,17 @@ +### [CVE-2023-0983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0983) +![](https://img.shields.io/static/v1?label=Product&message=Stylish%20Cost%20Calculator%20Premium&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/73353221-3e6d-44e8-bf41-55a0fe57d81f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1000.md b/2023/CVE-2023-1000.md new file mode 100644 index 0000000000..8eeba23538 --- /dev/null +++ b/2023/CVE-2023-1000.md @@ -0,0 +1,17 @@ +### [CVE-2023-1000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1000) +![](https://img.shields.io/static/v1?label=Product&message=dcnnt-py&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/morpheuslord/CVE-llm_dataset + diff --git a/2023/CVE-2023-1011.md b/2023/CVE-2023-1011.md new file mode 100644 index 0000000000..ab4a4da68e --- /dev/null +++ b/2023/CVE-2023-1011.md @@ -0,0 +1,18 @@ +### [CVE-2023-1011](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1011) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1019.md b/2023/CVE-2023-1019.md new file mode 100644 index 0000000000..392e44bca9 --- /dev/null +++ b/2023/CVE-2023-1019.md @@ -0,0 +1,17 @@ +### [CVE-2023-1019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1019) +![](https://img.shields.io/static/v1?label=Product&message=Help%20Desk%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a6331ca8-9603-4134-af39-8e77ac9d511c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1020.md b/2023/CVE-2023-1020.md new file mode 100644 index 0000000000..118697dca0 --- /dev/null +++ b/2023/CVE-2023-1020.md @@ -0,0 +1,17 @@ +### [CVE-2023-1020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1020) +![](https://img.shields.io/static/v1?label=Product&message=Steveas%20WP%20Live%20Chat%20Shoutbox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1025.md b/2023/CVE-2023-1025.md new file mode 100644 index 0000000000..8c15fa7402 --- /dev/null +++ b/2023/CVE-2023-1025.md @@ -0,0 +1,17 @@ +### [CVE-2023-1025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1025) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20File%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/13621b13-8d31-4214-a665-cb15981f3ec1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1069.md b/2023/CVE-2023-1069.md new file mode 100644 index 0000000000..e8f176042e --- /dev/null +++ b/2023/CVE-2023-1069.md @@ -0,0 +1,18 @@ +### [CVE-2023-1069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1069) +![](https://img.shields.io/static/v1?label=Product&message=Complianz%20Premium&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Complianz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/caacc50c-822e-46e9-bc0b-681349fd0dda + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1077.md b/2023/CVE-2023-1077.md new file mode 100644 index 0000000000..599f291d18 --- /dev/null +++ b/2023/CVE-2023-1077.md @@ -0,0 +1,17 @@ +### [CVE-2023-1077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1077) +![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843&color=brighgreen) + +### Description + +In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RenukaSelvar/kernel_rt_CVE_2023_1077 + diff --git a/2023/CVE-2023-1086.md b/2023/CVE-2023-1086.md new file mode 100644 index 0000000000..7bd34ac0bd --- /dev/null +++ b/2023/CVE-2023-1086.md @@ -0,0 +1,17 @@ +### [CVE-2023-1086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1086) +![](https://img.shields.io/static/v1?label=Product&message=Preview%20Link%20Generator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e2bda716-76dc-4a26-b26a-7a2a764757b0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1087.md b/2023/CVE-2023-1087.md new file mode 100644 index 0000000000..4841a5bdbc --- /dev/null +++ b/2023/CVE-2023-1087.md @@ -0,0 +1,17 @@ +### [CVE-2023-1087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1087) +![](https://img.shields.io/static/v1?label=Product&message=WC%20Sales%20Notification&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/356c89a1-81b6-4600-9291-1a74788af7f9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1088.md b/2023/CVE-2023-1088.md new file mode 100644 index 0000000000..56eb6b44b6 --- /dev/null +++ b/2023/CVE-2023-1088.md @@ -0,0 +1,17 @@ +### [CVE-2023-1088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1088) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Plugin%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a956f1cd-fce4-4235-b1af-4b7675a60ca2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1089.md b/2023/CVE-2023-1089.md new file mode 100644 index 0000000000..79871cef39 --- /dev/null +++ b/2023/CVE-2023-1089.md @@ -0,0 +1,17 @@ +### [CVE-2023-1089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1089) +![](https://img.shields.io/static/v1?label=Product&message=Coupon%20Zen&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9787e26f-33fe-4c65-abb3-7f5c76ae8d6f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1090.md b/2023/CVE-2023-1090.md index 43eeafdfdd..c49b9223d1 100644 --- a/2023/CVE-2023-1090.md +++ b/2023/CVE-2023-1090.md @@ -11,6 +11,7 @@ The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escap #### Reference - https://github.com/youki992/youki992.github.io/blob/master/others/apply.md +- https://wpscan.com/vulnerability/d470dd6c-dcac-4a3e-b42a-2489a31aca45 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-1091.md b/2023/CVE-2023-1091.md index 51ce4b6823..e32a701702 100644 --- a/2023/CVE-2023-1091.md +++ b/2023/CVE-2023-1091.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/karimhabush/cyberowl +- https://github.com/kolewttd/wtt diff --git a/2023/CVE-2023-1092.md b/2023/CVE-2023-1092.md new file mode 100644 index 0000000000..2412df96f1 --- /dev/null +++ b/2023/CVE-2023-1092.md @@ -0,0 +1,26 @@ +### [CVE-2023-1092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1092) +![](https://img.shields.io/static/v1?label=Product&message=OAuth%20Single%20Sign%20On%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OAuth%20Single%20Sign%20On%20Free&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OAuth%20Single%20Sign%20On%20Premium&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OAuth%20Single%20Sign%20On%20Standard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2028.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2038.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2048.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.24.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7 +- https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09c +- https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b +- https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1093.md b/2023/CVE-2023-1093.md new file mode 100644 index 0000000000..a5c5d0da5e --- /dev/null +++ b/2023/CVE-2023-1093.md @@ -0,0 +1,17 @@ +### [CVE-2023-1093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1093) +![](https://img.shields.io/static/v1?label=Product&message=OAuth%20Single%20Sign%20On&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.24.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1108.md b/2023/CVE-2023-1108.md index 4957922d5c..4700ec12a7 100644 --- a/2023/CVE-2023-1108.md +++ b/2023/CVE-2023-1108.md @@ -1,27 +1,26 @@ ### [CVE-2023-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1108) +![](https://img.shields.io/static/v1?label=Product&message=EAP%207.4.10%20release&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHPAM%207.13.1%20async&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207.12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.1.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20on%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%206&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2013%20(Queens)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Text-Only%20RHOAR&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=undertow&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20support%20for%20Spring%20Boot%202.7.13&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Loop%20with%20Unreachable%20Exit%20Condition%20('Infinite%20Loop')&color=brighgreen) @@ -35,5 +34,6 @@ A flaw was found in undertow. This issue makes achieving a denial of service pos No PoCs from references. #### Github +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/muneebaashiq/MBProjects diff --git a/2023/CVE-2023-1110.md b/2023/CVE-2023-1110.md new file mode 100644 index 0000000000..ed814d8d07 --- /dev/null +++ b/2023/CVE-2023-1110.md @@ -0,0 +1,17 @@ +### [CVE-2023-1110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1110) +![](https://img.shields.io/static/v1?label=Product&message=Yellow%20Yard%20Searchbar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1119.md b/2023/CVE-2023-1119.md new file mode 100644 index 0000000000..840615164b --- /dev/null +++ b/2023/CVE-2023-1119.md @@ -0,0 +1,19 @@ +### [CVE-2023-1119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1119) +![](https://img.shields.io/static/v1?label=Product&message=SrbTransLatin&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WP-Optimize&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2e78735a-a7fc-41fe-8284-45bf451eff06 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1120.md b/2023/CVE-2023-1120.md new file mode 100644 index 0000000000..bd84372b29 --- /dev/null +++ b/2023/CVE-2023-1120.md @@ -0,0 +1,17 @@ +### [CVE-2023-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1120) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Giveaways&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.45.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c2defd30-7e4c-4a28-8a68-282429061f3f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1121.md b/2023/CVE-2023-1121.md new file mode 100644 index 0000000000..042e7d5c6a --- /dev/null +++ b/2023/CVE-2023-1121.md @@ -0,0 +1,17 @@ +### [CVE-2023-1121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1121) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Giveaways&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.45.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7ead9fb9-d81f-47c6-a1b4-21f29183cc15 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1122.md b/2023/CVE-2023-1122.md new file mode 100644 index 0000000000..7459d6c2c9 --- /dev/null +++ b/2023/CVE-2023-1122.md @@ -0,0 +1,17 @@ +### [CVE-2023-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1122) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Giveaways&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.45.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/71f5d630-2726-48c7-b9e5-7bebc786b561 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1124.md b/2023/CVE-2023-1124.md new file mode 100644 index 0000000000..7e8e802bd4 --- /dev/null +++ b/2023/CVE-2023-1124.md @@ -0,0 +1,17 @@ +### [CVE-2023-1124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1124) +![](https://img.shields.io/static/v1?label=Product&message=Shopping%20Cart%20%26%20eCommerce%20Store&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/229b93cd-544b-4877-8d9f-e6debda9511c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1125.md b/2023/CVE-2023-1125.md new file mode 100644 index 0000000000..45f8318848 --- /dev/null +++ b/2023/CVE-2023-1125.md @@ -0,0 +1,17 @@ +### [CVE-2023-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1125) +![](https://img.shields.io/static/v1?label=Product&message=Ruby%20Help%20Desk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e8a4b6ab-47f8-495d-a22c-dcf914dfb58c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1126.md b/2023/CVE-2023-1126.md new file mode 100644 index 0000000000..ee93a963ae --- /dev/null +++ b/2023/CVE-2023-1126.md @@ -0,0 +1,17 @@ +### [CVE-2023-1126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1126) +![](https://img.shields.io/static/v1?label=Product&message=WP%20FEvents%20Book&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1129.md b/2023/CVE-2023-1129.md new file mode 100644 index 0000000000..c0d8890296 --- /dev/null +++ b/2023/CVE-2023-1129.md @@ -0,0 +1,17 @@ +### [CVE-2023-1129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1129) +![](https://img.shields.io/static/v1?label=Product&message=WP%20FEvents%20Book&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1166.md b/2023/CVE-2023-1166.md new file mode 100644 index 0000000000..fb2ec483a1 --- /dev/null +++ b/2023/CVE-2023-1166.md @@ -0,0 +1,17 @@ +### [CVE-2023-1166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1166) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate-Premium-Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2016.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/825eccf9-f351-4a5b-b238-9969141b94fa + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1177.md b/2023/CVE-2023-1177.md index b5af03f3e8..a6e1c7d709 100644 --- a/2023/CVE-2023-1177.md +++ b/2023/CVE-2023-1177.md @@ -13,6 +13,7 @@ Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1 - https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/ARPSyndicate/cvemon - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Threekiii/Awesome-POC diff --git a/2023/CVE-2023-1196.md b/2023/CVE-2023-1196.md new file mode 100644 index 0000000000..790696bc27 --- /dev/null +++ b/2023/CVE-2023-1196.md @@ -0,0 +1,19 @@ +### [CVE-2023-1196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1196) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Custom%20Fields%20(ACF)%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Custom%20Fields%20(ACF)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%205.12.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8e5ec88e-0e66-44e4-bbf2-74155d849ede +- https://wpscan.com/vulnerability/cf376ca2-92f6-44ff-929a-ace809460a33 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1207.md b/2023/CVE-2023-1207.md new file mode 100644 index 0000000000..6543205566 --- /dev/null +++ b/2023/CVE-2023-1207.md @@ -0,0 +1,17 @@ +### [CVE-2023-1207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1207) +![](https://img.shields.io/static/v1?label=Product&message=HTTP%20Headers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.18.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1208.md b/2023/CVE-2023-1208.md new file mode 100644 index 0000000000..712816425a --- /dev/null +++ b/2023/CVE-2023-1208.md @@ -0,0 +1,17 @@ +### [CVE-2023-1208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1208) +![](https://img.shields.io/static/v1?label=Product&message=HTTP%20Headers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.18.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e0cc6740-866a-4a81-a93d-ff486b79b7f7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1234.md b/2023/CVE-2023-1234.md index 6366a44544..28ad0abb21 100644 --- a/2023/CVE-2023-1234.md +++ b/2023/CVE-2023-1234.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/CyberMatters/Hermes - https://github.com/DataSurgeon-ds/ds-cve-plugin +- https://github.com/RIZZZIOM/nemesis - https://github.com/espressif/esp-idf-sbom - https://github.com/srand2/Variantanalysis - https://github.com/synfinner/KEVin diff --git a/2023/CVE-2023-1260.md b/2023/CVE-2023-1260.md new file mode 100644 index 0000000000..0b3259308f --- /dev/null +++ b/2023/CVE-2023-1260.md @@ -0,0 +1,22 @@ +### [CVE-2023-1260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1260) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.11&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.12&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-1273.md b/2023/CVE-2023-1273.md index 952b8a5d40..4c677d984e 100644 --- a/2023/CVE-2023-1273.md +++ b/2023/CVE-2023-1273.md @@ -10,7 +10,7 @@ The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode a ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/0805ed7e-395d-48de-b484-6c3ec1cd4b8e #### Github - https://github.com/codeb0ss/CVE-2023-1273-PoC diff --git a/2023/CVE-2023-1274.md b/2023/CVE-2023-1274.md new file mode 100644 index 0000000000..6b9a029d1d --- /dev/null +++ b/2023/CVE-2023-1274.md @@ -0,0 +1,17 @@ +### [CVE-2023-1274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1274) +![](https://img.shields.io/static/v1?label=Product&message=Pricing%20Tables%20For%20WPBakery%20Page%20Builder%20(formerly%20Visual%20Composer)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/267acb2c-1a95-487f-a714-516de05d2b2f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1282.md b/2023/CVE-2023-1282.md index 2f97fd9904..f1d4e36b2a 100644 --- a/2023/CVE-2023-1282.md +++ b/2023/CVE-2023-1282.md @@ -13,6 +13,7 @@ The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress p #### Reference - https://wpscan.com/vulnerability/8a9548c5-59ea-46b0-bfa5-a0f7a259351a +- https://wpscan.com/vulnerability/f4b2617f-5235-4587-9eaf-d0f6bb23dc27 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-1323.md b/2023/CVE-2023-1323.md new file mode 100644 index 0000000000..2af125827b --- /dev/null +++ b/2023/CVE-2023-1323.md @@ -0,0 +1,17 @@ +### [CVE-2023-1323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1323) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Forms%20for%20Mailchimp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.8.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d3a2af00-719c-4b86-8877-b1d68a589192 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1324.md b/2023/CVE-2023-1324.md new file mode 100644 index 0000000000..802cc283e2 --- /dev/null +++ b/2023/CVE-2023-1324.md @@ -0,0 +1,17 @@ +### [CVE-2023-1324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1324) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Forms%20for%20Mailchimp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.8.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1325.md b/2023/CVE-2023-1325.md new file mode 100644 index 0000000000..4c139938f1 --- /dev/null +++ b/2023/CVE-2023-1325.md @@ -0,0 +1,17 @@ +### [CVE-2023-1325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1325) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Forms%20for%20Mailchimp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.8.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5f37cbf3-2388-4582-876c-6a7b0943c2a7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1330.md b/2023/CVE-2023-1330.md new file mode 100644 index 0000000000..0d9f7fc3ca --- /dev/null +++ b/2023/CVE-2023-1330.md @@ -0,0 +1,17 @@ +### [CVE-2023-1330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1330) +![](https://img.shields.io/static/v1?label=Product&message=Redirection&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/de4cff6d-0030-40e6-8221-fef56e12b4de + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1331.md b/2023/CVE-2023-1331.md new file mode 100644 index 0000000000..69f9eb17e6 --- /dev/null +++ b/2023/CVE-2023-1331.md @@ -0,0 +1,17 @@ +### [CVE-2023-1331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1331) +![](https://img.shields.io/static/v1?label=Product&message=Redirection&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f81d9340-cf7e-46c4-b669-e61f2559cb8c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1347.md b/2023/CVE-2023-1347.md new file mode 100644 index 0000000000..8b7ea74734 --- /dev/null +++ b/2023/CVE-2023-1347.md @@ -0,0 +1,17 @@ +### [CVE-2023-1347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1347) +![](https://img.shields.io/static/v1?label=Product&message=Customizer%20Export%2FImport&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.9.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present + +### POC + +#### Reference +- https://wpscan.com/vulnerability/356a5977-c90c-4fc6-98ed-032d5b27f272 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1371.md b/2023/CVE-2023-1371.md new file mode 100644 index 0000000000..e26ecd137d --- /dev/null +++ b/2023/CVE-2023-1371.md @@ -0,0 +1,17 @@ +### [CVE-2023-1371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1371) +![](https://img.shields.io/static/v1?label=Product&message=W4%20Post%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1373.md b/2023/CVE-2023-1373.md new file mode 100644 index 0000000000..c915069ef4 --- /dev/null +++ b/2023/CVE-2023-1373.md @@ -0,0 +1,17 @@ +### [CVE-2023-1373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1373) +![](https://img.shields.io/static/v1?label=Product&message=W4%20Post%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fa38f3e6-e04c-467c-969b-0f6736087589 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1377.md b/2023/CVE-2023-1377.md new file mode 100644 index 0000000000..bf6e8a56bc --- /dev/null +++ b/2023/CVE-2023-1377.md @@ -0,0 +1,17 @@ +### [CVE-2023-1377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1377) +![](https://img.shields.io/static/v1?label=Product&message=Solidres&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c346ff80-c16b-4219-8983-708c64fa4a61 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1381.md b/2023/CVE-2023-1381.md index 168d3373a0..5927ccac28 100644 --- a/2023/CVE-2023-1381.md +++ b/2023/CVE-2023-1381.md @@ -11,6 +11,7 @@ The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths #### Reference - https://blog.wpscan.com/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce/ +- https://wpscan.com/vulnerability/f140a928-d297-4bd1-8552-bfebcedba536 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-1389.md b/2023/CVE-2023-1389.md index 92bcee15ff..8d54a5c05a 100644 --- a/2023/CVE-2023-1389.md +++ b/2023/CVE-2023-1389.md @@ -14,6 +14,7 @@ TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 conta - https://www.tenable.com/security/research/tra-2023-11 #### Github +- https://github.com/Co5mos/nuclei-tps - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Terminal1337/CVE-2023-1389 diff --git a/2023/CVE-2023-1400.md b/2023/CVE-2023-1400.md new file mode 100644 index 0000000000..a799194963 --- /dev/null +++ b/2023/CVE-2023-1400.md @@ -0,0 +1,17 @@ +### [CVE-2023-1400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1400) +![](https://img.shields.io/static/v1?label=Product&message=Modern%20Events%20Calendar%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.5.2.%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c7feceef-28f1-4cac-b124-4b95e3f17b07 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1405.md b/2023/CVE-2023-1405.md new file mode 100644 index 0000000000..b81bb3abc6 --- /dev/null +++ b/2023/CVE-2023-1405.md @@ -0,0 +1,17 @@ +### [CVE-2023-1405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1405) +![](https://img.shields.io/static/v1?label=Product&message=Formidable%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8c727a31-ff65-4472-8191-b1becc08192a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1406.md b/2023/CVE-2023-1406.md new file mode 100644 index 0000000000..a3106b6d1f --- /dev/null +++ b/2023/CVE-2023-1406.md @@ -0,0 +1,17 @@ +### [CVE-2023-1406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1406) +![](https://img.shields.io/static/v1?label=Product&message=JetEngine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2a81b6b1-2339-4889-9c28-1af133df8b65 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1408.md b/2023/CVE-2023-1408.md new file mode 100644 index 0000000000..0125173d41 --- /dev/null +++ b/2023/CVE-2023-1408.md @@ -0,0 +1,17 @@ +### [CVE-2023-1408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1408) +![](https://img.shields.io/static/v1?label=Product&message=Video%20List%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1413.md b/2023/CVE-2023-1413.md new file mode 100644 index 0000000000..b07b028dc7 --- /dev/null +++ b/2023/CVE-2023-1413.md @@ -0,0 +1,17 @@ +### [CVE-2023-1413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1413) +![](https://img.shields.io/static/v1?label=Product&message=WP%20VR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.2.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6938fee5-3510-45e6-8112-c9e2b30f6881 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1414.md b/2023/CVE-2023-1414.md new file mode 100644 index 0000000000..ad2473f2c7 --- /dev/null +++ b/2023/CVE-2023-1414.md @@ -0,0 +1,18 @@ +### [CVE-2023-1414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1414) +![](https://img.shields.io/static/v1?label=Product&message=WP%20VR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d61d4be7-9251-4c62-8fb7-8a456aa6969e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1420.md b/2023/CVE-2023-1420.md new file mode 100644 index 0000000000..ac7e3f2c3e --- /dev/null +++ b/2023/CVE-2023-1420.md @@ -0,0 +1,19 @@ +### [CVE-2023-1420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1420) +![](https://img.shields.io/static/v1?label=Product&message=Ajax%20Search%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Ajax%20Search%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.11.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.26.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1425.md b/2023/CVE-2023-1425.md new file mode 100644 index 0000000000..b14cf0c493 --- /dev/null +++ b/2023/CVE-2023-1425.md @@ -0,0 +1,17 @@ +### [CVE-2023-1425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1425) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20CRM%2C%20Email%20%26%20Marketing%20Automation%20for%20WordPress%20%7C%20Award%20Winner%20%E2%80%94%20Groundhogg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.9.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins + +### POC + +#### Reference +- https://wpscan.com/vulnerability/578f4179-e7be-4963-9379-5e694911b451 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1426.md b/2023/CVE-2023-1426.md new file mode 100644 index 0000000000..b2e3042bb1 --- /dev/null +++ b/2023/CVE-2023-1426.md @@ -0,0 +1,17 @@ +### [CVE-2023-1426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1426) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Tiles&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1427.md b/2023/CVE-2023-1427.md new file mode 100644 index 0000000000..9212115a0f --- /dev/null +++ b/2023/CVE-2023-1427.md @@ -0,0 +1,17 @@ +### [CVE-2023-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1427) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1435.md b/2023/CVE-2023-1435.md new file mode 100644 index 0000000000..63cc2252e5 --- /dev/null +++ b/2023/CVE-2023-1435.md @@ -0,0 +1,17 @@ +### [CVE-2023-1435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1435) +![](https://img.shields.io/static/v1?label=Product&message=Ajax%20Search%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.26.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0ca62908-4ef5-41e0-9223-f77ad2c333d7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1454.md b/2023/CVE-2023-1454.md index cf9dd650e0..d93709199f 100644 --- a/2023/CVE-2023-1454.md +++ b/2023/CVE-2023-1454.md @@ -13,6 +13,7 @@ A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/ARPSyndicate/cvemon - https://github.com/Awrrays/FrameVul - https://github.com/BugFor-Pings/CVE-2023-1454 @@ -29,4 +30,5 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/padbergpete47/CVE-2023-1454 - https://github.com/shad0w0sec/CVE-2023-1454-EXP +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-1465.md b/2023/CVE-2023-1465.md new file mode 100644 index 0000000000..0fee4715d5 --- /dev/null +++ b/2023/CVE-2023-1465.md @@ -0,0 +1,17 @@ +### [CVE-2023-1465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1465) +![](https://img.shields.io/static/v1?label=Product&message=WP%20EasyPay&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1473.md b/2023/CVE-2023-1473.md new file mode 100644 index 0000000000..1bc322138e --- /dev/null +++ b/2023/CVE-2023-1473.md @@ -0,0 +1,17 @@ +### [CVE-2023-1473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1473) +![](https://img.shields.io/static/v1?label=Product&message=Slider%2C%20Gallery%2C%20and%20Carousel%20by%20MetaSlider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.29.0%3C%203.29.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a6e6c67b-7d9b-4fdb-8115-c33add7bfc3d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1476.md b/2023/CVE-2023-1476.md index 80dfb93c4f..501aed4ce4 100644 --- a/2023/CVE-2023-1476.md +++ b/2023/CVE-2023-1476.md @@ -1,5 +1,4 @@ ### [CVE-2023-1476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1476) -![](https://img.shields.io/static/v1?label=Product&message=Kernel&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2023/CVE-2023-1478.md b/2023/CVE-2023-1478.md index b95525ca57..7454668d12 100644 --- a/2023/CVE-2023-1478.md +++ b/2023/CVE-2023-1478.md @@ -10,7 +10,7 @@ The Hummingbird WordPress plugin before 3.4.2 does not validate the generated fi ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/512a9ba4-01c0-4614-a991-efdc7fe51abe #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-1498.md b/2023/CVE-2023-1498.md new file mode 100644 index 0000000000..8f356234c7 --- /dev/null +++ b/2023/CVE-2023-1498.md @@ -0,0 +1,18 @@ +### [CVE-2023-1498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1498) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Hotel%20Site&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Decemberus/BugHub +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-1500.md b/2023/CVE-2023-1500.md new file mode 100644 index 0000000000..504db67342 --- /dev/null +++ b/2023/CVE-2023-1500.md @@ -0,0 +1,17 @@ +### [CVE-2023-1500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1500) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Art%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Decemberus/BugHub + diff --git a/2023/CVE-2023-1524.md b/2023/CVE-2023-1524.md new file mode 100644 index 0000000000..70605272f7 --- /dev/null +++ b/2023/CVE-2023-1524.md @@ -0,0 +1,17 @@ +### [CVE-2023-1524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1524) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.71%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1525.md b/2023/CVE-2023-1525.md new file mode 100644 index 0000000000..d77fbfc2f9 --- /dev/null +++ b/2023/CVE-2023-1525.md @@ -0,0 +1,17 @@ +### [CVE-2023-1525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1525) +![](https://img.shields.io/static/v1?label=Product&message=Site%20Reviews&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4ae6bf90-b100-4bb5-bdd7-8acdbd950596 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1549.md b/2023/CVE-2023-1549.md new file mode 100644 index 0000000000..76df119bd2 --- /dev/null +++ b/2023/CVE-2023-1549.md @@ -0,0 +1,17 @@ +### [CVE-2023-1549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1549) +![](https://img.shields.io/static/v1?label=Product&message=Ad%20Inserter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.27%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c94b3a68-673b-44d7-9251-f3590cc5ee9e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1554.md b/2023/CVE-2023-1554.md index 4b918608d8..3d45580b39 100644 --- a/2023/CVE-2023-1554.md +++ b/2023/CVE-2023-1554.md @@ -10,7 +10,7 @@ The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/0d247a3d-154e-4da7-a147-c1c7e1b5e87e #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-1579.md b/2023/CVE-2023-1579.md index 502ccc4420..70af89114a 100644 --- a/2023/CVE-2023-1579.md +++ b/2023/CVE-2023-1579.md @@ -14,4 +14,5 @@ Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. #### Github - https://github.com/13579and2468/Wei-fuzz +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-1584.md b/2023/CVE-2023-1584.md index 72ecc28e12..55519ad2b1 100644 --- a/2023/CVE-2023-1584.md +++ b/2023/CVE-2023-1584.md @@ -1,7 +1,6 @@ ### [CVE-2023-1584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1584) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=quarkus-oidc&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHINT%20Service%20Registry%202.5.4%20GA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%202.13.8.Final&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) diff --git a/2023/CVE-2023-1596.md b/2023/CVE-2023-1596.md index 73b57498db..50f855ddf9 100644 --- a/2023/CVE-2023-1596.md +++ b/2023/CVE-2023-1596.md @@ -10,7 +10,7 @@ The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a p ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/cada9be9-522a-4ce8-847d-c8fff2ddcc07 #### Github - https://github.com/truocphan/VulnBox diff --git a/2023/CVE-2023-1597.md b/2023/CVE-2023-1597.md index d8cb924e30..44c509e806 100644 --- a/2023/CVE-2023-1597.md +++ b/2023/CVE-2023-1597.md @@ -11,7 +11,7 @@ The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/4eafe111-8874-4560-83ff-394abe7a803b #### Github - https://github.com/truocphan/VulnBox diff --git a/2023/CVE-2023-1614.md b/2023/CVE-2023-1614.md index 8d64b0e112..85571bada7 100644 --- a/2023/CVE-2023-1614.md +++ b/2023/CVE-2023-1614.md @@ -10,7 +10,7 @@ The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and esc ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/56abd1e2-0ea9-47f7-9a1b-2093ac15d39c #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-1623.md b/2023/CVE-2023-1623.md new file mode 100644 index 0000000000..7c351eb6df --- /dev/null +++ b/2023/CVE-2023-1623.md @@ -0,0 +1,17 @@ +### [CVE-2023-1623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1623) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Post%20Type%20UI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.13.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a04d3808-f4fc-4d77-a1bd-be623cd7053e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1624.md b/2023/CVE-2023-1624.md new file mode 100644 index 0000000000..84b285957d --- /dev/null +++ b/2023/CVE-2023-1624.md @@ -0,0 +1,17 @@ +### [CVE-2023-1624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1624) +![](https://img.shields.io/static/v1?label=Product&message=WPCode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders + +### POC + +#### Reference +- https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1649.md b/2023/CVE-2023-1649.md new file mode 100644 index 0000000000..176fc78947 --- /dev/null +++ b/2023/CVE-2023-1649.md @@ -0,0 +1,17 @@ +### [CVE-2023-1649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1649) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ea806115-14ab-4bc4-a272-2141cb14454a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1650.md b/2023/CVE-2023-1650.md new file mode 100644 index 0000000000..2304a325b9 --- /dev/null +++ b/2023/CVE-2023-1650.md @@ -0,0 +1,17 @@ +### [CVE-2023-1650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1650) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.4.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1651.md b/2023/CVE-2023-1651.md new file mode 100644 index 0000000000..05ffc7d4fb --- /dev/null +++ b/2023/CVE-2023-1651.md @@ -0,0 +1,18 @@ +### [CVE-2023-1651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1651) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1660.md b/2023/CVE-2023-1660.md new file mode 100644 index 0000000000..f50e335f5c --- /dev/null +++ b/2023/CVE-2023-1660.md @@ -0,0 +1,18 @@ +### [CVE-2023-1660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1660) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1669.md b/2023/CVE-2023-1669.md new file mode 100644 index 0000000000..e16802f0e7 --- /dev/null +++ b/2023/CVE-2023-1669.md @@ -0,0 +1,17 @@ +### [CVE-2023-1669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1669) +![](https://img.shields.io/static/v1?label=Product&message=SEOPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.5.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fb8791f5-2879-431e-9afc-06d5839e4b9d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1698.md b/2023/CVE-2023-1698.md index 89b34e124e..17d78ee2df 100644 --- a/2023/CVE-2023-1698.md +++ b/2023/CVE-2023-1698.md @@ -26,6 +26,8 @@ No PoCs from references. - https://github.com/izj007/wechat - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/thedarknessdied/WAGO-CVE-2023-1698 +- https://github.com/whoami13apt/files2 +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2023/CVE-2023-1730.md b/2023/CVE-2023-1730.md index ad3a25524f..51ba50e901 100644 --- a/2023/CVE-2023-1730.md +++ b/2023/CVE-2023-1730.md @@ -10,7 +10,7 @@ The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7 #### Github - https://github.com/tanjiti/sec_profile diff --git a/2023/CVE-2023-1800.md b/2023/CVE-2023-1800.md index 973bd4fc96..2fbe70a9f6 100644 --- a/2023/CVE-2023-1800.md +++ b/2023/CVE-2023-1800.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as critical, has been found in sjqzhang go No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/ARPSyndicate/cvemon - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Threekiii/Awesome-POC diff --git a/2023/CVE-2023-1804.md b/2023/CVE-2023-1804.md new file mode 100644 index 0000000000..d608da9e95 --- /dev/null +++ b/2023/CVE-2023-1804.md @@ -0,0 +1,17 @@ +### [CVE-2023-1804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1804) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Catalog%20Feed%20by%20PixelYourSite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/55b28fa6-a54f-4365-9d59-f9e331c1e11b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1805.md b/2023/CVE-2023-1805.md new file mode 100644 index 0000000000..560b78d3f8 --- /dev/null +++ b/2023/CVE-2023-1805.md @@ -0,0 +1,17 @@ +### [CVE-2023-1805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1805) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Catalog%20Feed%20by%20PixelYourSite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/46b4582f-7651-4b74-a00b-1788587ecfa8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1806.md b/2023/CVE-2023-1806.md new file mode 100644 index 0000000000..0b0dcea872 --- /dev/null +++ b/2023/CVE-2023-1806.md @@ -0,0 +1,17 @@ +### [CVE-2023-1806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1806) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Inventory%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/38d99c7d-2d10-4910-b95a-1cb545b813c4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1809.md b/2023/CVE-2023-1809.md new file mode 100644 index 0000000000..f77a6791b5 --- /dev/null +++ b/2023/CVE-2023-1809.md @@ -0,0 +1,17 @@ +### [CVE-2023-1809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1809) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1829.md b/2023/CVE-2023-1829.md index af3466df7b..b5e2c0f83a 100644 --- a/2023/CVE-2023-1829.md +++ b/2023/CVE-2023-1829.md @@ -17,6 +17,7 @@ A use-after-free vulnerability in the Linux Kernel traffic control index filter - https://github.com/N1ghtu/RWCTF6th-RIPTC - https://github.com/Threekiii/CVE - https://github.com/lanleft/CVE2023-1829 +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/star-sg/CVE - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-1835.md b/2023/CVE-2023-1835.md new file mode 100644 index 0000000000..27c712942f --- /dev/null +++ b/2023/CVE-2023-1835.md @@ -0,0 +1,17 @@ +### [CVE-2023-1835](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1835) +![](https://img.shields.io/static/v1?label=Product&message=Ninja%20Forms%20Contact%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.6.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b5fc223c-5ec0-44b2-b2f6-b35f9942d341 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1839.md b/2023/CVE-2023-1839.md new file mode 100644 index 0000000000..b65593e2f9 --- /dev/null +++ b/2023/CVE-2023-1839.md @@ -0,0 +1,17 @@ +### [CVE-2023-1839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1839) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Addons%20%26%20Fields%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2032.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fddc5a1c-f267-4ef4-8acf-731dbecac450 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1841.md b/2023/CVE-2023-1841.md index 17d32b3397..328abe4921 100644 --- a/2023/CVE-2023-1841.md +++ b/2023/CVE-2023-1841.md @@ -13,5 +13,5 @@ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti - https://https://www.honeywell.com/us/en/product-security #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-1861.md b/2023/CVE-2023-1861.md new file mode 100644 index 0000000000..35fd6802f4 --- /dev/null +++ b/2023/CVE-2023-1861.md @@ -0,0 +1,17 @@ +### [CVE-2023-1861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1861) +![](https://img.shields.io/static/v1?label=Product&message=Limit%20Login%20Attempts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1890.md b/2023/CVE-2023-1890.md index 707df0d6a9..a7a4371c30 100644 --- a/2023/CVE-2023-1890.md +++ b/2023/CVE-2023-1890.md @@ -11,6 +11,7 @@ The Tablesome WordPress plugin before 1.0.9 does not escape various generated UR #### Reference - http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-1905.md b/2023/CVE-2023-1905.md new file mode 100644 index 0000000000..5df9b73546 --- /dev/null +++ b/2023/CVE-2023-1905.md @@ -0,0 +1,17 @@ +### [CVE-2023-1905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1905) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Popups&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003 + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b6ac3e15-6f39-4514-a50d-cca7b9457736 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1911.md b/2023/CVE-2023-1911.md new file mode 100644 index 0000000000..12642ba5d9 --- /dev/null +++ b/2023/CVE-2023-1911.md @@ -0,0 +1,17 @@ +### [CVE-2023-1911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1911) +![](https://img.shields.io/static/v1?label=Product&message=Blocksy%20Companion&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.82%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e7c52af0-b210-4e7d-a5e0-ee0645ddc08c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1915.md b/2023/CVE-2023-1915.md new file mode 100644 index 0000000000..89b913952b --- /dev/null +++ b/2023/CVE-2023-1915.md @@ -0,0 +1,17 @@ +### [CVE-2023-1915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1915) +![](https://img.shields.io/static/v1?label=Product&message=Thumbnail%20carousel%20slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0487c3f6-1a3c-4089-a614-15138f52f69b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1938.md b/2023/CVE-2023-1938.md new file mode 100644 index 0000000000..348abaa147 --- /dev/null +++ b/2023/CVE-2023-1938.md @@ -0,0 +1,18 @@ +### [CVE-2023-1938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1938) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Fastest%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue + +### POC + +#### Reference +- https://wpscan.com/vulnerability/92b1c6d8-51db-46aa-bde6-abdfb091aab5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1972.md b/2023/CVE-2023-1972.md index 05eb15a682..c6c28036a7 100644 --- a/2023/CVE-2023-1972.md +++ b/2023/CVE-2023-1972.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/13579and2468/Wei-fuzz +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-1977.md b/2023/CVE-2023-1977.md new file mode 100644 index 0000000000..963bf311b0 --- /dev/null +++ b/2023/CVE-2023-1977.md @@ -0,0 +1,17 @@ +### [CVE-2023-1977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1977) +![](https://img.shields.io/static/v1?label=Product&message=Booking%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.29%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-1982.md b/2023/CVE-2023-1982.md new file mode 100644 index 0000000000..511998be7e --- /dev/null +++ b/2023/CVE-2023-1982.md @@ -0,0 +1,17 @@ +### [CVE-2023-1982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1982) +![](https://img.shields.io/static/v1?label=Product&message=Guest%20posting%20%2F%20Frontend%20Posting%20wordpress%20plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/51987966-8007-4e12-bc2e-997b92054739 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-20048.md b/2023/CVE-2023-20048.md new file mode 100644 index 0000000000..4a581bf393 --- /dev/null +++ b/2023/CVE-2023-20048.md @@ -0,0 +1,19 @@ +### [CVE-2023-20048](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20048) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Privilege%20Management&color=brighgreen) + +### Description + +A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0zer0d4y/FuegoTest +- https://github.com/absholi7ly/absholi7ly +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2009.md b/2023/CVE-2023-2009.md new file mode 100644 index 0000000000..c02b8945a9 --- /dev/null +++ b/2023/CVE-2023-2009.md @@ -0,0 +1,17 @@ +### [CVE-2023-2009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2009) +![](https://img.shields.io/static/v1?label=Product&message=Pretty%20Url&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f7988a18-ba9d-4ead-82c8-30ea8223846f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2010.md b/2023/CVE-2023-2010.md new file mode 100644 index 0000000000..cbe6f59a09 --- /dev/null +++ b/2023/CVE-2023-2010.md @@ -0,0 +1,17 @@ +### [CVE-2023-2010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2010) +![](https://img.shields.io/static/v1?label=Product&message=Forminator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.24.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Race%20Condition%20(Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization)&color=brighgreen) + +### Description + +The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d0da4c0d-622f-4310-a867-6bfdb474073a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-20178.md b/2023/CVE-2023-20178.md index 62fafa586c..b3f75a7e06 100644 --- a/2023/CVE-2023-20178.md +++ b/2023/CVE-2023-20178.md @@ -22,4 +22,5 @@ A vulnerability in the client update process of Cisco AnyConnect Secure Mobility - https://github.com/johe123qwe/github-trending - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/xct/CVE-2024-27460 diff --git a/2023/CVE-2023-20198.md b/2023/CVE-2023-20198.md index db2a1d2161..f1188214b6 100644 --- a/2023/CVE-2023-20198.md +++ b/2023/CVE-2023-20198.md @@ -18,6 +18,7 @@ Cisco is providing an update for the ongoing investigation into observed exploit - https://github.com/AdamCrosser/awesome-vuln-writeups - https://github.com/Atea-Redteam/CVE-2023-20198 - https://github.com/Cashiuus/pocman +- https://github.com/Codeb3af/CVE-2023-20198-RCE - https://github.com/H4lo/awesome-IoT-security-article - https://github.com/IceBreakerCode/CVE-2023-20198 - https://github.com/Jair0so/iosxe-cve @@ -26,11 +27,13 @@ Cisco is providing an update for the ongoing investigation into observed exploit - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Pushkarup/CVE-2023-20198 +- https://github.com/RevoltSecurities/CVE-2023-20198 - https://github.com/Shadow0ps/CVE-2023-20198-Scanner - https://github.com/Threekiii/CVE - https://github.com/Tounsi007/CVE-2023-20198 - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/Vulnmachines/Cisco_CVE-2023-20198 +- https://github.com/W01fh4cker/CVE-2023-20198-RCE - https://github.com/XRSec/AWVS-Update - https://github.com/ZephrFish/CVE-2023-20198-Checker - https://github.com/ZephrFish/Cisco-IOS-XE-Scanner @@ -40,6 +43,7 @@ Cisco is providing an update for the ongoing investigation into observed exploit - https://github.com/cadencejames/Check-HttpServerStatus - https://github.com/codeb0ss/CVE-2023-20198-PoC - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/dekoder/sigma2stix - https://github.com/ditekshen/ansible-cve-2023-20198 - https://github.com/emomeni/Simple-Ansible-for-CVE-2023-20198 - https://github.com/f1tao/awesome-iot-security-resource @@ -62,6 +66,7 @@ Cisco is providing an update for the ongoing investigation into observed exploit - https://github.com/smokeintheshell/CVE-2023-20198 - https://github.com/sohaibeb/CVE-2023-20198 - https://github.com/vulncheck-oss/go-exploit +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-2023.md b/2023/CVE-2023-2023.md index 287f629661..7161543ad8 100644 --- a/2023/CVE-2023-2023.md +++ b/2023/CVE-2023-2023.md @@ -10,7 +10,7 @@ The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs befor ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317 #### Github - https://github.com/CVEDB/awesome-cve-repo diff --git a/2023/CVE-2023-20248.md b/2023/CVE-2023-20248.md new file mode 100644 index 0000000000..fc81fbcb8c --- /dev/null +++ b/2023/CVE-2023-20248.md @@ -0,0 +1,17 @@ +### [CVE-2023-20248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20248) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20TelePresence%20Management%20Suite%20(TMS)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-20249.md b/2023/CVE-2023-20249.md new file mode 100644 index 0000000000..7351effaee --- /dev/null +++ b/2023/CVE-2023-20249.md @@ -0,0 +1,17 @@ +### [CVE-2023-20249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20249) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20TelePresence%20Management%20Suite%20(TMS)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20TMS_15.11.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2026.md b/2023/CVE-2023-2026.md new file mode 100644 index 0000000000..7e43d5a1b4 --- /dev/null +++ b/2023/CVE-2023-2026.md @@ -0,0 +1,17 @@ +### [CVE-2023-2026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2026) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Protector&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2b59f640-5568-42bb-87b7-36eb448db5be + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2028.md b/2023/CVE-2023-2028.md new file mode 100644 index 0000000000..16f275c286 --- /dev/null +++ b/2023/CVE-2023-2028.md @@ -0,0 +1,17 @@ +### [CVE-2023-2028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2028) +![](https://img.shields.io/static/v1?label=Product&message=Call%20Now%20Accessibility%20Button&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0f1c1f1c-acdd-4c8a-bd5e-a21f4915e69f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2029.md b/2023/CVE-2023-2029.md index 643972b846..c00b361dff 100644 --- a/2023/CVE-2023-2029.md +++ b/2023/CVE-2023-2029.md @@ -11,6 +11,7 @@ The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of #### Reference - http://packetstormsecurity.com/files/173729/WordPress-PrePost-SEO-3.0-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-2032.md b/2023/CVE-2023-2032.md new file mode 100644 index 0000000000..14c3ef8a99 --- /dev/null +++ b/2023/CVE-2023-2032.md @@ -0,0 +1,17 @@ +### [CVE-2023-2032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2032) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20404%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2068.md b/2023/CVE-2023-2068.md index 21a9179b54..d393fa5f82 100644 --- a/2023/CVE-2023-2068.md +++ b/2023/CVE-2023-2068.md @@ -11,6 +11,7 @@ The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adeq #### Reference - http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html +- https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056 #### Github - https://github.com/h00die-gr3y/Metasploit diff --git a/2023/CVE-2023-20702.md b/2023/CVE-2023-20702.md index 024b27c8f4..57c2cc8737 100644 --- a/2023/CVE-2023-20702.md +++ b/2023/CVE-2023-20702.md @@ -13,6 +13,7 @@ In 5G NRLC, there is a possible invalid memory access due to lack of error handl No PoCs from references. #### Github +- https://github.com/AEPP294/5ghoul-5g-nr-attacks - https://github.com/Shangzewen/U-Fuzz - https://github.com/asset-group/5ghoul-5g-nr-attacks - https://github.com/asset-group/U-Fuzz diff --git a/2023/CVE-2023-20860.md b/2023/CVE-2023-20860.md index d6e97f0d3b..5fb55f6a49 100644 --- a/2023/CVE-2023-20860.md +++ b/2023/CVE-2023-20860.md @@ -15,11 +15,24 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DrC0okie/HEIG_SLH_Labo1 +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/ax1sX/SpringSecurity - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/fernandoreb/dependency-check-springboot +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/limo520/CVE-2023-20860 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-20861.md b/2023/CVE-2023-20861.md index fd9e04151b..76d080e740 100644 --- a/2023/CVE-2023-20861.md +++ b/2023/CVE-2023-20861.md @@ -14,7 +14,20 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh - https://github.com/fernandoreb/dependency-check-springboot +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/limo520/CVE-2023-20860 - https://github.com/scordero1234/java_sec_demo-main diff --git a/2023/CVE-2023-20862.md b/2023/CVE-2023-20862.md index c0261c8952..d05c0789a6 100644 --- a/2023/CVE-2023-20862.md +++ b/2023/CVE-2023-20862.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh - https://github.com/IHTSDO/snomed-parent-bom diff --git a/2023/CVE-2023-20863.md b/2023/CVE-2023-20863.md index 84b9493697..d4a140ba90 100644 --- a/2023/CVE-2023-20863.md +++ b/2023/CVE-2023-20863.md @@ -15,7 +15,20 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DrC0okie/HEIG_SLH_Labo1 +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh - https://github.com/NikolaSavic1709/IB_tim12 - https://github.com/fernandoreb/dependency-check-springboot +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/scordero1234/java_sec_demo-main diff --git a/2023/CVE-2023-2087.md b/2023/CVE-2023-2087.md index 6cbfcf19a3..0ca95797f6 100644 --- a/2023/CVE-2023-2087.md +++ b/2023/CVE-2023-2087.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/izj007/wechat +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-20873.md b/2023/CVE-2023-20873.md index cd8f0fc00c..8e4d29fd6e 100644 --- a/2023/CVE-2023-20873.md +++ b/2023/CVE-2023-20873.md @@ -14,5 +14,17 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/scordero1234/java_sec_demo-main diff --git a/2023/CVE-2023-20883.md b/2023/CVE-2023-20883.md index af341139d0..a787541964 100644 --- a/2023/CVE-2023-20883.md +++ b/2023/CVE-2023-20883.md @@ -15,5 +15,18 @@ No PoCs from references. #### Github - https://github.com/DrC0okie/HEIG_SLH_Labo1 - https://github.com/NikolaSavic1709/IB_tim12 +- https://github.com/StjepanovicSrdjan/IB_certificate_manager +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/scordero1234/java_sec_demo-main diff --git a/2023/CVE-2023-20887.md b/2023/CVE-2023-20887.md index e85d3308c1..77394bd448 100644 --- a/2023/CVE-2023-20887.md +++ b/2023/CVE-2023-20887.md @@ -29,4 +29,5 @@ Aria Operations for Networks contains a command injection vulnerability. A malic - https://github.com/mynempel/e - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sinsinology/CVE-2023-20887 +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-2092.md b/2023/CVE-2023-2092.md index aacd967b9b..7474b30b36 100644 --- a/2023/CVE-2023-2092.md +++ b/2023/CVE-2023-2092.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as critical, has been found in SourceCodes No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2093.md b/2023/CVE-2023-2093.md index 2d33a3107b..ad707be898 100644 --- a/2023/CVE-2023-2093.md +++ b/2023/CVE-2023-2093.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as critical, was found in SourceCodester V No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2094.md b/2023/CVE-2023-2094.md index 0271992e12..d8887c302d 100644 --- a/2023/CVE-2023-2094.md +++ b/2023/CVE-2023-2094.md @@ -13,6 +13,7 @@ A vulnerability has been found in SourceCodester Vehicle Service Management Syst No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2095.md b/2023/CVE-2023-2095.md index 6f8a324be0..cbb2d0de23 100644 --- a/2023/CVE-2023-2095.md +++ b/2023/CVE-2023-2095.md @@ -13,6 +13,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2096.md b/2023/CVE-2023-2096.md index c1cea01590..c5757c92cb 100644 --- a/2023/CVE-2023-2096.md +++ b/2023/CVE-2023-2096.md @@ -13,6 +13,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2097.md b/2023/CVE-2023-2097.md index 0e39d1bf55..8811227250 100644 --- a/2023/CVE-2023-2097.md +++ b/2023/CVE-2023-2097.md @@ -13,6 +13,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. - https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Acaard/HTB-PC - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security diff --git a/2023/CVE-2023-2098.md b/2023/CVE-2023-2098.md index a43968dc3b..9f2a1713fa 100644 --- a/2023/CVE-2023-2098.md +++ b/2023/CVE-2023-2098.md @@ -13,6 +13,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2099.md b/2023/CVE-2023-2099.md index a850a0c696..dee02d54c3 100644 --- a/2023/CVE-2023-2099.md +++ b/2023/CVE-2023-2099.md @@ -13,6 +13,7 @@ A vulnerability classified as problematic has been found in SourceCodester Vehic No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2100.md b/2023/CVE-2023-2100.md index 5e9a62da13..541566d2ef 100644 --- a/2023/CVE-2023-2100.md +++ b/2023/CVE-2023-2100.md @@ -13,6 +13,7 @@ A vulnerability classified as problematic was found in SourceCodester Vehicle Se No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2111.md b/2023/CVE-2023-2111.md new file mode 100644 index 0000000000..950fd245db --- /dev/null +++ b/2023/CVE-2023-2111.md @@ -0,0 +1,17 @@ +### [CVE-2023-2111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2111) +![](https://img.shields.io/static/v1?label=Product&message=Fast%20%26%20Effective%20Popups%20%26%20Lead-Generation%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7a0bdd47-c339-489d-9443-f173a83447f2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2113.md b/2023/CVE-2023-2113.md new file mode 100644 index 0000000000..b23c50d50a --- /dev/null +++ b/2023/CVE-2023-2113.md @@ -0,0 +1,17 @@ +### [CVE-2023-2113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2113) +![](https://img.shields.io/static/v1?label=Product&message=Autoptimize&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2114.md b/2023/CVE-2023-2114.md index 5d2f0a5c56..c712c1165a 100644 --- a/2023/CVE-2023-2114.md +++ b/2023/CVE-2023-2114.md @@ -10,7 +10,7 @@ The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` p ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-2117.md b/2023/CVE-2023-2117.md new file mode 100644 index 0000000000..bbef18f976 --- /dev/null +++ b/2023/CVE-2023-2117.md @@ -0,0 +1,17 @@ +### [CVE-2023-2117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2117) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Optimizer%20by%2010web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.27%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2122.md b/2023/CVE-2023-2122.md new file mode 100644 index 0000000000..7975cedfe6 --- /dev/null +++ b/2023/CVE-2023-2122.md @@ -0,0 +1,17 @@ +### [CVE-2023-2122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2122) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Optimizer%20by%2010web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.27%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2123.md b/2023/CVE-2023-2123.md index 5f23b998e9..86076dcfad 100644 --- a/2023/CVE-2023-2123.md +++ b/2023/CVE-2023-2123.md @@ -11,6 +11,7 @@ The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and #### Reference - https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin +- https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1 #### Github - https://github.com/0xn4d/poc-cve-xss-encoded-wp-inventory-manager-plugin diff --git a/2023/CVE-2023-21253.md b/2023/CVE-2023-21253.md new file mode 100644 index 0000000000..0186db960a --- /dev/null +++ b/2023/CVE-2023-21253.md @@ -0,0 +1,17 @@ +### [CVE-2023-21253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21253) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2013%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20service&color=brighgreen) + +### Description + +In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nidhi7598/frameworks_base_AOSP10_r33_CVE-2023-21253 + diff --git a/2023/CVE-2023-21282.md b/2023/CVE-2023-21282.md index 8d21716517..ea5e75a396 100644 --- a/2023/CVE-2023-21282.md +++ b/2023/CVE-2023-21282.md @@ -14,6 +14,7 @@ In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write du #### Github - https://github.com/Trinadh465/external_aac_AOSP10_r33_CVE-2023-21282 +- https://github.com/Trinadh465/external_aac_android-4.2.2_r1_CVE-2023-21282 - https://github.com/nidhi7598/external_aac_AOSP04-r1_CVE-2023-21282 - https://github.com/nidhi7598/external_aac_AOSP_06_r22_CVE-2023-21282 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-2143.md b/2023/CVE-2023-2143.md new file mode 100644 index 0000000000..7c17953217 --- /dev/null +++ b/2023/CVE-2023-2143.md @@ -0,0 +1,17 @@ +### [CVE-2023-2143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2143) +![](https://img.shields.io/static/v1?label=Product&message=Enable%20SVG%2C%20WebP%20%26%20ICO%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/91898762-aa7d-4fbc-a016-3de48901e5de + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-21529.md b/2023/CVE-2023-21529.md new file mode 100644 index 0000000000..e1ef47336b --- /dev/null +++ b/2023/CVE-2023-21529.md @@ -0,0 +1,24 @@ +### [CVE-2023-21529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21529) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Exchange%20Server%202013%20Cumulative%20Update%2023&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Exchange%20Server%202016%20Cumulative%20Update%2023&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Exchange%20Server%202019%20Cumulative%20Update%2011&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Exchange%20Server%202019%20Cumulative%20Update%2012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=15.00.0%3C%2015.00.1497.047%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=15.01.0%3C%2015.01.2507.021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=15.02.0%3C%2015.02.0986.041%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=15.02.0%3C%2015.02.1118.025%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen) + +### Description + +Microsoft Exchange Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tr1pl3ight/CVE-2023-21529-POC + diff --git a/2023/CVE-2023-21554.md b/2023/CVE-2023-21554.md index d6d5bcf40e..7cc0e6db85 100644 --- a/2023/CVE-2023-21554.md +++ b/2023/CVE-2023-21554.md @@ -50,6 +50,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Hashi0x/PoC-CVE-2023-21554 - https://github.com/MrAgrippa/nes-01 +- https://github.com/T-RN-R/PatchDiffWednesday - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android - https://github.com/g1x-r/CVE-2023-21554-PoC - https://github.com/karimhabush/cyberowl diff --git a/2023/CVE-2023-21608.md b/2023/CVE-2023-21608.md index feef5e7bf3..a2412835b8 100644 --- a/2023/CVE-2023-21608.md +++ b/2023/CVE-2023-21608.md @@ -29,4 +29,6 @@ No PoCs from references. - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-21665.md b/2023/CVE-2023-21665.md index 0647be551f..4bc380a884 100644 --- a/2023/CVE-2023-21665.md +++ b/2023/CVE-2023-21665.md @@ -1,7 +1,7 @@ ### [CVE-2023-21665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21665) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-704%20Incorrect%20Type%20Conversion%20or%20Cast&color=brighgreen) ### Description diff --git a/2023/CVE-2023-21666.md b/2023/CVE-2023-21666.md index 9089b92cd1..867b7ef46c 100644 --- a/2023/CVE-2023-21666.md +++ b/2023/CVE-2023-21666.md @@ -1,7 +1,7 @@ ### [CVE-2023-21666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21666) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-401%20Improper%20Release%20of%20Memory%20Before%20Removing%20Last%20Reference%20('Memory%20Leak')&color=brighgreen) ### Description diff --git a/2023/CVE-2023-21670.md b/2023/CVE-2023-21670.md index 8ba3f4ef08..31ac066079 100644 --- a/2023/CVE-2023-21670.md +++ b/2023/CVE-2023-21670.md @@ -1,7 +1,7 @@ ### [CVE-2023-21670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21670) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) ### Description diff --git a/2023/CVE-2023-21674.md b/2023/CVE-2023-21674.md index 607b09431e..67c2fa3f91 100644 --- a/2023/CVE-2023-21674.md +++ b/2023/CVE-2023-21674.md @@ -39,6 +39,8 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/hd3s5aa/CVE-2023-21674 +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/santosomar/kev_checker - https://github.com/xaitax/cisa-catalog-known-vulnerabilities diff --git a/2023/CVE-2023-21707.md b/2023/CVE-2023-21707.md index de4eaf33fa..b93532b724 100644 --- a/2023/CVE-2023-21707.md +++ b/2023/CVE-2023-21707.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/FDlucifer/Proxy-Attackchain - https://github.com/N1k0la-T/CVE-2023-21707 - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android +- https://github.com/f0ur0four/Insecure-Deserialization - https://github.com/hktalent/bug-bounty - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-21716.md b/2023/CVE-2023-21716.md index c5168b6608..a03f973d0a 100644 --- a/2023/CVE-2023-21716.md +++ b/2023/CVE-2023-21716.md @@ -38,6 +38,7 @@ Microsoft Word Remote Code Execution Vulnerability No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon - https://github.com/CKevens/CVE-2023-21716-POC @@ -72,5 +73,6 @@ No PoCs from references. - https://github.com/r00tb1t/CVE-2024-21413-POC - https://github.com/revanmalang/OSCP - https://github.com/tib36/PhishingBook +- https://github.com/whoami13apt/files2 - https://github.com/xhref/OSCP diff --git a/2023/CVE-2023-21752.md b/2023/CVE-2023-21752.md index c2d7df53bf..0a9ce8ca8b 100644 --- a/2023/CVE-2023-21752.md +++ b/2023/CVE-2023-21752.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top +- https://github.com/Cruxer8Mech/Idk - https://github.com/DarkFunct/CVE_Exploits - https://github.com/GhostTroops/TOP - https://github.com/Mr-xn/Penetration_Testing_POC @@ -44,6 +45,8 @@ No PoCs from references. - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC - https://github.com/ycdxsb/WindowsPrivilegeEscalation - https://github.com/yosef0x01/CVE-2023-21752 +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-21768.md b/2023/CVE-2023-21768.md index 0d97fd9654..b4285a0dcb 100644 --- a/2023/CVE-2023-21768.md +++ b/2023/CVE-2023-21768.md @@ -25,9 +25,11 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top +- https://github.com/Cruxer8Mech/Idk - https://github.com/Dy-Baby/nullmap - https://github.com/GhostTroops/TOP - https://github.com/HKxiaoli/Windows_AFD_LPE_CVE-2023-21768 +- https://github.com/Ha0-Y/CVE-2023-21768 - https://github.com/HasanIftakher/win11-Previlage-escalation - https://github.com/Iveco/xknow_infosec - https://github.com/Jammstheshreklord/ELEVATE-PLIVLAGES diff --git a/2023/CVE-2023-2178.md b/2023/CVE-2023-2178.md new file mode 100644 index 0000000000..93f9e675da --- /dev/null +++ b/2023/CVE-2023-2178.md @@ -0,0 +1,17 @@ +### [CVE-2023-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2178) +![](https://img.shields.io/static/v1?label=Product&message=Aajoda%20Testimonials&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e84b71f9-4208-4efb-90e8-1c778e7d2ebb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2179.md b/2023/CVE-2023-2179.md new file mode 100644 index 0000000000..9c76ec0c52 --- /dev/null +++ b/2023/CVE-2023-2179.md @@ -0,0 +1,18 @@ +### [CVE-2023-2179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2179) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Order%20Status%20Change%20Notifier&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fbc56973-4225-4f44-8c38-d488e57cd551 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2180.md b/2023/CVE-2023-2180.md new file mode 100644 index 0000000000..0b7c2c29d7 --- /dev/null +++ b/2023/CVE-2023-2180.md @@ -0,0 +1,17 @@ +### [CVE-2023-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2180) +![](https://img.shields.io/static/v1?label=Product&message=KIWIZ%20Invoices%20Certification%20%26%20PDF%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-21808.md b/2023/CVE-2023-21808.md index 0e29db9c7f..df01b6bae0 100644 --- a/2023/CVE-2023-21808.md +++ b/2023/CVE-2023-21808.md @@ -46,4 +46,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet diff --git a/2023/CVE-2023-21812.md b/2023/CVE-2023-21812.md new file mode 100644 index 0000000000..f97525c06c --- /dev/null +++ b/2023/CVE-2023-21812.md @@ -0,0 +1,49 @@ +### [CVE-2023-21812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21812) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.19747%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.5717%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4010%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2604%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2604%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2604%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1547%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1265%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1574%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.21915%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24116%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20821%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) + +### Description + +Windows Common Log File System Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kolewttd/wtt + diff --git a/2023/CVE-2023-21823.md b/2023/CVE-2023-21823.md index f91f89af0d..ee66213bff 100644 --- a/2023/CVE-2023-21823.md +++ b/2023/CVE-2023-21823.md @@ -52,6 +52,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/Cruxer8Mech/Idk - https://github.com/Elizarfish/CVE-2023-21823 - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2023/CVE-2023-21839.md b/2023/CVE-2023-21839.md index 1ab690dc09..30770a2c78 100644 --- a/2023/CVE-2023-21839.md +++ b/2023/CVE-2023-21839.md @@ -30,6 +30,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/Jean-Francois-C/Windows-Penetration-Testing - https://github.com/KRookieSec/WebSecurityStudy - https://github.com/KimJun1010/WeblogicTool +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/MMarch7/weblogic_CVE-2023-21839_POC-EXP - https://github.com/Mr-xn/Penetration_Testing_POC @@ -38,6 +39,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker - https://github.com/Romanc9/Gui-poc-test - https://github.com/Threekiii/Awesome-Exploit +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android diff --git a/2023/CVE-2023-22102.md b/2023/CVE-2023-22102.md new file mode 100644 index 0000000000..992d460cbd --- /dev/null +++ b/2023/CVE-2023-22102.md @@ -0,0 +1,28 @@ +### [CVE-2023-22102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22102) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Connectors&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Connectors.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker%20and%20while%20the%20vulnerability%20is%20in%20MySQL%20Connectors%2C%20attacks%20may%20significantly%20impact%20additional%20products%20(scope%20change).%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20takeover%20of%20MySQL%20Connectors.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 + diff --git a/2023/CVE-2023-2221.md b/2023/CVE-2023-2221.md new file mode 100644 index 0000000000..ae800b5eb6 --- /dev/null +++ b/2023/CVE-2023-2221.md @@ -0,0 +1,17 @@ +### [CVE-2023-2221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2221) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Custom%20Cursors%20%7C%20WordPress%20Cursor%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6666688e-7239-4d40-a348-307cf8f3b657 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2223.md b/2023/CVE-2023-2223.md index 98ff8c7fc7..5b091cbba1 100644 --- a/2023/CVE-2023-2223.md +++ b/2023/CVE-2023-2223.md @@ -11,6 +11,7 @@ The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape s #### Reference - http://packetstormsecurity.com/files/173726/WordPress-Login-Rebuilder-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/7b356b82-5d03-4f70-b4ce-f1405304bb52 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-2224.md b/2023/CVE-2023-2224.md index 2145e3d371..36419c6065 100644 --- a/2023/CVE-2023-2224.md +++ b/2023/CVE-2023-2224.md @@ -11,6 +11,7 @@ The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some #### Reference - http://packetstormsecurity.com/files/173725/WordPress-Seo-By-10Web-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/a76b6d22-1e00-428a-8a04-12162bd0d992 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-2225.md b/2023/CVE-2023-2225.md new file mode 100644 index 0000000000..6baf167940 --- /dev/null +++ b/2023/CVE-2023-2225.md @@ -0,0 +1,17 @@ +### [CVE-2023-2225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2225) +![](https://img.shields.io/static/v1?label=Product&message=SEO%20ALert&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22376.md b/2023/CVE-2023-22376.md new file mode 100644 index 0000000000..1236f8f189 --- /dev/null +++ b/2023/CVE-2023-22376.md @@ -0,0 +1,17 @@ +### [CVE-2023-22376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22376) +![](https://img.shields.io/static/v1?label=Product&message=Wired%2FWireless%20LAN%20Pan%2FTilt%20Network%20Camera%20CS-WMV02G&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20cross-site%20scripting&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-22478.md b/2023/CVE-2023-22478.md index 32cc4570a5..c20d0b4e22 100644 --- a/2023/CVE-2023-22478.md +++ b/2023/CVE-2023-22478.md @@ -13,6 +13,7 @@ KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entiti No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/Henry4E36/POCS - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Threekiii/Awesome-POC diff --git a/2023/CVE-2023-22515.md b/2023/CVE-2023-22515.md index c0dac379da..846119788a 100644 --- a/2023/CVE-2023-22515.md +++ b/2023/CVE-2023-22515.md @@ -31,6 +31,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/HACK-THE-WORLD/DailyMorningReading - https://github.com/INTfinityConsulting/cve-2023-22515 - https://github.com/Le1a/CVE-2023-22515 +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/Lotus6/ConfluenceMemshell - https://github.com/LucasPDiniz/CVE-2023-22515 @@ -54,6 +55,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/davidfortytwo/CVE-2023-22518 - https://github.com/dddinmx/POC-Pocsuite3 - https://github.com/edsonjt81/CVE-2023-22515-Scan. +- https://github.com/fyx1t/NSE--CVE-2023-22515 - https://github.com/getdrive/PoC - https://github.com/infosec-365/Schedule - https://github.com/iveresk/CVE-2023-22515 @@ -72,6 +74,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/tanjiti/sec_profile - https://github.com/thecybertix/One-Liner-Collections - https://github.com/thesakibrahman/THM-Free-Room +- https://github.com/whoami13apt/files2 - https://github.com/yoryio/CVE-2023-22527 - https://github.com/youcannotseemeagain/CVE-2023-22515_RCE diff --git a/2023/CVE-2023-22518.md b/2023/CVE-2023-22518.md index e701c38b36..cde3217e41 100644 --- a/2023/CVE-2023-22518.md +++ b/2023/CVE-2023-22518.md @@ -18,9 +18,11 @@ All versions of Confluence Data Center and Server are affected by this unexploit - https://github.com/0x0d3ad/CVE-2023-22518 - https://github.com/C1ph3rX13/CVE-2023-22518 - https://github.com/ForceFledgling/CVE-2023-22518 +- https://github.com/Lilly-dox/Exploit-CVE-2023-22518 - https://github.com/Marco-zcl/POC - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RevoltSecurities/CVE-2023-22518 - https://github.com/Threekiii/CVE - https://github.com/altima/awesome-stars - https://github.com/bibo318/CVE-2023-22518 @@ -33,6 +35,7 @@ All versions of Confluence Data Center and Server are affected by this unexploit - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/tanjiti/sec_profile - https://github.com/thecybertix/One-Liner-Collections +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-2252.md b/2023/CVE-2023-2252.md new file mode 100644 index 0000000000..337c40eadd --- /dev/null +++ b/2023/CVE-2023-2252.md @@ -0,0 +1,17 @@ +### [CVE-2023-2252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2252) +![](https://img.shields.io/static/v1?label=Product&message=Directorist&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9da6eede-10d0-4609-8b97-4a5d38fa8e69/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22527.md b/2023/CVE-2023-22527.md index fb227e6bb8..d9c4706905 100644 --- a/2023/CVE-2023-22527.md +++ b/2023/CVE-2023-22527.md @@ -14,6 +14,7 @@ A template injection vulnerability on older versions of Confluence Data Center a - http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html #### Github +- https://github.com/20142995/pocsuite3 - https://github.com/20142995/sectool - https://github.com/Avento/CVE-2023-22527_Confluence_RCE - https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL @@ -31,7 +32,9 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/Ostorlab/KEV - https://github.com/Privia-Security/CVE-2023-22527 - https://github.com/ReAbout/web-sec +- https://github.com/RevoltSecurities/CVE-2023-22527 - https://github.com/Sudistark/patch-diff-CVE-2023-22527 +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/Tropinene/Yscanner @@ -42,11 +45,14 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/adminlove520/CVE-2023-22527 - https://github.com/afonsovitorio/cve_sandbox - https://github.com/bad-sector-labs/ansible-role-vulhub +- https://github.com/badsectorlabs/ludus_vulhub - https://github.com/cleverg0d/CVE-2023-22527 - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/dddinmx/POC-Pocsuite3 - https://github.com/farukokutan/Threat-Intelligence-Research-Reports - https://github.com/ga0we1/CVE-2023-22527_Confluence_RCE - https://github.com/gobysec/Goby +- https://github.com/jarrodcoulter/jankyjred-cyphercon - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub @@ -54,6 +60,10 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/sanjai-AK47/CVE-2023-22527 - https://github.com/tanjiti/sec_profile - https://github.com/thanhlam-attt/CVE-2023-22527 +- https://github.com/toxyl/lscve +- https://github.com/vulncheck-oss/cve-2023-22527 +- https://github.com/vulncheck-oss/go-exploit +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-2254.md b/2023/CVE-2023-2254.md new file mode 100644 index 0000000000..752cb9ceaf --- /dev/null +++ b/2023/CVE-2023-2254.md @@ -0,0 +1,17 @@ +### [CVE-2023-2254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2254) +![](https://img.shields.io/static/v1?label=Product&message=Ko-fi%20Button&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8886ec5f-8465-448f-adbd-68a3e84c5dec + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2256.md b/2023/CVE-2023-2256.md new file mode 100644 index 0000000000..f9dff907eb --- /dev/null +++ b/2023/CVE-2023-2256.md @@ -0,0 +1,17 @@ +### [CVE-2023-2256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2256) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Addons%20%26%20Fields%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2032.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22602.md b/2023/CVE-2023-22602.md index f643fcf216..293502fd5d 100644 --- a/2023/CVE-2023-22602.md +++ b/2023/CVE-2023-22602.md @@ -15,4 +15,16 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/Threekiii/CVE +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 diff --git a/2023/CVE-2023-22622.md b/2023/CVE-2023-22622.md index 3b30a69a34..816695cb96 100644 --- a/2023/CVE-2023-22622.md +++ b/2023/CVE-2023-22622.md @@ -16,4 +16,5 @@ WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron. - https://github.com/ARPSyndicate/cvemon - https://github.com/alopresto/epss_api_demo - https://github.com/alopresto6m/epss_api_demo +- https://github.com/michael-david-fry/wp-cron-smash diff --git a/2023/CVE-2023-22655.md b/2023/CVE-2023-22655.md new file mode 100644 index 0000000000..28ad2334bf --- /dev/null +++ b/2023/CVE-2023-22655.md @@ -0,0 +1,18 @@ +### [CVE-2023-22655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22655) +![](https://img.shields.io/static/v1?label=Product&message=3rd%20and%204th%20Generation%20Intel(R)%20Xeon(R)%20Processors%20when%20using%20Intel(R)%20SGX%20or%20Intel(R)%20TDX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20references%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Protection%20mechanism%20failure&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2271.md b/2023/CVE-2023-2271.md new file mode 100644 index 0000000000..341b39482e --- /dev/null +++ b/2023/CVE-2023-2271.md @@ -0,0 +1,17 @@ +### [CVE-2023-2271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2271) +![](https://img.shields.io/static/v1?label=Product&message=Tiempo.com&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/31512f33-c310-4b36-b665-19293097cc8b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2272.md b/2023/CVE-2023-2272.md new file mode 100644 index 0000000000..e8ba6c9650 --- /dev/null +++ b/2023/CVE-2023-2272.md @@ -0,0 +1,17 @@ +### [CVE-2023-2272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2272) +![](https://img.shields.io/static/v1?label=Product&message=Tiempo.com&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22809.md b/2023/CVE-2023-22809.md index 15ccfa87b5..13e570d2e8 100644 --- a/2023/CVE-2023-22809.md +++ b/2023/CVE-2023-22809.md @@ -17,6 +17,7 @@ In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra argument - http://www.openwall.com/lists/oss-security/2023/01/19/1 #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon - https://github.com/CKevens/CVE-2023-22809-sudo-POC @@ -52,6 +53,8 @@ In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra argument - https://github.com/revanmalang/OSCP - https://github.com/stefan11111/rdoedit - https://github.com/txuswashere/OSCP +- https://github.com/whoforget/CVE-POC - https://github.com/x00tex/hackTheBox - https://github.com/xhref/OSCP +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-2287.md b/2023/CVE-2023-2287.md new file mode 100644 index 0000000000..527a3d3c32 --- /dev/null +++ b/2023/CVE-2023-2287.md @@ -0,0 +1,17 @@ +### [CVE-2023-2287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2287) +![](https://img.shields.io/static/v1?label=Product&message=Orbit%20Fox%20by%20ThemeIsle&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.10.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2288.md b/2023/CVE-2023-2288.md new file mode 100644 index 0000000000..774b48d24f --- /dev/null +++ b/2023/CVE-2023-2288.md @@ -0,0 +1,17 @@ +### [CVE-2023-2288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2288) +![](https://img.shields.io/static/v1?label=Product&message=Otter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/93acb4ee-1053-48e1-8b69-c09dc3b2f302 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22947.md b/2023/CVE-2023-22947.md index 98f8f370f8..f7e4ff5e00 100644 --- a/2023/CVE-2023-22947.md +++ b/2023/CVE-2023-22947.md @@ -14,5 +14,5 @@ - https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-2296.md b/2023/CVE-2023-2296.md new file mode 100644 index 0000000000..9ec0026529 --- /dev/null +++ b/2023/CVE-2023-2296.md @@ -0,0 +1,17 @@ +### [CVE-2023-2296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2296) +![](https://img.shields.io/static/v1?label=Product&message=Loginizer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.7.8%3C%201.7.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8126ff73-c0e5-4c1b-ba10-2e51f690521e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-22960.md b/2023/CVE-2023-22960.md index 5e44c6bc85..1317ca8c99 100644 --- a/2023/CVE-2023-22960.md +++ b/2023/CVE-2023-22960.md @@ -26,4 +26,6 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/t3l3machus/CVE-2023-22960 - https://github.com/t3l3machus/t3l3machus +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-22984.md b/2023/CVE-2023-22984.md index 5e03ba4ee2..82908ecc57 100644 --- a/2023/CVE-2023-22984.md +++ b/2023/CVE-2023-22984.md @@ -13,5 +13,5 @@ - https://d0ub1e-d.github.io/2022/12/30/exploit-db-1/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-23005.md b/2023/CVE-2023-23005.md index 7e3b62b5b5..a6f9bad36f 100644 --- a/2023/CVE-2023-23005.md +++ b/2023/CVE-2023-23005.md @@ -13,5 +13,5 @@ - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-23063.md b/2023/CVE-2023-23063.md index eb8817ad25..6e252ea0bb 100644 --- a/2023/CVE-2023-23063.md +++ b/2023/CVE-2023-23063.md @@ -5,7 +5,7 @@ ### Description -Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. +Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. ### POC diff --git a/2023/CVE-2023-2309.md b/2023/CVE-2023-2309.md index fa3d803c81..71a884e0ad 100644 --- a/2023/CVE-2023-2309.md +++ b/2023/CVE-2023-2309.md @@ -10,7 +10,7 @@ The wpForo Forum WordPress plugin before 2.1.9 does not escape some request para ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-23126.md b/2023/CVE-2023-23126.md index 54baf71166..ab70bbb934 100644 --- a/2023/CVE-2023-23126.md +++ b/2023/CVE-2023-23126.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/l00neyhacker/CVE-2023-23126 diff --git a/2023/CVE-2023-23127.md b/2023/CVE-2023-23127.md index dbeb0ea8b9..72efabd5ee 100644 --- a/2023/CVE-2023-23127.md +++ b/2023/CVE-2023-23127.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hktalent/TOP - https://github.com/l00neyhacker/CVE-2023-23127 diff --git a/2023/CVE-2023-23128.md b/2023/CVE-2023-23128.md index b81b5ab020..46d4235f7d 100644 --- a/2023/CVE-2023-23128.md +++ b/2023/CVE-2023-23128.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hktalent/TOP - https://github.com/l00neyhacker/CVE-2023-23128 diff --git a/2023/CVE-2023-23130.md b/2023/CVE-2023-23130.md index 6d7e334d79..8c1ee15198 100644 --- a/2023/CVE-2023-23130.md +++ b/2023/CVE-2023-23130.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/l00neyhacker/CVE-2023-23130 diff --git a/2023/CVE-2023-2320.md b/2023/CVE-2023-2320.md new file mode 100644 index 0000000000..5ee835352d --- /dev/null +++ b/2023/CVE-2023-2320.md @@ -0,0 +1,18 @@ +### [CVE-2023-2320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2320) +![](https://img.shields.io/static/v1?label=Product&message=CF7%20Google%20Sheets%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=cf7-google-sheets-connector-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f17ccbaa-2fcd-4f17-a4da-73f2bc8a4fe9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2321.md b/2023/CVE-2023-2321.md new file mode 100644 index 0000000000..ad57714d78 --- /dev/null +++ b/2023/CVE-2023-2321.md @@ -0,0 +1,18 @@ +### [CVE-2023-2321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2321) +![](https://img.shields.io/static/v1?label=Product&message=WPForms%20Google%20Sheet%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=gsheetconnector-wpforms-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/79a56359-f7e8-4c8c-b0aa-6300f5d57880 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2324.md b/2023/CVE-2023-2324.md new file mode 100644 index 0000000000..e8662cf1dd --- /dev/null +++ b/2023/CVE-2023-2324.md @@ -0,0 +1,18 @@ +### [CVE-2023-2324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2324) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Forms%20Google%20Sheet%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=gsheetconnector-for-elementor-forms-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/50d81eec-f324-4445-b10f-96e94153917e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2326.md b/2023/CVE-2023-2326.md new file mode 100644 index 0000000000..ab722c520e --- /dev/null +++ b/2023/CVE-2023-2326.md @@ -0,0 +1,18 @@ +### [CVE-2023-2326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2326) +![](https://img.shields.io/static/v1?label=Product&message=Gravity%20Forms%20Google%20Sheet%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=gsheetconnector-gravityforms-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f922695a-b803-4edf-aadc-80c79d99bebb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2329.md b/2023/CVE-2023-2329.md new file mode 100644 index 0000000000..99f2b62e61 --- /dev/null +++ b/2023/CVE-2023-2329.md @@ -0,0 +1,17 @@ +### [CVE-2023-2329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2329) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Google%20Sheet%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6e58f099-e8d6-49e4-9f02-d6a556c5b1d2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2330.md b/2023/CVE-2023-2330.md new file mode 100644 index 0000000000..e101fb423e --- /dev/null +++ b/2023/CVE-2023-2330.md @@ -0,0 +1,17 @@ +### [CVE-2023-2330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2330) +![](https://img.shields.io/static/v1?label=Product&message=Caldera%20Forms%20Google%20Sheets%20Connector&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2333.md b/2023/CVE-2023-2333.md index 7b32b4c019..12e0d5fb61 100644 --- a/2023/CVE-2023-2333.md +++ b/2023/CVE-2023-2333.md @@ -11,7 +11,7 @@ The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconn ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/13c4e065-fde6-41a4-a22b-bca1b10e0d30 #### Github - https://github.com/codeb0ss/CVE-2023-2333-EXP diff --git a/2023/CVE-2023-23333.md b/2023/CVE-2023-23333.md index ac6acfb901..de2f661426 100644 --- a/2023/CVE-2023-23333.md +++ b/2023/CVE-2023-23333.md @@ -33,4 +33,6 @@ There is a command injection vulnerability in SolarView Compact through 6.00, at - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-23349.md b/2023/CVE-2023-23349.md new file mode 100644 index 0000000000..3b043f53df --- /dev/null +++ b/2023/CVE-2023-23349.md @@ -0,0 +1,17 @@ +### [CVE-2023-23349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23349) +![](https://img.shields.io/static/v1?label=Product&message=Kaspersky%20Password%20Manager%20for%20Windows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%2024.0.0.427%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-316%3A%20Cleartext%20Storage%20of%20Sensitive%20Information%20in%20Memory&color=brighgreen) + +### Description + +Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST + diff --git a/2023/CVE-2023-2337.md b/2023/CVE-2023-2337.md new file mode 100644 index 0000000000..05863a4e85 --- /dev/null +++ b/2023/CVE-2023-2337.md @@ -0,0 +1,17 @@ +### [CVE-2023-2337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2337) +![](https://img.shields.io/static/v1?label=Product&message=ConvertKit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e5a6f834-80a4-406b-acae-57ffeec2e689 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-23397.md b/2023/CVE-2023-23397.md index 740bc3d319..313b7f1250 100644 --- a/2023/CVE-2023-23397.md +++ b/2023/CVE-2023-23397.md @@ -25,6 +25,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/AleHelp/Windows-Pentesting-cheatsheet - https://github.com/AnaJunquera/FancyBears_RootedCON2023 +- https://github.com/BC-SECURITY/Moriarty - https://github.com/BillSkiCO/CVE-2023-23397_EXPLOIT - https://github.com/BronzeBee/cve-2023-23397 - https://github.com/CKevens/CVE-2023-23397-POC @@ -42,6 +43,7 @@ No PoCs from references. - https://github.com/SecCTechs/CVE-2023-23397 - https://github.com/Sicos1977/MsgKit - https://github.com/SirElmard/ethical_hacking +- https://github.com/TheUnknownSoul/CVE-2023-23397-PoW - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Trackflaw/CVE-2023-23397 diff --git a/2023/CVE-2023-23410.md b/2023/CVE-2023-23410.md index 6e9fcc66ee..e2536e598e 100644 --- a/2023/CVE-2023-23410.md +++ b/2023/CVE-2023-23410.md @@ -48,4 +48,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/SapDragon/http.sys-research - https://github.com/immortalp0ny/mypocs +- https://github.com/sapdragon/http.sys-research diff --git a/2023/CVE-2023-23456.md b/2023/CVE-2023-23456.md index 632a849912..be832ee5de 100644 --- a/2023/CVE-2023-23456.md +++ b/2023/CVE-2023-23456.md @@ -1,7 +1,7 @@ ### [CVE-2023-23456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23456) -![](https://img.shields.io/static/v1?label=Product&message=UPX&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20-%20Heap-based%20Buffer%20Overflow%2C%20CWE-787%20-%20Out-of-bounds%20Write&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen) ### Description diff --git a/2023/CVE-2023-23457.md b/2023/CVE-2023-23457.md index 75d37bb9a1..700cd7d55e 100644 --- a/2023/CVE-2023-23457.md +++ b/2023/CVE-2023-23457.md @@ -1,7 +1,7 @@ ### [CVE-2023-23457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23457) -![](https://img.shields.io/static/v1?label=Product&message=UPX&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20-%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) ### Description diff --git a/2023/CVE-2023-23488.md b/2023/CVE-2023-23488.md index d88c04552c..4b0062126e 100644 --- a/2023/CVE-2023-23488.md +++ b/2023/CVE-2023-23488.md @@ -30,4 +30,6 @@ The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an un - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/r3nt0n/CVE-2023-23488-PoC +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-23536.md b/2023/CVE-2023-23536.md index 2134521951..70bd5cf685 100644 --- a/2023/CVE-2023-23536.md +++ b/2023/CVE-2023-23536.md @@ -20,6 +20,7 @@ No PoCs from references. #### Github - https://github.com/Balistic123/Iphone11IOS16.1KFDFONT - https://github.com/Phuc559959d/kfund +- https://github.com/Spoou/123 - https://github.com/ZZY3312/CVE-2023-32434 - https://github.com/evelyneee/kfd-on-crack - https://github.com/felix-pb/kfd diff --git a/2023/CVE-2023-23585.md b/2023/CVE-2023-23585.md index e88ca5a529..65a9210140 100644 --- a/2023/CVE-2023-23585.md +++ b/2023/CVE-2023-23585.md @@ -10,7 +10,7 @@ ### Description -Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. +Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. ### POC diff --git a/2023/CVE-2023-2359.md b/2023/CVE-2023-2359.md new file mode 100644 index 0000000000..c14ebe1b58 --- /dev/null +++ b/2023/CVE-2023-2359.md @@ -0,0 +1,17 @@ +### [CVE-2023-2359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2359) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20Revolution&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-23590.md b/2023/CVE-2023-23590.md index 8eb2e09967..1ba18cec9b 100644 --- a/2023/CVE-2023-23590.md +++ b/2023/CVE-2023-23590.md @@ -13,6 +13,7 @@ Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-23596.md b/2023/CVE-2023-23596.md new file mode 100644 index 0000000000..585b83be06 --- /dev/null +++ b/2023/CVE-2023-23596.md @@ -0,0 +1,17 @@ +### [CVE-2023-23596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23596) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5. + +### POC + +#### Reference +- https://advisory.dw1.io/57 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2362.md b/2023/CVE-2023-2362.md new file mode 100644 index 0000000000..eb29d2f392 --- /dev/null +++ b/2023/CVE-2023-2362.md @@ -0,0 +1,38 @@ +### [CVE-2023-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2362) +![](https://img.shields.io/static/v1?label=Product&message=Bubble%20Menu&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Button%20Generator&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Calculator%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Counter%20Box&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Float%20menu&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Floating%20Button&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Herd%20Effects&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20Box&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Side%20Menu%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Sticky%20Buttons&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Coder&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Wow%20Skype%20Buttons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-23638.md b/2023/CVE-2023-23638.md index df385616fa..e554fafb23 100644 --- a/2023/CVE-2023-23638.md +++ b/2023/CVE-2023-23638.md @@ -32,5 +32,6 @@ No PoCs from references. - https://github.com/karimhabush/cyberowl - https://github.com/muneebaashiq/MBProjects - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoami13apt/files2 - https://github.com/x3t2con/Rttools-2 diff --git a/2023/CVE-2023-23752.md b/2023/CVE-2023-23752.md index 1d260cd7fb..cce95a4b71 100644 --- a/2023/CVE-2023-23752.md +++ b/2023/CVE-2023-23752.md @@ -13,8 +13,10 @@ An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/0x783kb/Security-operation-book - https://github.com/0xNahim/CVE-2023-23752 +- https://github.com/0xWhoami35/CVE-2023-23752 - https://github.com/0xWhoami35/Devvorte-Writeup - https://github.com/20142995/Goby - https://github.com/20142995/pocsuite3 @@ -24,6 +26,7 @@ No PoCs from references. - https://github.com/Acceis/exploit-CVE-2023-23752 - https://github.com/AkbarWiraN/Joomla-Scanner - https://github.com/AlissoftCodes/CVE-2023-23752 +- https://github.com/AlissonFaoli/CVE-2023-23752 - https://github.com/Anekant-Singhai/Exploits - https://github.com/Archan6el/Devvortex-Writeup - https://github.com/Archan6el/Devvortex-Writeup-HackTheBox @@ -41,7 +44,9 @@ No PoCs from references. - https://github.com/Henry4E36/POCS - https://github.com/Jenderal92/Joomla-CVE-2023-23752 - https://github.com/JeneralMotors/CVE-2023-23752 +- https://github.com/JohnDoeAnonITA/CVE-2023-23752 - https://github.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT +- https://github.com/K3ysTr0K3R/K3ysTr0K3R - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script - https://github.com/Marco-zcl/POC @@ -94,7 +99,9 @@ No PoCs from references. - https://github.com/luck-ying/Goby2.0-POC - https://github.com/luck-ying/Library-POC - https://github.com/malionnn/-Joomla-v4.2.8---Divulgation-d-informations-non-authentifi-es +- https://github.com/mariovata/CVE-2023-23752-Python - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nu0y4/HScan - https://github.com/r3dston3/CVE-2023-23752 - https://github.com/raystr-atearedteam/CVE2023-23752 - https://github.com/shellvik/CVE-2023-23752 @@ -106,7 +113,9 @@ No PoCs from references. - https://github.com/trganda/dockerv - https://github.com/txuswashere/OSCP - https://github.com/wangking1/CVE-2023-23752-poc +- https://github.com/whoami13apt/files2 - https://github.com/wibuheker/Joomla-CVE-2023-23752 +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- - https://github.com/yTxZx/CVE-2023-23752 diff --git a/2023/CVE-2023-23914.md b/2023/CVE-2023-23914.md index b27a52a5a5..bf190c7784 100644 --- a/2023/CVE-2023-23914.md +++ b/2023/CVE-2023-23914.md @@ -19,5 +19,6 @@ No PoCs from references. - https://github.com/a23au/awe-base-images - https://github.com/ctflearner/Learn365 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/neo9/fluentd - https://github.com/stkcat/awe-base-images diff --git a/2023/CVE-2023-23924.md b/2023/CVE-2023-23924.md index e1f57eb2b8..1c1c674c5b 100644 --- a/2023/CVE-2023-23924.md +++ b/2023/CVE-2023-23924.md @@ -19,5 +19,7 @@ Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be by - https://github.com/manas3c/CVE-POC - https://github.com/motikan2010/CVE-2023-23924 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC - https://github.com/zeverse/CVE-2023-23924-sample diff --git a/2023/CVE-2023-23932.md b/2023/CVE-2023-23932.md index b210645241..bc1c2683f7 100644 --- a/2023/CVE-2023-23932.md +++ b/2023/CVE-2023-23932.md @@ -13,6 +13,7 @@ OpenDDS is an open source C++ implementation of the Object Management Group (OMG No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-23946.md b/2023/CVE-2023-23946.md index 7d5cef0f13..ff06825bc4 100644 --- a/2023/CVE-2023-23946.md +++ b/2023/CVE-2023-23946.md @@ -18,5 +18,6 @@ No PoCs from references. - https://github.com/KK-Designs/UpdateHub - https://github.com/bruno-1337/CVE-2023-23946-POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/mdisec/mdisec-twitch-yayinlari - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-2398.md b/2023/CVE-2023-2398.md new file mode 100644 index 0000000000..f345582c19 --- /dev/null +++ b/2023/CVE-2023-2398.md @@ -0,0 +1,17 @@ +### [CVE-2023-2398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2398) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Engage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/16d47d20-58aa-4d04-9275-fd91ce926ff3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-23989.md b/2023/CVE-2023-23989.md new file mode 100644 index 0000000000..3a47f4801e --- /dev/null +++ b/2023/CVE-2023-23989.md @@ -0,0 +1,17 @@ +### [CVE-2023-23989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23989) +![](https://img.shields.io/static/v1?label=Product&message=RegistrationMagic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2399.md b/2023/CVE-2023-2399.md new file mode 100644 index 0000000000..e704b66a58 --- /dev/null +++ b/2023/CVE-2023-2399.md @@ -0,0 +1,17 @@ +### [CVE-2023-2399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2399) +![](https://img.shields.io/static/v1?label=Product&message=QuBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-23998.md b/2023/CVE-2023-23998.md index 0efd84c4b3..7089ed363c 100644 --- a/2023/CVE-2023-23998.md +++ b/2023/CVE-2023-23998.md @@ -13,6 +13,7 @@ Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. Vik No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2401.md b/2023/CVE-2023-2401.md new file mode 100644 index 0000000000..5ea00403e6 --- /dev/null +++ b/2023/CVE-2023-2401.md @@ -0,0 +1,17 @@ +### [CVE-2023-2401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2401) +![](https://img.shields.io/static/v1?label=Product&message=QuBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0746ea56-dd88-4fc3-86a3-54408eef1f94 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-24039.md b/2023/CVE-2023-24039.md index b61e1699f6..c61b948d20 100644 --- a/2023/CVE-2023-24039.md +++ b/2023/CVE-2023-24039.md @@ -17,5 +17,6 @@ - https://github.com/0xdea/advisories - https://github.com/0xdea/exploits - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hnsecurity/vulns diff --git a/2023/CVE-2023-24040.md b/2023/CVE-2023-24040.md index e9f3951aea..ead0916c98 100644 --- a/2023/CVE-2023-24040.md +++ b/2023/CVE-2023-24040.md @@ -16,5 +16,6 @@ #### Github - https://github.com/0xdea/advisories - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hnsecurity/vulns diff --git a/2023/CVE-2023-24042.md b/2023/CVE-2023-24042.md new file mode 100644 index 0000000000..a1565bb043 --- /dev/null +++ b/2023/CVE-2023-24042.md @@ -0,0 +1,19 @@ +### [CVE-2023-24042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24042) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RoyTonmoy/Vulnerability-of-LightFTP-2.2 +- https://github.com/mkovy39/Concordia-INSE6140-Project +- https://github.com/mkovy39/INSE6140-Project + diff --git a/2023/CVE-2023-24044.md b/2023/CVE-2023-24044.md index 6f488cd217..53ebb3549a 100644 --- a/2023/CVE-2023-24044.md +++ b/2023/CVE-2023-24044.md @@ -16,4 +16,6 @@ #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-24055.md b/2023/CVE-2023-24055.md index ac08060579..16d2203a76 100644 --- a/2023/CVE-2023-24055.md +++ b/2023/CVE-2023-24055.md @@ -23,11 +23,14 @@ - https://github.com/deetl/CVE-2023-24055 - https://github.com/digital-dev/KeePass-TriggerLess - https://github.com/duckbillsecurity/CVE-2023-24055 +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/jonasw234/attackerkb_checker - https://github.com/julesbozouklian/PoC_CVE-2023-24055 - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC - https://github.com/n3rada/Invoke-KeePassBackup - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC - https://github.com/zwlsix/KeePass-CVE-2023-24055 diff --git a/2023/CVE-2023-24068.md b/2023/CVE-2023-24068.md index 7ebf537349..24481ab494 100644 --- a/2023/CVE-2023-24068.md +++ b/2023/CVE-2023-24068.md @@ -14,5 +14,6 @@ #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-24069.md b/2023/CVE-2023-24069.md index cc8a6109c5..190f85ab97 100644 --- a/2023/CVE-2023-24069.md +++ b/2023/CVE-2023-24069.md @@ -13,5 +13,6 @@ - https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ #### Github +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-24078.md b/2023/CVE-2023-24078.md index fc740f2638..75c2888591 100644 --- a/2023/CVE-2023-24078.md +++ b/2023/CVE-2023-24078.md @@ -15,6 +15,7 @@ Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/SanjinDedic/FuguHub-8.4-Authenticated-RCE-CVE-2024-27697 - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android - https://github.com/ag-rodriguez/CVE-2023-24078 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-24095.md b/2023/CVE-2023-24095.md index 9d9e299cf5..435ee8e900 100644 --- a/2023/CVE-2023-24095.md +++ b/2023/CVE-2023-24095.md @@ -13,5 +13,5 @@ - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24096.md b/2023/CVE-2023-24096.md index 5d3323df8e..0dbb0a1cd9 100644 --- a/2023/CVE-2023-24096.md +++ b/2023/CVE-2023-24096.md @@ -13,5 +13,5 @@ - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/06/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24097.md b/2023/CVE-2023-24097.md index 49cec89ceb..77aaeda18a 100644 --- a/2023/CVE-2023-24097.md +++ b/2023/CVE-2023-24097.md @@ -13,5 +13,5 @@ - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/03/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24098.md b/2023/CVE-2023-24098.md index 92d14a1584..f9c9c61c3b 100644 --- a/2023/CVE-2023-24098.md +++ b/2023/CVE-2023-24098.md @@ -13,5 +13,5 @@ - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24099.md b/2023/CVE-2023-24099.md index 4ff2167af6..160782a950 100644 --- a/2023/CVE-2023-24099.md +++ b/2023/CVE-2023-24099.md @@ -13,5 +13,5 @@ - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/07/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24203.md b/2023/CVE-2023-24203.md new file mode 100644 index 0000000000..90c9274e20 --- /dev/null +++ b/2023/CVE-2023-24203.md @@ -0,0 +1,17 @@ +### [CVE-2023-24203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24203) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-24204.md b/2023/CVE-2023-24204.md new file mode 100644 index 0000000000..3e84ef328e --- /dev/null +++ b/2023/CVE-2023-24204.md @@ -0,0 +1,17 @@ +### [CVE-2023-24204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24204) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2422.md b/2023/CVE-2023-2422.md index 2ae08f1c9e..9761f01113 100644 --- a/2023/CVE-2023-2422.md +++ b/2023/CVE-2023-2422.md @@ -4,7 +4,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Certificate%20Validation&color=brighgreen) diff --git a/2023/CVE-2023-24229.md b/2023/CVE-2023-24229.md index 9306189435..726a07d6a0 100644 --- a/2023/CVE-2023-24229.md +++ b/2023/CVE-2023-24229.md @@ -14,5 +14,5 @@ - https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-24249.md b/2023/CVE-2023-24249.md new file mode 100644 index 0000000000..b963c7bd0c --- /dev/null +++ b/2023/CVE-2023-24249.md @@ -0,0 +1,17 @@ +### [CVE-2023-24249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24249) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. + +### POC + +#### Reference +- https://flyd.uk/post/cve-2023-24249/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2437.md b/2023/CVE-2023-2437.md index 2543f16547..b1ff16dd9d 100644 --- a/2023/CVE-2023-2437.md +++ b/2023/CVE-2023-2437.md @@ -14,5 +14,6 @@ The UserPro plugin for WordPress is vulnerable to authentication bypass in versi - https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 #### Github +- https://github.com/RxRCoder/CVE-2023-2437 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-24480.md b/2023/CVE-2023-24480.md index 1546b9be46..f1134c2ed2 100644 --- a/2023/CVE-2023-24480.md +++ b/2023/CVE-2023-24480.md @@ -5,7 +5,7 @@ ### Description -Controller DoS due to stack overflow when decoding a message from the server +Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. ### POC diff --git a/2023/CVE-2023-24538.md b/2023/CVE-2023-24538.md index a64ccb0c0a..e6bd80c319 100644 --- a/2023/CVE-2023-24538.md +++ b/2023/CVE-2023-24538.md @@ -13,6 +13,7 @@ Templates do not properly consider backticks (`) as Javascript string delimiters No PoCs from references. #### Github +- https://github.com/MNeverOff/ipmi-server - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/skulkarni-mv/goIssue_dunfell - https://github.com/skulkarni-mv/goIssue_kirkstone diff --git a/2023/CVE-2023-24540.md b/2023/CVE-2023-24540.md index 569e8c734a..a63de5c8d1 100644 --- a/2023/CVE-2023-24540.md +++ b/2023/CVE-2023-24540.md @@ -13,5 +13,6 @@ Not all valid JavaScript whitespace characters are considered to be whitespace. No PoCs from references. #### Github +- https://github.com/MNeverOff/ipmi-server - https://github.com/nao1215/golling diff --git a/2023/CVE-2023-24610.md b/2023/CVE-2023-24610.md index 7b865dfa6f..10ab6f8648 100644 --- a/2023/CVE-2023-24610.md +++ b/2023/CVE-2023-24610.md @@ -18,4 +18,6 @@ No PoCs from references. - https://github.com/k0mi-tg/CVE-POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-2470.md b/2023/CVE-2023-2470.md new file mode 100644 index 0000000000..db4bee7ea9 --- /dev/null +++ b/2023/CVE-2023-2470.md @@ -0,0 +1,17 @@ +### [CVE-2023-2470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2470) +![](https://img.shields.io/static/v1?label=Product&message=Add%20to%20Feedly&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/de0adf26-8a0b-4b90-96d5-4bec6e770e04 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2472.md b/2023/CVE-2023-2472.md new file mode 100644 index 0000000000..c67b0877a2 --- /dev/null +++ b/2023/CVE-2023-2472.md @@ -0,0 +1,17 @@ +### [CVE-2023-2472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2472) +![](https://img.shields.io/static/v1?label=Product&message=Newsletter%2C%20SMTP%2C%20Email%20marketing%20and%20Subscribe%20forms%20by%20Sendinblue&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.61%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b0e7665a-c8c3-4132-b8d7-8677a90118df + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-24762.md b/2023/CVE-2023-24762.md index f5d0bd478e..19a08a98d9 100644 --- a/2023/CVE-2023-24762.md +++ b/2023/CVE-2023-24762.md @@ -14,5 +14,6 @@ OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows at #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/H4lo/awesome-IoT-security-article - https://github.com/pz1o/cve_record diff --git a/2023/CVE-2023-2479.md b/2023/CVE-2023-2479.md index dbc7757d4b..e13441e217 100644 --- a/2023/CVE-2023-2479.md +++ b/2023/CVE-2023-2479.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/tanjiti/sec_profile +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- - https://github.com/zn9988/publications diff --git a/2023/CVE-2023-24816.md b/2023/CVE-2023-24816.md index 3973e64cfe..89d791122b 100644 --- a/2023/CVE-2023-24816.md +++ b/2023/CVE-2023-24816.md @@ -14,5 +14,5 @@ IPython (Interactive Python) is a command shell for interactive computing in mul - https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 #### Github -No PoCs found on GitHub currently. +- https://github.com/seal-community/patches diff --git a/2023/CVE-2023-2482.md b/2023/CVE-2023-2482.md new file mode 100644 index 0000000000..909c669fdb --- /dev/null +++ b/2023/CVE-2023-2482.md @@ -0,0 +1,17 @@ +### [CVE-2023-2482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2482) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20CSS%20EDITOR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c0f73781-be7e-482e-91de-ad7991ad4bd5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2488.md b/2023/CVE-2023-2488.md new file mode 100644 index 0000000000..f457d78db6 --- /dev/null +++ b/2023/CVE-2023-2488.md @@ -0,0 +1,17 @@ +### [CVE-2023-2488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2488) +![](https://img.shields.io/static/v1?label=Product&message=Stop%20Spammers%20Security%20%7C%20Block%20Spam%20Users%2C%20Comments%2C%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/60226669-0b7b-441f-93d4-b5933e69478f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2489.md b/2023/CVE-2023-2489.md new file mode 100644 index 0000000000..0ab00a3261 --- /dev/null +++ b/2023/CVE-2023-2489.md @@ -0,0 +1,17 @@ +### [CVE-2023-2489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2489) +![](https://img.shields.io/static/v1?label=Product&message=Stop%20Spammers%20Security%20%7C%20Block%20Spam%20Users%2C%20Comments%2C%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dcbe3334-357a-4744-b50c-309d10cca30d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2492.md b/2023/CVE-2023-2492.md new file mode 100644 index 0000000000..ea52394eb7 --- /dev/null +++ b/2023/CVE-2023-2492.md @@ -0,0 +1,17 @@ +### [CVE-2023-2492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2492) +![](https://img.shields.io/static/v1?label=Product&message=QueryWall%3A%20Plug'n%20Play%20Firewall&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fa7c54c2-5653-4d3d-8163-f3d63272c050 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2493.md b/2023/CVE-2023-2493.md new file mode 100644 index 0000000000..e8de52be63 --- /dev/null +++ b/2023/CVE-2023-2493.md @@ -0,0 +1,17 @@ +### [CVE-2023-2493](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2493) +![](https://img.shields.io/static/v1?label=Product&message=All%20In%20One%20Redirection&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a9a205a4-eef9-4f30-877a-4c562930650c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-24932.md b/2023/CVE-2023-24932.md index 7d77f060fa..4cd212bf0d 100644 --- a/2023/CVE-2023-24932.md +++ b/2023/CVE-2023-24932.md @@ -5,9 +5,12 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) @@ -19,17 +22,21 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20048%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6085%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4645%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.3208%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.3208%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2965%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2965%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1850%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2176%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1992%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3447%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22175%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26623%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26623%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24374%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.21063%20&color=brighgreen) @@ -45,7 +52,9 @@ Secure Boot Security Feature Bypass Vulnerability No PoCs from references. #### Github +- https://github.com/ChristelVDH/Invoke-BlackLotusMitigation - https://github.com/HotCakeX/Harden-Windows-Security - https://github.com/MHimken/WinRE-Customization - https://github.com/Wack0/CVE-2022-21894 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-2495.md b/2023/CVE-2023-2495.md new file mode 100644 index 0000000000..bae344c6e9 --- /dev/null +++ b/2023/CVE-2023-2495.md @@ -0,0 +1,18 @@ +### [CVE-2023-2495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2495) +![](https://img.shields.io/static/v1?label=Product&message=Greeklish-permalink&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/45878983-7e9b-49c2-8f99-4c28aab24f09 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-24955.md b/2023/CVE-2023-24955.md index d9af78f8ff..90d72466e7 100644 --- a/2023/CVE-2023-24955.md +++ b/2023/CVE-2023-24955.md @@ -17,8 +17,12 @@ Microsoft SharePoint Server Remote Code Execution Vulnerability No PoCs from references. #### Github +- https://github.com/AndreOve/CVE-2023-24955-real-RCE - https://github.com/Chocapikk/CVE-2023-29357 - https://github.com/LuemmelSec/CVE-2023-29357 +- https://github.com/Ostorlab/KEV +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/former-farmer/CVE-2023-24955-PoC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/postmodern/cisa-kev.rb diff --git a/2023/CVE-2023-24998.md b/2023/CVE-2023-24998.md index 807852f6f2..2a24a05c9d 100644 --- a/2023/CVE-2023-24998.md +++ b/2023/CVE-2023-24998.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/muneebaashiq/MBProjects - https://github.com/nice1st/CVE-2023-24998 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/speedyfriend67/Experiments diff --git a/2023/CVE-2023-2503.md b/2023/CVE-2023-2503.md new file mode 100644 index 0000000000..a7bc924e4b --- /dev/null +++ b/2023/CVE-2023-2503.md @@ -0,0 +1,17 @@ +### [CVE-2023-2503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2503) +![](https://img.shields.io/static/v1?label=Product&message=10Web%20Social%20Post%20Feed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/07b1caf1-d00b-4075-b71a-0516d5604286 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25078.md b/2023/CVE-2023-25078.md index 55a067a4be..b031d3bf0c 100644 --- a/2023/CVE-2023-25078.md +++ b/2023/CVE-2023-25078.md @@ -10,7 +10,7 @@ ### Description -Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. +Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. ### POC diff --git a/2023/CVE-2023-25135.md b/2023/CVE-2023-25135.md index feeae3ac3a..e03a0a1139 100644 --- a/2023/CVE-2023-25135.md +++ b/2023/CVE-2023-25135.md @@ -20,4 +20,5 @@ vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute - https://github.com/izj007/wechat - https://github.com/netlas-io/netlas-dorks - https://github.com/tawkhidd/CVE +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-25136.md b/2023/CVE-2023-25136.md index 61f47a876c..fb690b14c0 100644 --- a/2023/CVE-2023-25136.md +++ b/2023/CVE-2023-25136.md @@ -37,5 +37,7 @@ OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/ticofookfook/CVE-2023-25136 +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC - https://github.com/zacharimayer/ssh-exploit diff --git a/2023/CVE-2023-25157.md b/2023/CVE-2023-25157.md index eb47cbdd70..1d9c9691f3 100644 --- a/2023/CVE-2023-25157.md +++ b/2023/CVE-2023-25157.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/GhostTroops/TOP - https://github.com/IGSIND/Qualys - https://github.com/Rubikcuv5/CVE-2023-25157 +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/aneasystone/github-trending - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2023/CVE-2023-25178.md b/2023/CVE-2023-25178.md index e849ccff48..6b3f796aea 100644 --- a/2023/CVE-2023-25178.md +++ b/2023/CVE-2023-25178.md @@ -5,7 +5,7 @@ ### Description -Controller may be loaded with malicious firmware which could enable remote code execution +Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. ### POC diff --git a/2023/CVE-2023-2518.md b/2023/CVE-2023-2518.md new file mode 100644 index 0000000000..46fa0cf23d --- /dev/null +++ b/2023/CVE-2023-2518.md @@ -0,0 +1,17 @@ +### [CVE-2023-2518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2518) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Forms%20for%20Mailchimp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.8.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ca120255-2c50-4906-97f3-ea660486db4c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25194.md b/2023/CVE-2023-25194.md index 3f9104e3d9..4bb66515e7 100644 --- a/2023/CVE-2023-25194.md +++ b/2023/CVE-2023-25194.md @@ -19,6 +19,7 @@ A possible security vulnerability has been identified in Apache Kafka Connect AP - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/Veraxy00/Flink-Kafka-Vul @@ -34,4 +35,7 @@ A possible security vulnerability has been identified in Apache Kafka Connect AP - https://github.com/ohnonoyesyes/CVE-2023-25194 - https://github.com/srchen1987/springcloud-distributed-transaction - https://github.com/turn1tup/Writings +- https://github.com/vulncheck-oss/cve-2023-25194 +- https://github.com/whoforget/CVE-POC +- https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-25199.md b/2023/CVE-2023-25199.md new file mode 100644 index 0000000000..caa6d171d8 --- /dev/null +++ b/2023/CVE-2023-25199.md @@ -0,0 +1,17 @@ +### [CVE-2023-25199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser. + +### POC + +#### Reference +- https://summitinfosec.com/blog/x-ray-vision-identifying-cve-2023-25199-and-cve-2023-25200-in-manufacturing-equipment/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25200.md b/2023/CVE-2023-25200.md new file mode 100644 index 0000000000..a210310f73 --- /dev/null +++ b/2023/CVE-2023-25200.md @@ -0,0 +1,17 @@ +### [CVE-2023-25200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25200) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser. + +### POC + +#### Reference +- https://summitinfosec.com/blog/x-ray-vision-identifying-cve-2023-25199-and-cve-2023-25200-in-manufacturing-equipment/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2523.md b/2023/CVE-2023-2523.md index 0e7be06946..fc2087f542 100644 --- a/2023/CVE-2023-2523.md +++ b/2023/CVE-2023-2523.md @@ -14,6 +14,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. #### Github - https://github.com/Any3ite/CVE-2023-2523 +- https://github.com/Co5mos/nuclei-tps - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/kuang-zy/2023-Weaver-pocs diff --git a/2023/CVE-2023-2527.md b/2023/CVE-2023-2527.md new file mode 100644 index 0000000000..d07293c227 --- /dev/null +++ b/2023/CVE-2023-2527.md @@ -0,0 +1,17 @@ +### [CVE-2023-2527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2527) +![](https://img.shields.io/static/v1?label=Product&message=Integration%20for%20Contact%20Form%207%20and%20Zoho%20CRM%2C%20Bigin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8051142a-4e55-4dc2-9cb1-1b724c67574f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2529.md b/2023/CVE-2023-2529.md new file mode 100644 index 0000000000..cf0d7f14f4 --- /dev/null +++ b/2023/CVE-2023-2529.md @@ -0,0 +1,17 @@ +### [CVE-2023-2529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2529) +![](https://img.shields.io/static/v1?label=Product&message=Enable%20SVG%20Uploads&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4ac03907-2373-48f0-bca1-8f7073c06b18 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25365.md b/2023/CVE-2023-25365.md new file mode 100644 index 0000000000..09944c38d2 --- /dev/null +++ b/2023/CVE-2023-25365.md @@ -0,0 +1,17 @@ +### [CVE-2023-25365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25365) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2023/CVE-2023-25395.md b/2023/CVE-2023-25395.md index c291579c66..74e7966573 100644 --- a/2023/CVE-2023-25395.md +++ b/2023/CVE-2023-25395.md @@ -5,7 +5,7 @@ ### Description -TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. +TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. ### POC diff --git a/2023/CVE-2023-25399.md b/2023/CVE-2023-25399.md index f0de51c490..3cd204362d 100644 --- a/2023/CVE-2023-25399.md +++ b/2023/CVE-2023-25399.md @@ -5,7 +5,7 @@ ### Description -A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. +** DISPUTED ** A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. ### POC diff --git a/2023/CVE-2023-2546.md b/2023/CVE-2023-2546.md index 9c14a15f53..cd81cdb5d5 100644 --- a/2023/CVE-2023-2546.md +++ b/2023/CVE-2023-2546.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem +- https://github.com/hung1111234/KhaiThacLoHongPhanMem diff --git a/2023/CVE-2023-25573.md b/2023/CVE-2023-25573.md index 1b5de1d6f7..53ca8af983 100644 --- a/2023/CVE-2023-25573.md +++ b/2023/CVE-2023-25573.md @@ -13,6 +13,7 @@ metersphere is an open source continuous testing platform. In affected versions No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/20142995/sectool - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Threekiii/Awesome-POC diff --git a/2023/CVE-2023-25584.md b/2023/CVE-2023-25584.md index 194309c09b..8eef939dcf 100644 --- a/2023/CVE-2023-25584.md +++ b/2023/CVE-2023-25584.md @@ -23,4 +23,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-25585.md b/2023/CVE-2023-25585.md index f3882909a1..a5f18472d4 100644 --- a/2023/CVE-2023-25585.md +++ b/2023/CVE-2023-25585.md @@ -23,4 +23,5 @@ A flaw was found in Binutils. The use of an uninitialized field in the struct mo #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-25588.md b/2023/CVE-2023-25588.md index e5b146404c..79bd579d8f 100644 --- a/2023/CVE-2023-25588.md +++ b/2023/CVE-2023-25588.md @@ -23,4 +23,5 @@ A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitia #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-2568.md b/2023/CVE-2023-2568.md new file mode 100644 index 0000000000..d7e56e581e --- /dev/null +++ b/2023/CVE-2023-2568.md @@ -0,0 +1,17 @@ +### [CVE-2023-2568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2568) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%20Ays&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b1704a12-459b-4f5d-aa2d-a96646ddaf3e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25690.md b/2023/CVE-2023-25690.md index 4f2995ebe2..4a4b1aa48b 100644 --- a/2023/CVE-2023-25690.md +++ b/2023/CVE-2023-25690.md @@ -18,6 +18,7 @@ Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.5 - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/GGontijo/CTF-s - https://github.com/GhostTroops/TOP - https://github.com/H4lo/awesome-IoT-security-article - https://github.com/Mr-xn/Penetration_Testing_POC @@ -25,6 +26,7 @@ Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.5 - https://github.com/bioly230/THM_Skynet - https://github.com/dhmosfunk/CVE-2023-25690-POC - https://github.com/dhmosfunk/dhmosfunk +- https://github.com/florentvinai/CompteRendu-CTF-Mordor - https://github.com/hktalent/TOP - https://github.com/karimhabush/cyberowl - https://github.com/kgwanjala/oscp-cheatsheet diff --git a/2023/CVE-2023-2571.md b/2023/CVE-2023-2571.md new file mode 100644 index 0000000000..a28e352972 --- /dev/null +++ b/2023/CVE-2023-2571.md @@ -0,0 +1,17 @@ +### [CVE-2023-2571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2571) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20Maker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.4.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25718.md b/2023/CVE-2023-25718.md index 8ef64350b2..a30c06315d 100644 --- a/2023/CVE-2023-25718.md +++ b/2023/CVE-2023-25718.md @@ -14,5 +14,5 @@ - https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-2572.md b/2023/CVE-2023-2572.md new file mode 100644 index 0000000000..a25268efb9 --- /dev/null +++ b/2023/CVE-2023-2572.md @@ -0,0 +1,17 @@ +### [CVE-2023-2572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2572) +![](https://img.shields.io/static/v1?label=Product&message=Survey%20Maker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.4.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2f7fe6e6-c3d0-4e27-8222-572d7a420153 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25735.md b/2023/CVE-2023-25735.md index 96ebe0bca8..5686fa7b96 100644 --- a/2023/CVE-2023-25735.md +++ b/2023/CVE-2023-25735.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-25751.md b/2023/CVE-2023-25751.md index 565a9b0806..33df5adfac 100644 --- a/2023/CVE-2023-25751.md +++ b/2023/CVE-2023-25751.md @@ -17,4 +17,5 @@ No PoCs from references. #### Github - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-25770.md b/2023/CVE-2023-25770.md index 10cfb4f8db..ea81337c3f 100644 --- a/2023/CVE-2023-25770.md +++ b/2023/CVE-2023-25770.md @@ -5,7 +5,7 @@ ### Description -Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. +Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. ### POC diff --git a/2023/CVE-2023-2578.md b/2023/CVE-2023-2578.md new file mode 100644 index 0000000000..bc57462337 --- /dev/null +++ b/2023/CVE-2023-2578.md @@ -0,0 +1,17 @@ +### [CVE-2023-2578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2578) +![](https://img.shields.io/static/v1?label=Product&message=Buy%20Me%20a%20Coffee&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4dad1c0d-bcf9-4486-bd8e-387ac8e6c892 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25785.md b/2023/CVE-2023-25785.md new file mode 100644 index 0000000000..569bc571dc --- /dev/null +++ b/2023/CVE-2023-25785.md @@ -0,0 +1,17 @@ +### [CVE-2023-25785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25785) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Post%20Rating&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2579.md b/2023/CVE-2023-2579.md index 84f8775f88..016dc8b763 100644 --- a/2023/CVE-2023-2579.md +++ b/2023/CVE-2023-2579.md @@ -11,6 +11,7 @@ The InventoryPress WordPress plugin through 1.7 does not sanitise and escape som #### Reference - https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin +- https://wpscan.com/vulnerability/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe #### Github - https://github.com/0xn4d/poc-cve-xss-inventory-press-plugin diff --git a/2023/CVE-2023-2580.md b/2023/CVE-2023-2580.md new file mode 100644 index 0000000000..54519b4929 --- /dev/null +++ b/2023/CVE-2023-2580.md @@ -0,0 +1,17 @@ +### [CVE-2023-2580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2580) +![](https://img.shields.io/static/v1?label=Product&message=AI%20Engine%3A%20ChatGPT%20Chatbot%2C%20Content%20Generator%2C%20GPT%203%20%26%204%2C%20Ultra-Customizable&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.83%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7ee1efb1-9969-40b2-8ab2-ea427091bbd8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25813.md b/2023/CVE-2023-25813.md index ee6906b394..1981b4f64c 100644 --- a/2023/CVE-2023-25813.md +++ b/2023/CVE-2023-25813.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/bde574786/Sequelize-1day-CVE-2023-25813 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-25826.md b/2023/CVE-2023-25826.md index 2b2164a3b2..60a43a264a 100644 --- a/2023/CVE-2023-25826.md +++ b/2023/CVE-2023-25826.md @@ -14,6 +14,9 @@ Due to insufficient validation of parameters passed to the legacy HTTP query API #### Github - https://github.com/ErikWynter/opentsdb_key_cmd_injection +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/getdrive/PoC diff --git a/2023/CVE-2023-2585.md b/2023/CVE-2023-2585.md index 260fd5bdde..c4957d755a 100644 --- a/2023/CVE-2023-2585.md +++ b/2023/CVE-2023-2585.md @@ -4,7 +4,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improperly%20Implemented%20Security%20Check%20for%20Standard&color=brighgreen) diff --git a/2023/CVE-2023-2592.md b/2023/CVE-2023-2592.md new file mode 100644 index 0000000000..5850ac4e7f --- /dev/null +++ b/2023/CVE-2023-2592.md @@ -0,0 +1,17 @@ +### [CVE-2023-2592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2592) +![](https://img.shields.io/static/v1?label=Product&message=FormCraft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.8.2%3C%203.9.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d4298960-eaba-4185-a730-3e621d9680e1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-25948.md b/2023/CVE-2023-25948.md new file mode 100644 index 0000000000..7ed49ee8a7 --- /dev/null +++ b/2023/CVE-2023-25948.md @@ -0,0 +1,22 @@ +### [CVE-2023-25948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25948) +![](https://img.shields.io/static/v1?label=Product&message=Direct%20Station&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Engineering%20Station&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Experion%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Experion%20Station&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=501.1%3C%3D%20501.6HF8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=510.1%3C%3D%20511.5TCU3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=510.5%3C%3D%20511.5TCU3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-394%20Unexpected%20Status%20Code%20or%20Return%20Value&color=brighgreen) + +### Description + +Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2598.md b/2023/CVE-2023-2598.md index bd589f3748..224e7f901c 100644 --- a/2023/CVE-2023-2598.md +++ b/2023/CVE-2023-2598.md @@ -20,5 +20,6 @@ A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buff - https://github.com/sampsonv/github-trending - https://github.com/xairy/linux-kernel-exploitation - https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598 +- https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582 - https://github.com/zengzzzzz/golang-trending-archive diff --git a/2023/CVE-2023-2600.md b/2023/CVE-2023-2600.md new file mode 100644 index 0000000000..ff0887053d --- /dev/null +++ b/2023/CVE-2023-2600.md @@ -0,0 +1,17 @@ +### [CVE-2023-2600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2600) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Base%20Terms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8e1d65c3-14e4-482f-ae9e-323e847a8613 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26009.md b/2023/CVE-2023-26009.md new file mode 100644 index 0000000000..aeee34f8ad --- /dev/null +++ b/2023/CVE-2023-26009.md @@ -0,0 +1,17 @@ +### [CVE-2023-26009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26009) +![](https://img.shields.io/static/v1?label=Product&message=Houzez%20Login%20Register&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/truocphan/VulnBox + diff --git a/2023/CVE-2023-2601.md b/2023/CVE-2023-2601.md index 0368d27243..955b0da2de 100644 --- a/2023/CVE-2023-2601.md +++ b/2023/CVE-2023-2601.md @@ -12,6 +12,7 @@ The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and esca #### Reference - http://packetstormsecurity.com/files/173732/WordPress-WP-Brutal-AI-Cross-Site-Request-Forgery-SQL-Injection.html +- https://wpscan.com/vulnerability/57769468-3802-4985-bf5e-44ec1d59f5fd #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-26049.md b/2023/CVE-2023-26049.md index c58b7d3b05..2313f01d87 100644 --- a/2023/CVE-2023-26049.md +++ b/2023/CVE-2023-26049.md @@ -13,6 +13,7 @@ Jetty is a java based web server and servlet engine. Nonstandard cookie parsing No PoCs from references. #### Github +- https://github.com/hshivhare67/Jetty_v9.4.31_CVE-2023-26049 - https://github.com/muneebaashiq/MBProjects - https://github.com/nidhi7598/jetty-9.4.31_CVE-2023-26049 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-2606.md b/2023/CVE-2023-2606.md new file mode 100644 index 0000000000..0ea0d0e6c2 --- /dev/null +++ b/2023/CVE-2023-2606.md @@ -0,0 +1,17 @@ +### [CVE-2023-2606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2606) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Brutal%20AI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26083.md b/2023/CVE-2023-26083.md index 17b880b49d..fe74d936dd 100644 --- a/2023/CVE-2023-26083.md +++ b/2023/CVE-2023-26083.md @@ -13,7 +13,9 @@ Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver No PoCs from references. #### Github +- https://github.com/0x36/Pixel_GPU_Exploit - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/jiayy/android_vuln_poc-exp - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-26116.md b/2023/CVE-2023-26116.md index 2761f35d75..f97431bd6d 100644 --- a/2023/CVE-2023-26116.md +++ b/2023/CVE-2023-26116.md @@ -21,5 +21,5 @@ Versions of the package angular from 1.2.21 are vulnerable to Regular Expression - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 #### Github -No PoCs found on GitHub currently. +- https://github.com/patrikx3/redis-ui diff --git a/2023/CVE-2023-26117.md b/2023/CVE-2023-26117.md index c699c66672..24377f2660 100644 --- a/2023/CVE-2023-26117.md +++ b/2023/CVE-2023-26117.md @@ -20,5 +20,5 @@ Versions of the package angular from 1.0.0 are vulnerable to Regular Expression - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 #### Github -No PoCs found on GitHub currently. +- https://github.com/patrikx3/redis-ui diff --git a/2023/CVE-2023-26118.md b/2023/CVE-2023-26118.md index a6ff7bd354..a623a7d6ea 100644 --- a/2023/CVE-2023-26118.md +++ b/2023/CVE-2023-26118.md @@ -20,5 +20,5 @@ Versions of the package angular from 1.4.9 are vulnerable to Regular Expression - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 #### Github -No PoCs found on GitHub currently. +- https://github.com/patrikx3/redis-ui diff --git a/2023/CVE-2023-26130.md b/2023/CVE-2023-26130.md index bc36376b6a..327c0e5f65 100644 --- a/2023/CVE-2023-26130.md +++ b/2023/CVE-2023-26130.md @@ -15,4 +15,5 @@ Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF #### Github - https://github.com/dellalibera/dellalibera +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-26144.md b/2023/CVE-2023-26144.md index 520b6374ec..7751a1729b 100644 --- a/2023/CVE-2023-26144.md +++ b/2023/CVE-2023-26144.md @@ -13,5 +13,6 @@ Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to - https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 #### Github +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tadhglewis/tadhglewis diff --git a/2023/CVE-2023-2623.md b/2023/CVE-2023-2623.md new file mode 100644 index 0000000000..dd5e0384b7 --- /dev/null +++ b/2023/CVE-2023-2623.md @@ -0,0 +1,17 @@ +### [CVE-2023-2623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2623) +![](https://img.shields.io/static/v1?label=Product&message=KiviCare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2624.md b/2023/CVE-2023-2624.md index daca177e43..6067409b73 100644 --- a/2023/CVE-2023-2624.md +++ b/2023/CVE-2023-2624.md @@ -11,6 +11,7 @@ The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parame #### Reference - http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-26243.md b/2023/CVE-2023-26243.md index ecbd2f04ed..c586305270 100644 --- a/2023/CVE-2023-26243.md +++ b/2023/CVE-2023-26243.md @@ -13,6 +13,7 @@ An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-26244.md b/2023/CVE-2023-26244.md index a510492d5d..f083757ed9 100644 --- a/2023/CVE-2023-26244.md +++ b/2023/CVE-2023-26244.md @@ -13,6 +13,7 @@ An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-26245.md b/2023/CVE-2023-26245.md index e8049ddc00..a4ad2aafcf 100644 --- a/2023/CVE-2023-26245.md +++ b/2023/CVE-2023-26245.md @@ -13,6 +13,7 @@ An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-26246.md b/2023/CVE-2023-26246.md index ecdb46c05a..4883d3d3fc 100644 --- a/2023/CVE-2023-26246.md +++ b/2023/CVE-2023-26246.md @@ -13,6 +13,7 @@ An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-26257.md b/2023/CVE-2023-26257.md index b52894b5a2..6744d40f82 100644 --- a/2023/CVE-2023-26257.md +++ b/2023/CVE-2023-26257.md @@ -13,6 +13,7 @@ An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; forme No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-26258.md b/2023/CVE-2023-26258.md index 1d96eb75e7..57e412726f 100644 --- a/2023/CVE-2023-26258.md +++ b/2023/CVE-2023-26258.md @@ -18,4 +18,5 @@ No PoCs from references. - https://github.com/izj007/wechat - https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-2626.md b/2023/CVE-2023-2626.md index 7a2dbbf81d..b933103477 100644 --- a/2023/CVE-2023-2626.md +++ b/2023/CVE-2023-2626.md @@ -1,13 +1,11 @@ ### [CVE-2023-2626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2626) ![](https://img.shields.io/static/v1?label=Product&message=Google%20Wifi%20(next%20gen)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Nest%20Hub%20(2nd.%20gen)%20w%2F%20Sleep%20Tracking%20&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Nest%20Hub%20(2nd.%20gen)%20w%2F%20Sleep%20Tracking&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Nest%20Hub%20Max&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Nest%20Wifi%206E&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Nest%20Wifi%20Point&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=1.56.1%3C%201.56.368671%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=1.59%3C%201.63.355999%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.20221207.2.100038%20%3C%2010.20221207.2.100042%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.20221207.2.100038%3C%2010.20221207.2.100042%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.20221207.2.109%3C%2010.20221207.2.120%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=14150.881.7%3C%2014150.882.9%20&color=brighgreen) diff --git a/2023/CVE-2023-2627.md b/2023/CVE-2023-2627.md new file mode 100644 index 0000000000..ea11be8329 --- /dev/null +++ b/2023/CVE-2023-2627.md @@ -0,0 +1,18 @@ +### [CVE-2023-2627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2627) +![](https://img.shields.io/static/v1?label=Product&message=KiviCare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings + +### POC + +#### Reference +- https://wpscan.com/vulnerability/162d0029-2adc-4925-9985-1d5d672dbe75 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2628.md b/2023/CVE-2023-2628.md new file mode 100644 index 0000000000..2606e4641f --- /dev/null +++ b/2023/CVE-2023-2628.md @@ -0,0 +1,17 @@ +### [CVE-2023-2628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2628) +![](https://img.shields.io/static/v1?label=Product&message=KiviCare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e0741e2c-c529-4815-8744-16e01cdb0aed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26326.md b/2023/CVE-2023-26326.md index 7b7acbc457..4ffff7a5db 100644 --- a/2023/CVE-2023-26326.md +++ b/2023/CVE-2023-26326.md @@ -15,4 +15,5 @@ The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/JoshuaMart/JoshuaMart +- https://github.com/f0ur0four/Insecure-Deserialization diff --git a/2023/CVE-2023-2634.md b/2023/CVE-2023-2634.md new file mode 100644 index 0000000000..1be3499d16 --- /dev/null +++ b/2023/CVE-2023-2634.md @@ -0,0 +1,17 @@ +### [CVE-2023-2634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2634) +![](https://img.shields.io/static/v1?label=Product&message=Get%20your%20number&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1df111aa-6057-47a2-8e8b-9ef5ec3bb472 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2635.md b/2023/CVE-2023-2635.md index f3997d0b40..a58f01f30a 100644 --- a/2023/CVE-2023-2635.md +++ b/2023/CVE-2023-2635.md @@ -10,7 +10,7 @@ The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/81b89613-18d0-4c13-84e3-9e2e1802fd7c #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-26360.md b/2023/CVE-2023-26360.md index 922c5a0567..4be79e0551 100644 --- a/2023/CVE-2023-26360.md +++ b/2023/CVE-2023-26360.md @@ -15,6 +15,7 @@ Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and ea #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/getdrive/PoC - https://github.com/iluaster/getdrive_PoC diff --git a/2023/CVE-2023-26369.md b/2023/CVE-2023-26369.md index c472e6201d..0b65908ca3 100644 --- a/2023/CVE-2023-26369.md +++ b/2023/CVE-2023-26369.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Threekiii/CVE +- https://github.com/jonaslejon/malicious-pdf diff --git a/2023/CVE-2023-2640.md b/2023/CVE-2023-2640.md index 921637ce55..5b4d845fe4 100644 --- a/2023/CVE-2023-2640.md +++ b/2023/CVE-2023-2640.md @@ -17,13 +17,17 @@ No PoCs from references. - https://github.com/0xsyr0/OSCP - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough - https://github.com/Kiosec/Linux-Exploitation +- https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629 - https://github.com/OllaPapito/gameoverlay +- https://github.com/PuguhDy/CVE-Root-Ubuntu +- https://github.com/SanjayRagavendar/Ubuntu-GameOver-Lay - https://github.com/SanjayRagavendar/UbuntuPrivilegeEscalationV1 - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation - https://github.com/Umutkgz/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC - https://github.com/brimstone/stars +- https://github.com/churamanib/p0wny-shell - https://github.com/cyberexpertsng/Cyber-Advisory - https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation - https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629 @@ -35,11 +39,13 @@ No PoCs from references. - https://github.com/kaotickj/Check-for-CVE-2023-32629-GameOver-lay - https://github.com/kgwanjala/oscp-cheatsheet - https://github.com/luanoliveira350/GameOverlayFS +- https://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/oscpname/OSCP_cheat - https://github.com/revanmalang/OSCP - https://github.com/txuswashere/OSCP - https://github.com/vinetsuicide/CVE-2023-2640-CVE-2023-32629 +- https://github.com/xS9NTX/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC - https://github.com/xairy/linux-kernel-exploitation - https://github.com/xhref/OSCP diff --git a/2023/CVE-2023-2648.md b/2023/CVE-2023-2648.md index 79f1d2ac67..21d2759ab7 100644 --- a/2023/CVE-2023-2648.md +++ b/2023/CVE-2023-2648.md @@ -13,6 +13,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been classified as crit - https://github.com/sunyixuan1228/cve/blob/main/weaver.md #### Github +- https://github.com/Co5mos/nuclei-tps - https://github.com/MD-SEC/MDPOCS - https://github.com/MzzdToT/HAC_Bored_Writing - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 diff --git a/2023/CVE-2023-2654.md b/2023/CVE-2023-2654.md new file mode 100644 index 0000000000..c83f2537d1 --- /dev/null +++ b/2023/CVE-2023-2654.md @@ -0,0 +1,17 @@ +### [CVE-2023-2654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2654) +![](https://img.shields.io/static/v1?label=Product&message=Conditional%20Menus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/506ecee9-8e42-46de-9c5c-fc252ab2646e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26540.md b/2023/CVE-2023-26540.md new file mode 100644 index 0000000000..ec1fe70038 --- /dev/null +++ b/2023/CVE-2023-26540.md @@ -0,0 +1,17 @@ +### [CVE-2023-26540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26540) +![](https://img.shields.io/static/v1?label=Product&message=Houzez&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/truocphan/VulnBox + diff --git a/2023/CVE-2023-2655.md b/2023/CVE-2023-2655.md new file mode 100644 index 0000000000..aafe5d6c47 --- /dev/null +++ b/2023/CVE-2023-2655.md @@ -0,0 +1,17 @@ +### [CVE-2023-2655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2655) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20by%20WD&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b3f2d38f-8eeb-45e9-bb58-2957e416e1cd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26597.md b/2023/CVE-2023-26597.md new file mode 100644 index 0000000000..6d1ec806e6 --- /dev/null +++ b/2023/CVE-2023-26597.md @@ -0,0 +1,17 @@ +### [CVE-2023-26597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26597) +![](https://img.shields.io/static/v1?label=Product&message=C300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=501.1%3C%3D%20501.6HF8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-26756.md b/2023/CVE-2023-26756.md index 37b066758c..261af02849 100644 --- a/2023/CVE-2023-26756.md +++ b/2023/CVE-2023-26756.md @@ -11,6 +11,7 @@ The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. #### Reference - https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html +- https://www.esecforte.com/login-page-brute-force-attack/ #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-2684.md b/2023/CVE-2023-2684.md new file mode 100644 index 0000000000..75e81b7b6c --- /dev/null +++ b/2023/CVE-2023-2684.md @@ -0,0 +1,17 @@ +### [CVE-2023-2684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2684) +![](https://img.shields.io/static/v1?label=Product&message=File%20Renaming%20on%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/42b1f017-c497-4825-b12a-8dce3e108a55 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-26913.md b/2023/CVE-2023-26913.md index 374cbc366b..cb76f1b3b7 100644 --- a/2023/CVE-2023-26913.md +++ b/2023/CVE-2023-26913.md @@ -13,5 +13,5 @@ - https://wanheiqiyihu.top/2023/02/13/Evolucare-Ecsimaging-new-movie-php%E5%8F%8D%E5%B0%84%E6%80%A7xss/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-26924.md b/2023/CVE-2023-26924.md new file mode 100644 index 0000000000..333b65e002 --- /dev/null +++ b/2023/CVE-2023-26924.md @@ -0,0 +1,17 @@ +### [CVE-2023-26924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26924) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2701.md b/2023/CVE-2023-2701.md new file mode 100644 index 0000000000..3af74ef2de --- /dev/null +++ b/2023/CVE-2023-2701.md @@ -0,0 +1,17 @@ +### [CVE-2023-2701](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2701) +![](https://img.shields.io/static/v1?label=Product&message=gravityforms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/298fbe34-62c2-4e56-9bdb-90da570c5bbe + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2705.md b/2023/CVE-2023-2705.md new file mode 100644 index 0000000000..48286e8647 --- /dev/null +++ b/2023/CVE-2023-2705.md @@ -0,0 +1,17 @@ +### [CVE-2023-2705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2705) +![](https://img.shields.io/static/v1?label=Product&message=gAppointments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0b3c83ad-d490-4ca3-8589-39163ea5e24b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2707.md b/2023/CVE-2023-2707.md new file mode 100644 index 0000000000..b7126c4794 --- /dev/null +++ b/2023/CVE-2023-2707.md @@ -0,0 +1,17 @@ +### [CVE-2023-2707](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2707) +![](https://img.shields.io/static/v1?label=Product&message=gAppointments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e5664da4-5b78-4e42-be6b-e0d7b73a85b0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2709.md b/2023/CVE-2023-2709.md new file mode 100644 index 0000000000..a4a18ce933 --- /dev/null +++ b/2023/CVE-2023-2709.md @@ -0,0 +1,17 @@ +### [CVE-2023-2709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2709) +![](https://img.shields.io/static/v1?label=Product&message=AN_GradeBook&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2504dadb-1086-4fa9-8fc7-b93018423515 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2711.md b/2023/CVE-2023-2711.md new file mode 100644 index 0000000000..2f7d104335 --- /dev/null +++ b/2023/CVE-2023-2711.md @@ -0,0 +1,17 @@ +### [CVE-2023-2711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2711) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Product%20Catalog&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/71c5b5b5-8694-4738-8e4b-8670a8d21c86 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27150.md b/2023/CVE-2023-27150.md new file mode 100644 index 0000000000..199919fe05 --- /dev/null +++ b/2023/CVE-2023-27150.md @@ -0,0 +1,17 @@ +### [CVE-2023-27150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27150) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27151.md b/2023/CVE-2023-27151.md new file mode 100644 index 0000000000..0bc1148d93 --- /dev/null +++ b/2023/CVE-2023-27151.md @@ -0,0 +1,17 @@ +### [CVE-2023-27151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27151) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27152.md b/2023/CVE-2023-27152.md new file mode 100644 index 0000000000..d3f6d756a3 --- /dev/null +++ b/2023/CVE-2023-27152.md @@ -0,0 +1,17 @@ +### [CVE-2023-27152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27152) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-27152-opnsense-brute-force/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27178.md b/2023/CVE-2023-27178.md index 24e9197ad6..81ef7ecd72 100644 --- a/2023/CVE-2023-27178.md +++ b/2023/CVE-2023-27178.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/izj007/wechat +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-2718.md b/2023/CVE-2023-2718.md index ff35b75acd..e92010bdfe 100644 --- a/2023/CVE-2023-2718.md +++ b/2023/CVE-2023-2718.md @@ -10,6 +10,7 @@ The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted ### POC #### Reference +- https://wpscan.com/vulnerability/8ad824a6-2d49-4f02-8252-393c59aa9705 - https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins #### Github diff --git a/2023/CVE-2023-2719.md b/2023/CVE-2023-2719.md new file mode 100644 index 0000000000..cc9e0788f2 --- /dev/null +++ b/2023/CVE-2023-2719.md @@ -0,0 +1,17 @@ +### [CVE-2023-2719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2719) +![](https://img.shields.io/static/v1?label=Product&message=SupportCandy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d9f6f4e7-a237-49c0-aba0-2934ab019e35 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27197.md b/2023/CVE-2023-27197.md new file mode 100644 index 0000000000..176dfb08e7 --- /dev/null +++ b/2023/CVE-2023-27197.md @@ -0,0 +1,17 @@ +### [CVE-2023-27197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27197) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-27198.md b/2023/CVE-2023-27198.md new file mode 100644 index 0000000000..2966690220 --- /dev/null +++ b/2023/CVE-2023-27198.md @@ -0,0 +1,17 @@ +### [CVE-2023-27198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27198) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-27199.md b/2023/CVE-2023-27199.md new file mode 100644 index 0000000000..a5ed5bd230 --- /dev/null +++ b/2023/CVE-2023-27199.md @@ -0,0 +1,17 @@ +### [CVE-2023-27199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-27283.md b/2023/CVE-2023-27283.md new file mode 100644 index 0000000000..ee153e02a1 --- /dev/null +++ b/2023/CVE-2023-27283.md @@ -0,0 +1,17 @@ +### [CVE-2023-27283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27283) +![](https://img.shields.io/static/v1?label=Product&message=Aspera%20Orchestrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-204%20Response%20Discrepancy%20Information%20Exposure&color=brighgreen) + +### Description + +IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-27321.md b/2023/CVE-2023-27321.md new file mode 100644 index 0000000000..82d48af3e7 --- /dev/null +++ b/2023/CVE-2023-27321.md @@ -0,0 +1,17 @@ +### [CVE-2023-27321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27321) +![](https://img.shields.io/static/v1?label=Product&message=UA%20.NET%20Standard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.4.371.60%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption%20('Resource%20Exhaustion')&color=brighgreen) + +### Description + +OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/claroty/opcua-exploit-framework + diff --git a/2023/CVE-2023-27326.md b/2023/CVE-2023-27326.md new file mode 100644 index 0000000000..073b9c7132 --- /dev/null +++ b/2023/CVE-2023-27326.md @@ -0,0 +1,25 @@ +### [CVE-2023-27326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27326) +![](https://img.shields.io/static/v1?label=Product&message=Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R.47.0.0%20AutoCAD%202021%20%26%20R.47.0.0%20AutoCAD%20LT%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18933. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Impalabs/CVE-2023-27326 +- https://github.com/Malwareman007/CVE-2023-27326 +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/WinMin/awesome-vm-exploit +- https://github.com/izj007/wechat +- https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/taielab/awesome-hacking-lists +- https://github.com/whoami13apt/files2 + diff --git a/2023/CVE-2023-27327.md b/2023/CVE-2023-27327.md new file mode 100644 index 0000000000..454943944a --- /dev/null +++ b/2023/CVE-2023-27327.md @@ -0,0 +1,18 @@ +### [CVE-2023-27327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27327) +![](https://img.shields.io/static/v1?label=Product&message=Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2018.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%3A%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) + +### Description + +Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kn32/parallels-plist-escape +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-27328.md b/2023/CVE-2023-27328.md new file mode 100644 index 0000000000..9f41e920ef --- /dev/null +++ b/2023/CVE-2023-27328.md @@ -0,0 +1,17 @@ +### [CVE-2023-27328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27328) +![](https://img.shields.io/static/v1?label=Product&message=Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2018.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-91%3A%20XML%20Injection&color=brighgreen) + +### Description + +Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied string before using it to construct an XML document. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-19187. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kn32/parallels-plist-escape + diff --git a/2023/CVE-2023-27334.md b/2023/CVE-2023-27334.md new file mode 100644 index 0000000000..13dcf944ee --- /dev/null +++ b/2023/CVE-2023-27334.md @@ -0,0 +1,17 @@ +### [CVE-2023-27334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27334) +![](https://img.shields.io/static/v1?label=Product&message=edgeConnector%20Siemens&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.40%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption%20('Resource%20Exhaustion')&color=brighgreen) + +### Description + +Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/claroty/opcua-exploit-framework + diff --git a/2023/CVE-2023-27347.md b/2023/CVE-2023-27347.md new file mode 100644 index 0000000000..8dadd75c57 --- /dev/null +++ b/2023/CVE-2023-27347.md @@ -0,0 +1,17 @@ +### [CVE-2023-27347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27347) +![](https://img.shields.io/static/v1?label=Product&message=Total%20Security&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2025.5.12.833%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/dhn/dhn + diff --git a/2023/CVE-2023-27350.md b/2023/CVE-2023-27350.md index 75ab18b5fb..81a1b4f7bb 100644 --- a/2023/CVE-2023-27350.md +++ b/2023/CVE-2023-27350.md @@ -19,8 +19,10 @@ This vulnerability allows remote attackers to bypass authentication on affected #### Github - https://github.com/0ximan1337/CVE-2023-27350-POC - https://github.com/ARPSyndicate/cvemon +- https://github.com/ASG-CASTLE/CVE-2023-27350 - https://github.com/AdamCrosser/awesome-vuln-writeups - https://github.com/Jenderal92/CVE-2023-27350 +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/MaanVader/CVE-2023-27350-POC - https://github.com/Mr-xn/Penetration_Testing_POC diff --git a/2023/CVE-2023-27351.md b/2023/CVE-2023-27351.md index bb3f2a0e8b..78d37a11cf 100644 --- a/2023/CVE-2023-27351.md +++ b/2023/CVE-2023-27351.md @@ -13,5 +13,6 @@ This vulnerability allows remote attackers to bypass authentication on affected No PoCs from references. #### Github +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection diff --git a/2023/CVE-2023-27362.md b/2023/CVE-2023-27362.md new file mode 100644 index 0000000000..7527db1bd7 --- /dev/null +++ b/2023/CVE-2023-27362.md @@ -0,0 +1,17 @@ +### [CVE-2023-27362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27362) +![](https://img.shields.io/static/v1?label=Product&message=3CX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2018%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%3A%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2023/CVE-2023-27363.md b/2023/CVE-2023-27363.md new file mode 100644 index 0000000000..d374d7cc50 --- /dev/null +++ b/2023/CVE-2023-27363.md @@ -0,0 +1,24 @@ +### [CVE-2023-27363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27363) +![](https://img.shields.io/static/v1?label=Product&message=PDF%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.1.0.15250%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-749%3A%20Exposed%20Dangerous%20Method%20or%20Function&color=brighgreen) + +### Description + +Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CN016/-Foxit-PDF-CVE-2023-27363- +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Threekiii/Awesome-POC +- https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/qwqdanchun/CVE-2023-27363 +- https://github.com/webraybtl/CVE-2023-27363 + diff --git a/2023/CVE-2023-27366.md b/2023/CVE-2023-27366.md new file mode 100644 index 0000000000..15c98d2171 --- /dev/null +++ b/2023/CVE-2023-27366.md @@ -0,0 +1,17 @@ +### [CVE-2023-27366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27366) +![](https://img.shields.io/static/v1?label=Product&message=PDF%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.1.0.15250%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20225. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Souf31/mqtt-pentest + diff --git a/2023/CVE-2023-2742.md b/2023/CVE-2023-2742.md new file mode 100644 index 0000000000..069eb0d3f2 --- /dev/null +++ b/2023/CVE-2023-2742.md @@ -0,0 +1,17 @@ +### [CVE-2023-2742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2742) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f689442a-a851-4140-a10c-ac579f9da142 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-27427.md b/2023/CVE-2023-27427.md new file mode 100644 index 0000000000..a11cbdcf42 --- /dev/null +++ b/2023/CVE-2023-27427.md @@ -0,0 +1,17 @@ +### [CVE-2023-27427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27427) +![](https://img.shields.io/static/v1?label=Product&message=CRM%20Memberships&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vulsio/go-cve-dictionary + diff --git a/2023/CVE-2023-2743.md b/2023/CVE-2023-2743.md new file mode 100644 index 0000000000..a66b210db8 --- /dev/null +++ b/2023/CVE-2023-2743.md @@ -0,0 +1,17 @@ +### [CVE-2023-2743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2743) +![](https://img.shields.io/static/v1?label=Product&message=WP%20ERP%20%7C%20Complete%20HR%20solution%20with%20recruitment%20%26%20job%20listings%20%7C%20WooCommerce%20CRM%20%26%20Accounting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/517c6aa4-a56d-4f13-b370-7c864dd9c7db + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2744.md b/2023/CVE-2023-2744.md index 8fb61faf88..5d6d315a02 100644 --- a/2023/CVE-2023-2744.md +++ b/2023/CVE-2023-2744.md @@ -11,6 +11,7 @@ The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the #### Reference - http://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html +- https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-27502.md b/2023/CVE-2023-27502.md new file mode 100644 index 0000000000..be3634dd8d --- /dev/null +++ b/2023/CVE-2023-27502.md @@ -0,0 +1,18 @@ +### [CVE-2023-27502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27502) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Local%20Manageability%20Service%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%202316.5.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insertion%20of%20sensitive%20information%20into%20log%20file&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=information%20disclosure&color=brighgreen) + +### Description + +Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2751.md b/2023/CVE-2023-2751.md new file mode 100644 index 0000000000..b4690950e0 --- /dev/null +++ b/2023/CVE-2023-2751.md @@ -0,0 +1,17 @@ +### [CVE-2023-2751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2751) +![](https://img.shields.io/static/v1?label=Product&message=Upload%20Resume&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b0fe0ac-d0d1-473d-af5b-dad6217933d4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2752.md b/2023/CVE-2023-2752.md index 95c0e43144..bf9ae808c1 100644 --- a/2023/CVE-2023-2752.md +++ b/2023/CVE-2023-2752.md @@ -13,5 +13,5 @@ Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior - https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-27524.md b/2023/CVE-2023-27524.md index d4e302cb2d..d4807a05c6 100644 --- a/2023/CVE-2023-27524.md +++ b/2023/CVE-2023-27524.md @@ -5,15 +5,18 @@ ### Description -Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. +Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.Add a strong SECRET_KEY to your `superset_config.py` file like:SECRET_KEY = Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable. ### POC #### Reference - http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html - http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html +- https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html +- https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/20142995/sectool - https://github.com/Awrrays/FrameVul - https://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524- diff --git a/2023/CVE-2023-27532.md b/2023/CVE-2023-27532.md index 1caff94026..1f85f49187 100644 --- a/2023/CVE-2023-27532.md +++ b/2023/CVE-2023-27532.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/fardeen-ahmed/Bug-bounty-Writeups +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hktalent/TOP - https://github.com/horizon3ai/CVE-2023-27532 - https://github.com/karimhabush/cyberowl diff --git a/2023/CVE-2023-27534.md b/2023/CVE-2023-27534.md index c4e2c9ddb2..b02f62eb08 100644 --- a/2023/CVE-2023-27534.md +++ b/2023/CVE-2023-27534.md @@ -15,5 +15,7 @@ No PoCs from references. #### Github - https://github.com/1g-v/DevSec_Docker_lab - https://github.com/L-ivan7/-.-DevSec_Docker +- https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-27535.md b/2023/CVE-2023-27535.md index edfa0690b8..818d7ee51e 100644 --- a/2023/CVE-2023-27535.md +++ b/2023/CVE-2023-27535.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/1g-v/DevSec_Docker_lab - https://github.com/L-ivan7/-.-DevSec_Docker - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-27536.md b/2023/CVE-2023-27536.md index ef7e518d4f..f7768698bb 100644 --- a/2023/CVE-2023-27536.md +++ b/2023/CVE-2023-27536.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/1g-v/DevSec_Docker_lab - https://github.com/L-ivan7/-.-DevSec_Docker - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-27538.md b/2023/CVE-2023-27538.md index 296866e2d0..c3e5caebff 100644 --- a/2023/CVE-2023-27538.md +++ b/2023/CVE-2023-27538.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list diff --git a/2023/CVE-2023-27564.md b/2023/CVE-2023-27564.md new file mode 100644 index 0000000000..0f0b2ea840 --- /dev/null +++ b/2023/CVE-2023-27564.md @@ -0,0 +1,18 @@ +### [CVE-2023-27564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27564) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The n8n package 0.218.0 for Node.js allows Information Disclosure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/david-botelho-mariano/exploit-CVE-2023-27564 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-27566.md b/2023/CVE-2023-27566.md index 0f3a45150b..bb6b2c249e 100644 --- a/2023/CVE-2023-27566.md +++ b/2023/CVE-2023-27566.md @@ -19,6 +19,7 @@ Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a craf - https://github.com/CVEDB/top - https://github.com/OpenL2D/moc3ingbird - https://github.com/hktalent/TOP +- https://github.com/hugefiver/mystars - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/silentEAG/awesome-stars - https://github.com/vtubing/caff-archive diff --git a/2023/CVE-2023-27607.md b/2023/CVE-2023-27607.md new file mode 100644 index 0000000000..49370a45e8 --- /dev/null +++ b/2023/CVE-2023-27607.md @@ -0,0 +1,17 @@ +### [CVE-2023-27607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27607) +![](https://img.shields.io/static/v1?label=Product&message=Points%20and%20Rewards%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST + diff --git a/2023/CVE-2023-2761.md b/2023/CVE-2023-2761.md index a4a94496f5..3d079214f5 100644 --- a/2023/CVE-2023-2761.md +++ b/2023/CVE-2023-2761.md @@ -10,7 +10,7 @@ The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise a ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-2773.md b/2023/CVE-2023-2773.md index 0f33f23271..3feae3a3c6 100644 --- a/2023/CVE-2023-2773.md +++ b/2023/CVE-2023-2773.md @@ -13,6 +13,7 @@ A vulnerability has been found in code-projects Bus Dispatch and Information Sys No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2774.md b/2023/CVE-2023-2774.md index 69d9d69b7c..03f6fa3588 100644 --- a/2023/CVE-2023-2774.md +++ b/2023/CVE-2023-2774.md @@ -13,6 +13,7 @@ A vulnerability was found in code-projects Bus Dispatch and Information System 1 No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2775.md b/2023/CVE-2023-2775.md index 35f720af4d..ec6ed7d31d 100644 --- a/2023/CVE-2023-2775.md +++ b/2023/CVE-2023-2775.md @@ -13,6 +13,7 @@ A vulnerability was found in code-projects Bus Dispatch and Information System 1 No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-2779.md b/2023/CVE-2023-2779.md index 6d3ddf25a7..1df2da2d4c 100644 --- a/2023/CVE-2023-2779.md +++ b/2023/CVE-2023-2779.md @@ -11,6 +11,7 @@ The Social Share, Social Login and Social Comments WordPress plugin before 7.13. #### Reference - http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.html +- https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5 #### Github - https://github.com/40826d/advisories diff --git a/2023/CVE-2023-27900.md b/2023/CVE-2023-27900.md new file mode 100644 index 0000000000..732c58f929 --- /dev/null +++ b/2023/CVE-2023-27900.md @@ -0,0 +1,17 @@ +### [CVE-2023-27900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27900) +![](https://img.shields.io/static/v1?label=Product&message=Jenkins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/speedyfriend67/Experiments + diff --git a/2023/CVE-2023-27901.md b/2023/CVE-2023-27901.md new file mode 100644 index 0000000000..df550683d5 --- /dev/null +++ b/2023/CVE-2023-27901.md @@ -0,0 +1,17 @@ +### [CVE-2023-27901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27901) +![](https://img.shields.io/static/v1?label=Product&message=Jenkins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/speedyfriend67/Experiments + diff --git a/2023/CVE-2023-2795.md b/2023/CVE-2023-2795.md new file mode 100644 index 0000000000..8b3bdefef0 --- /dev/null +++ b/2023/CVE-2023-2795.md @@ -0,0 +1,17 @@ +### [CVE-2023-2795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2795) +![](https://img.shields.io/static/v1?label=Product&message=CodeColorer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.10.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2d6ecd21-3dd4-423d-80e7-277c45080a9f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2796.md b/2023/CVE-2023-2796.md index f0981946ae..20ae560ab7 100644 --- a/2023/CVE-2023-2796.md +++ b/2023/CVE-2023-2796.md @@ -11,6 +11,7 @@ The EventON WordPress plugin before 2.1.2 lacks authentication and authorization #### Reference - http://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html +- https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d #### Github - https://github.com/nullfuzz-pentest/shodan-dorks diff --git a/2023/CVE-2023-27974.md b/2023/CVE-2023-27974.md index a534ea95e7..20b02f309b 100644 --- a/2023/CVE-2023-27974.md +++ b/2023/CVE-2023-27974.md @@ -13,5 +13,5 @@ - https://flashpoint.io/blog/bitwarden-password-pilfering/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-27997.md b/2023/CVE-2023-27997.md index ce5e2ce33a..3a8b7573b7 100644 --- a/2023/CVE-2023-27997.md +++ b/2023/CVE-2023-27997.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/delsploit/CVE-2023-27997 - https://github.com/f1tao/awesome-iot-security-resource - https://github.com/gysf666/CVE-2023-27997-test +- https://github.com/h4x0r-dz/CVE-2024-21762 - https://github.com/hheeyywweellccoommee/CVE-2023-27997-POC-FortiOS-SSL-VPN-buffer-overflow-vulnerability-ssijz - https://github.com/hheeyywweellccoommee/CVE-2023-27997-test-nleyl - https://github.com/imbas007/CVE-2023-27997-Check diff --git a/2023/CVE-2023-2802.md b/2023/CVE-2023-2802.md new file mode 100644 index 0000000000..b238fe1486 --- /dev/null +++ b/2023/CVE-2023-2802.md @@ -0,0 +1,17 @@ +### [CVE-2023-2802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2802) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Addons%20for%20Contact%20Form%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.29%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c5cc136a-2fa6-44ff-b5b5-26d367937df9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2803.md b/2023/CVE-2023-2803.md new file mode 100644 index 0000000000..5ea95ce4f0 --- /dev/null +++ b/2023/CVE-2023-2803.md @@ -0,0 +1,17 @@ +### [CVE-2023-2803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2803) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Addons%20for%20Contact%20Form%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.29%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ec640d47-bb22-478d-9668-1dab72f12f8d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2805.md b/2023/CVE-2023-2805.md new file mode 100644 index 0000000000..d5dddb8350 --- /dev/null +++ b/2023/CVE-2023-2805.md @@ -0,0 +1,17 @@ +### [CVE-2023-2805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2805) +![](https://img.shields.io/static/v1?label=Product&message=SupportCandy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2811.md b/2023/CVE-2023-2811.md new file mode 100644 index 0000000000..64e1ab6e23 --- /dev/null +++ b/2023/CVE-2023-2811.md @@ -0,0 +1,17 @@ +### [CVE-2023-2811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2811) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot + +### POC + +#### Reference +- https://wpscan.com/vulnerability/82a81721-0435-45a6-bd5b-dc90186cf803 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2812.md b/2023/CVE-2023-2812.md new file mode 100644 index 0000000000..ec74c866ba --- /dev/null +++ b/2023/CVE-2023-2812.md @@ -0,0 +1,17 @@ +### [CVE-2023-2812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2812) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Dashboard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.7.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7de4c313-359e-4450-85f5-d29f3c2f046a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2813.md b/2023/CVE-2023-2813.md index e6d7c4d939..958b12afbb 100644 --- a/2023/CVE-2023-2813.md +++ b/2023/CVE-2023-2813.md @@ -77,7 +77,7 @@ All of the above Aapna WordPress theme through 1.3, Anand WordPress theme throug ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-28155.md b/2023/CVE-2023-28155.md index 8d44178f05..9bec0659ba 100644 --- a/2023/CVE-2023-28155.md +++ b/2023/CVE-2023-28155.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/HotDB-Community/HotDB-Engine - https://github.com/azu/request-filtering-agent +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/trong0dn/eth-todo-list diff --git a/2023/CVE-2023-28321.md b/2023/CVE-2023-28321.md index 82022a50ce..4ce9db2eb1 100644 --- a/2023/CVE-2023-28321.md +++ b/2023/CVE-2023-28321.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/awest25/Curl-Security-Evaluation - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list - https://github.com/jp-cpe/retrieve-cvss-scores diff --git a/2023/CVE-2023-28322.md b/2023/CVE-2023-28322.md index 882835b075..2cdfa0dc38 100644 --- a/2023/CVE-2023-28322.md +++ b/2023/CVE-2023-28322.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/awest25/Curl-Security-Evaluation - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/fokypoky/places-list - https://github.com/jp-cpe/retrieve-cvss-scores diff --git a/2023/CVE-2023-28329.md b/2023/CVE-2023-28329.md index 0d55c2913b..3b5adeffb2 100644 --- a/2023/CVE-2023-28329.md +++ b/2023/CVE-2023-28329.md @@ -1,7 +1,7 @@ ### [CVE-2023-28329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28329) -![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) ### Description diff --git a/2023/CVE-2023-28330.md b/2023/CVE-2023-28330.md index c9d423028f..a7ef48d680 100644 --- a/2023/CVE-2023-28330.md +++ b/2023/CVE-2023-28330.md @@ -1,7 +1,7 @@ ### [CVE-2023-28330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28330) -![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brighgreen) ### Description diff --git a/2023/CVE-2023-28389.md b/2023/CVE-2023-28389.md new file mode 100644 index 0000000000..ffa3c8ae58 --- /dev/null +++ b/2023/CVE-2023-28389.md @@ -0,0 +1,18 @@ +### [CVE-2023-28389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28389) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20CSME%20installer%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%202328.5.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20default%20permissions&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2842.md b/2023/CVE-2023-2842.md new file mode 100644 index 0000000000..f31e6a18b3 --- /dev/null +++ b/2023/CVE-2023-2842.md @@ -0,0 +1,17 @@ +### [CVE-2023-2842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2842) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Inventory%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2843.md b/2023/CVE-2023-2843.md new file mode 100644 index 0000000000..4f476dcef3 --- /dev/null +++ b/2023/CVE-2023-2843.md @@ -0,0 +1,17 @@ +### [CVE-2023-2843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2843) +![](https://img.shields.io/static/v1?label=Product&message=MultiParcels%20Shipping%20For%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.14.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8e713eaf-f332-47e2-a131-c14222201fdc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-28432.md b/2023/CVE-2023-28432.md index 6ee215d6dc..54759c09cb 100644 --- a/2023/CVE-2023-28432.md +++ b/2023/CVE-2023-28432.md @@ -13,7 +13,9 @@ Minio is a Multi-Cloud Object Storage framework. In a cluster deployment startin No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/0x783kb/Security-operation-book +- https://github.com/0xRulez/CVE-2023-28432 - https://github.com/20142995/Goby - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon @@ -28,6 +30,7 @@ No PoCs from references. - https://github.com/Henry4E36/POCS - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/LHXHL/Minio-CVE-2023-28432 +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/Majus527/MinIO_CVE-2023-28432 - https://github.com/Mr-xn/CVE-2023-28432 @@ -60,6 +63,7 @@ No PoCs from references. - https://github.com/steponeerror/Cve-2023-28432- - https://github.com/trailofbits/awesome-ml-security - https://github.com/unam4/CVE-2023-28432-minio_update_rce +- https://github.com/whoami13apt/files2 - https://github.com/xk-mt/CVE-2023-28432 - https://github.com/yTxZx/CVE-2023-28432 - https://github.com/yuyongxr/minio_cve-2023-28432 diff --git a/2023/CVE-2023-28530.md b/2023/CVE-2023-28530.md index 7ee9269138..247ac3fd58 100644 --- a/2023/CVE-2023-28530.md +++ b/2023/CVE-2023-28530.md @@ -13,5 +13,6 @@ IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, No PoCs from references. #### Github +- https://github.com/DojoSecurity/DojoSecurity - https://github.com/afine-com/research diff --git a/2023/CVE-2023-28547.md b/2023/CVE-2023-28547.md new file mode 100644 index 0000000000..70b563c14e --- /dev/null +++ b/2023/CVE-2023-28547.md @@ -0,0 +1,17 @@ +### [CVE-2023-28547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28547) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20Without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) + +### Description + +Memory corruption in SPS Application while requesting for public key in sorter TA. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-28578.md b/2023/CVE-2023-28578.md index 70b43eccc0..c23aa4342a 100644 --- a/2023/CVE-2023-28578.md +++ b/2023/CVE-2023-28578.md @@ -1,7 +1,7 @@ ### [CVE-2023-28578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28578) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) ### Description diff --git a/2023/CVE-2023-28582.md b/2023/CVE-2023-28582.md index 688a0e64bb..5110cc1f31 100644 --- a/2023/CVE-2023-28582.md +++ b/2023/CVE-2023-28582.md @@ -1,7 +1,7 @@ ### [CVE-2023-28582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28582) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20AR8035%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20Without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) ### Description diff --git a/2023/CVE-2023-28588.md b/2023/CVE-2023-28588.md index b021b1555c..3164f43800 100644 --- a/2023/CVE-2023-28588.md +++ b/2023/CVE-2023-28588.md @@ -1,7 +1,7 @@ ### [CVE-2023-28588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28588) ![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20APQ8017%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) ### Description diff --git a/2023/CVE-2023-28708.md b/2023/CVE-2023-28708.md index 87c831cbd3..004187d183 100644 --- a/2023/CVE-2023-28708.md +++ b/2023/CVE-2023-28708.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DrC0okie/HEIG_SLH_Labo1 +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh - https://github.com/fernandoreb/dependency-check-springboot - https://github.com/scordero1234/java_sec_demo-main - https://github.com/trganda/dockerv diff --git a/2023/CVE-2023-28709.md b/2023/CVE-2023-28709.md new file mode 100644 index 0000000000..f1ea8a248f --- /dev/null +++ b/2023/CVE-2023-28709.md @@ -0,0 +1,18 @@ +### [CVE-2023-28709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M2%3C%3D%2011.0.0-M4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-193%20Off-by-one%20Error&color=brighgreen) + +### Description + +The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh +- https://github.com/seal-community/patches + diff --git a/2023/CVE-2023-28746.md b/2023/CVE-2023-28746.md new file mode 100644 index 0000000000..9663ddf484 --- /dev/null +++ b/2023/CVE-2023-28746.md @@ -0,0 +1,19 @@ +### [CVE-2023-28746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Atom(R)%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20references%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20exposure%20through%20microarchitectural%20state%20after%20transient%20execution%20from%20some%20register%20files&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=information%20disclosure&color=brighgreen) + +### Description + +Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-28755.md b/2023/CVE-2023-28755.md index 6125adbac2..795dc8c394 100644 --- a/2023/CVE-2023-28755.md +++ b/2023/CVE-2023-28755.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/lifeparticle/Ruby-Cheatsheet diff --git a/2023/CVE-2023-2877.md b/2023/CVE-2023-2877.md index 05fbc4c012..269f36a7e7 100644 --- a/2023/CVE-2023-2877.md +++ b/2023/CVE-2023-2877.md @@ -10,7 +10,7 @@ The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402 #### Github - https://github.com/RandomRobbieBF/CVE-2023-2877 diff --git a/2023/CVE-2023-28787.md b/2023/CVE-2023-28787.md new file mode 100644 index 0000000000..316d368f8f --- /dev/null +++ b/2023/CVE-2023-28787.md @@ -0,0 +1,17 @@ +### [CVE-2023-28787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28787) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20And%20Survey%20Master&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/truocphan/VulnBox + diff --git a/2023/CVE-2023-28812.md b/2023/CVE-2023-28812.md index 2b5ed4af4b..6c28c9ea99 100644 --- a/2023/CVE-2023-28812.md +++ b/2023/CVE-2023-28812.md @@ -13,6 +13,7 @@ There is a buffer overflow vulnerability in a web browser plug-in could allow an No PoCs from references. #### Github +- https://github.com/LOURC0D3/ENVY-gitbook - https://github.com/LOURC0D3/LOURC0D3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-28813.md b/2023/CVE-2023-28813.md index 92355f3df8..592b5fbad1 100644 --- a/2023/CVE-2023-28813.md +++ b/2023/CVE-2023-28813.md @@ -13,6 +13,7 @@ An attacker could exploit a vulnerability by sending crafted messages to compute No PoCs from references. #### Github +- https://github.com/LOURC0D3/ENVY-gitbook - https://github.com/LOURC0D3/LOURC0D3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-28826.md b/2023/CVE-2023-28826.md new file mode 100644 index 0000000000..29ff1defef --- /dev/null +++ b/2023/CVE-2023-28826.md @@ -0,0 +1,19 @@ +### [CVE-2023-28826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28826) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2012.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2016.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20sensitive%20user%20data&color=brighgreen) + +### Description + +This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-28885.md b/2023/CVE-2023-28885.md index afaf617bbf..d6ab33be53 100644 --- a/2023/CVE-2023-28885.md +++ b/2023/CVE-2023-28885.md @@ -13,6 +13,7 @@ The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equ No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-28896.md b/2023/CVE-2023-28896.md new file mode 100644 index 0000000000..377d6a80d8 --- /dev/null +++ b/2023/CVE-2023-28896.md @@ -0,0 +1,17 @@ +### [CVE-2023-28896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28896) +![](https://img.shields.io/static/v1?label=Product&message=MIB3%20Infotainment%20Unit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%200304%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-261&color=brighgreen) + +### Description + +Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-2899.md b/2023/CVE-2023-2899.md new file mode 100644 index 0000000000..edb87f54a5 --- /dev/null +++ b/2023/CVE-2023-2899.md @@ -0,0 +1,17 @@ +### [CVE-2023-2899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2899) +![](https://img.shields.io/static/v1?label=Product&message=Google%20Map%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/92dcbeb3-17db-4d10-8ae7-c99acdb48c78 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-29017.md b/2023/CVE-2023-29017.md index e7e20bb8eb..5aea02a816 100644 --- a/2023/CVE-2023-29017.md +++ b/2023/CVE-2023-29017.md @@ -21,5 +21,6 @@ vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in mo - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/passwa11/CVE-2023-29017-reverse-shell - https://github.com/seal-community/patches +- https://github.com/silenstack/sast-rules - https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017 diff --git a/2023/CVE-2023-29153.md b/2023/CVE-2023-29153.md new file mode 100644 index 0000000000..1b66a99263 --- /dev/null +++ b/2023/CVE-2023-29153.md @@ -0,0 +1,18 @@ +### [CVE-2023-29153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29153) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20SPS%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%20SPS_E5_06.01.04.002.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20resource%20consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service&color=brighgreen) + +### Description + +Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST + diff --git a/2023/CVE-2023-29162.md b/2023/CVE-2023-29162.md new file mode 100644 index 0000000000..38bc035003 --- /dev/null +++ b/2023/CVE-2023-29162.md @@ -0,0 +1,18 @@ +### [CVE-2023-29162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29162) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20C%2B%2B%20Compiler%20Classic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%202021.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20buffer%20restrictions&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-29234.md b/2023/CVE-2023-29234.md index 6c2a0da9b7..02a7070a1a 100644 --- a/2023/CVE-2023-29234.md +++ b/2023/CVE-2023-29234.md @@ -15,8 +15,10 @@ No PoCs from references. #### Github - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/enomothem/PenTestNote - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-2928.md b/2023/CVE-2023-2928.md index 7960e3ecef..60feb2a108 100644 --- a/2023/CVE-2023-2928.md +++ b/2023/CVE-2023-2928.md @@ -14,5 +14,6 @@ A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as crit #### Github - https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928- +- https://github.com/Threekiii/Awesome-POC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-29300.md b/2023/CVE-2023-29300.md index a60e89c07d..4ff2c75e8f 100644 --- a/2023/CVE-2023-29300.md +++ b/2023/CVE-2023-29300.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/20142995/sectool - https://github.com/DarkFunct/CVE_Exploits - https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/XRSec/AWVS-Update - https://github.com/Y4tacker/JavaSec diff --git a/2023/CVE-2023-29324.md b/2023/CVE-2023-29324.md index 26c302be79..e39896adf4 100644 --- a/2023/CVE-2023-29324.md +++ b/2023/CVE-2023-29324.md @@ -8,6 +8,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) @@ -30,6 +31,7 @@ ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1936%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1702%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22070%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24266%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20969%20&color=brighgreen) diff --git a/2023/CVE-2023-29325.md b/2023/CVE-2023-29325.md index f746eb9649..942b6863cf 100644 --- a/2023/CVE-2023-29325.md +++ b/2023/CVE-2023-29325.md @@ -8,6 +8,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) @@ -30,6 +31,7 @@ ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1936%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1702%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22070%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24266%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20969%20&color=brighgreen) diff --git a/2023/CVE-2023-29336.md b/2023/CVE-2023-29336.md index 3625deabf2..737846cb7a 100644 --- a/2023/CVE-2023-29336.md +++ b/2023/CVE-2023-29336.md @@ -2,6 +2,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) @@ -14,6 +15,7 @@ ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.19926%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.5921%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22070%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26519%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24266%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20969%20&color=brighgreen) diff --git a/2023/CVE-2023-29357.md b/2023/CVE-2023-29357.md index 071024c176..f134cb9799 100644 --- a/2023/CVE-2023-29357.md +++ b/2023/CVE-2023-29357.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Chocapikk/CVE-2023-29357 - https://github.com/GhostTroops/TOP - https://github.com/Guillaume-Risch/cve-2023-29357-Sharepoint +- https://github.com/Jev1337/CVE-2023-29357-Check - https://github.com/KeyStrOke95/CVE-2023-29357-ExE - https://github.com/LuemmelSec/CVE-2023-29357 - https://github.com/Ostorlab/KEV diff --git a/2023/CVE-2023-29374.md b/2023/CVE-2023-29374.md index 1b98fe0f4b..64c98aeeec 100644 --- a/2023/CVE-2023-29374.md +++ b/2023/CVE-2023-29374.md @@ -15,4 +15,5 @@ In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection att #### Github - https://github.com/cckuailong/awesome-gpt-security - https://github.com/corca-ai/awesome-llm-security +- https://github.com/zgimszhd61/llm-security-quickstart diff --git a/2023/CVE-2023-29383.md b/2023/CVE-2023-29383.md index aa9e087521..be57f84ec4 100644 --- a/2023/CVE-2023-29383.md +++ b/2023/CVE-2023-29383.md @@ -14,6 +14,8 @@ In Shadow 4.13, it is possible to inject control characters into fields provided - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 #### Github +- https://github.com/GrigGM/05-virt-04-docker-hw - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/fokypoky/places-list - https://github.com/tl87/container-scanner diff --git a/2023/CVE-2023-29389.md b/2023/CVE-2023-29389.md index 66ef1ec322..8fd045c451 100644 --- a/2023/CVE-2023-29389.md +++ b/2023/CVE-2023-29389.md @@ -13,6 +13,7 @@ Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-29483.md b/2023/CVE-2023-29483.md new file mode 100644 index 0000000000..34ca4bbedd --- /dev/null +++ b/2023/CVE-2023-29483.md @@ -0,0 +1,17 @@ +### [CVE-2023-29483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29483) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-29489.md b/2023/CVE-2023-29489.md index f707de6baf..126c8ea436 100644 --- a/2023/CVE-2023-29489.md +++ b/2023/CVE-2023-29489.md @@ -15,6 +15,8 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c #### Github - https://github.com/1337r0j4n/CVE-2023-29489 - https://github.com/Abdullah7-ma/CVE-2023-29489 +- https://github.com/Cappricio-Securities/CVE-2019-9670 +- https://github.com/Cappricio-Securities/CVE-2023-29489 - https://github.com/Gerxnox/One-Liner-Collections - https://github.com/M0hamedsh0aib/xss_scan - https://github.com/MSA-13/Shodan-Bug-Bounty-Hunter @@ -38,6 +40,7 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/prasad-1808/tool-29489 - https://github.com/prasad-1808/tool_29489 +- https://github.com/some-man1/CVE-2023-29489 - https://github.com/thecybertix/One-Liner-Collections - https://github.com/tucommenceapousser/CVE-2023-29489 - https://github.com/tucommenceapousser/CVE-2023-29489.py diff --git a/2023/CVE-2023-2951.md b/2023/CVE-2023-2951.md index 13117e62bf..c5245b4f67 100644 --- a/2023/CVE-2023-2951.md +++ b/2023/CVE-2023-2951.md @@ -13,7 +13,10 @@ A vulnerability classified as critical has been found in code-projects Bus Dispa No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves +- https://github.com/Spr1te76/CVE-2023-2951 - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-29535.md b/2023/CVE-2023-29535.md index 61cdd45d1d..1134f309f2 100644 --- a/2023/CVE-2023-29535.md +++ b/2023/CVE-2023-29535.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-29543.md b/2023/CVE-2023-29543.md index df41880b37..934ee5b84d 100644 --- a/2023/CVE-2023-29543.md +++ b/2023/CVE-2023-29543.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-29544.md b/2023/CVE-2023-29544.md index 5aa5929bcd..c6714ee9b4 100644 --- a/2023/CVE-2023-29544.md +++ b/2023/CVE-2023-29544.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-29549.md b/2023/CVE-2023-29549.md index c1b25b355b..8bdc237935 100644 --- a/2023/CVE-2023-29549.md +++ b/2023/CVE-2023-29549.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/googleprojectzero/fuzzilli +- https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2023/CVE-2023-29579.md b/2023/CVE-2023-29579.md index d063a65a1f..dfe15e9792 100644 --- a/2023/CVE-2023-29579.md +++ b/2023/CVE-2023-29579.md @@ -5,7 +5,7 @@ ### Description -yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. +** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. ### POC diff --git a/2023/CVE-2023-29581.md b/2023/CVE-2023-29581.md index 4bc99f8120..cc2cb915e6 100644 --- a/2023/CVE-2023-29581.md +++ b/2023/CVE-2023-29581.md @@ -5,7 +5,7 @@ ### Description -yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c. +** DISPUTED ** yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs. ### POC @@ -14,5 +14,6 @@ yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the - https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md #### Github +- https://github.com/NaInSec/CVE-LIST - https://github.com/z1r00/fuzz_vuln diff --git a/2023/CVE-2023-29582.md b/2023/CVE-2023-29582.md index 60040cd5fa..037e937848 100644 --- a/2023/CVE-2023-29582.md +++ b/2023/CVE-2023-29582.md @@ -5,7 +5,7 @@ ### Description -yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. +** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. ### POC diff --git a/2023/CVE-2023-29583.md b/2023/CVE-2023-29583.md index 076ac81349..22ee3ca6af 100644 --- a/2023/CVE-2023-29583.md +++ b/2023/CVE-2023-29583.md @@ -5,7 +5,7 @@ ### Description -yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. +** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. ### POC diff --git a/2023/CVE-2023-2967.md b/2023/CVE-2023-2967.md new file mode 100644 index 0000000000..04b37db075 --- /dev/null +++ b/2023/CVE-2023-2967.md @@ -0,0 +1,17 @@ +### [CVE-2023-2967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2967) +![](https://img.shields.io/static/v1?label=Product&message=TinyMCE%20Custom%20Styles&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9afec4aa-1210-4c40-b566-64e37acf2b64 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2975.md b/2023/CVE-2023-2975.md index f5950a6e99..359242d6db 100644 --- a/2023/CVE-2023-2975.md +++ b/2023/CVE-2023-2975.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/seal-community/patches - https://github.com/tquizzle/clamav-alpine diff --git a/2023/CVE-2023-2976.md b/2023/CVE-2023-2976.md index d61bc6ddce..cf02b4add7 100644 --- a/2023/CVE-2023-2976.md +++ b/2023/CVE-2023-2976.md @@ -13,5 +13,18 @@ Use of Java's default temporary directory for file creation in `FileBackedOutput No PoCs from references. #### Github +- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh +- https://github.com/hinat0y/Dataset1 +- https://github.com/hinat0y/Dataset10 +- https://github.com/hinat0y/Dataset11 +- https://github.com/hinat0y/Dataset12 +- https://github.com/hinat0y/Dataset2 +- https://github.com/hinat0y/Dataset3 +- https://github.com/hinat0y/Dataset4 +- https://github.com/hinat0y/Dataset5 +- https://github.com/hinat0y/Dataset6 +- https://github.com/hinat0y/Dataset7 +- https://github.com/hinat0y/Dataset8 +- https://github.com/hinat0y/Dataset9 - https://github.com/junxiant/xnat-aws-monailabel diff --git a/2023/CVE-2023-29923.md b/2023/CVE-2023-29923.md index 33db0b73d3..d852223a80 100644 --- a/2023/CVE-2023-29923.md +++ b/2023/CVE-2023-29923.md @@ -13,6 +13,7 @@ PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interfac No PoCs from references. #### Github +- https://github.com/0day404/vulnerability-poc - https://github.com/1820112015/CVE-2023-29923 - https://github.com/CKevens/CVE-2023-29923-Scan - https://github.com/KayCHENvip/vulnerability-poc diff --git a/2023/CVE-2023-2995.md b/2023/CVE-2023-2995.md new file mode 100644 index 0000000000..46803edd77 --- /dev/null +++ b/2023/CVE-2023-2995.md @@ -0,0 +1,17 @@ +### [CVE-2023-2995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2995) +![](https://img.shields.io/static/v1?label=Product&message=Leyka&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.30.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2996.md b/2023/CVE-2023-2996.md new file mode 100644 index 0000000000..03d583decc --- /dev/null +++ b/2023/CVE-2023-2996.md @@ -0,0 +1,17 @@ +### [CVE-2023-2996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2996) +![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.9%3C%202.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-29973.md b/2023/CVE-2023-29973.md new file mode 100644 index 0000000000..ea05bc68e2 --- /dev/null +++ b/2023/CVE-2023-29973.md @@ -0,0 +1,17 @@ +### [CVE-2023-29973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29973) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-29973-no-rate-limit/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-29974.md b/2023/CVE-2023-29974.md new file mode 100644 index 0000000000..38fdd838b9 --- /dev/null +++ b/2023/CVE-2023-29974.md @@ -0,0 +1,17 @@ +### [CVE-2023-29974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29974) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-29974-weak-password-policy/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-29975.md b/2023/CVE-2023-29975.md new file mode 100644 index 0000000000..57c0051d48 --- /dev/null +++ b/2023/CVE-2023-29975.md @@ -0,0 +1,17 @@ +### [CVE-2023-29975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29975) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. + +### POC + +#### Reference +- https://www.esecforte.com/cve-2023-29975-unverified-password-changed/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-30253.md b/2023/CVE-2023-30253.md index 639d698d23..a8b711fe3d 100644 --- a/2023/CVE-2023-30253.md +++ b/2023/CVE-2023-30253.md @@ -13,5 +13,5 @@ Dolibarr before 17.0.1 allows remote code execution by an authenticated user via - https://www.swascan.com/security-advisory-dolibarr-17-0-0/ #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-30258.md b/2023/CVE-2023-30258.md index 621a670e25..cb2bf40399 100644 --- a/2023/CVE-2023-30258.md +++ b/2023/CVE-2023-30258.md @@ -14,6 +14,7 @@ Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allo - https://eldstal.se/advisories/230327-magnusbilling.html #### Github +- https://github.com/RunasRs/Billing - https://github.com/gy741/CVE-2023-30258-setup - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-3028.md b/2023/CVE-2023-3028.md index e106e8ac44..6dab991438 100644 --- a/2023/CVE-2023-3028.md +++ b/2023/CVE-2023-3028.md @@ -15,6 +15,7 @@ Insufficient authentication in the MQTT backend (broker) allows an attacker to a No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/V33RU/IoTSecurity101 - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security diff --git a/2023/CVE-2023-30394.md b/2023/CVE-2023-30394.md new file mode 100644 index 0000000000..9fdc1f789b --- /dev/null +++ b/2023/CVE-2023-30394.md @@ -0,0 +1,17 @@ +### [CVE-2023-30394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30394) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-30399.md b/2023/CVE-2023-30399.md index 2c14595ab2..15fe517bc9 100644 --- a/2023/CVE-2023-30399.md +++ b/2023/CVE-2023-30399.md @@ -13,6 +13,7 @@ Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v18 - https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-30402.md b/2023/CVE-2023-30402.md index 58741c81e2..e35452d7c5 100644 --- a/2023/CVE-2023-30402.md +++ b/2023/CVE-2023-30402.md @@ -5,7 +5,7 @@ ### Description -YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. +** DISPUTED ** YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. ### POC diff --git a/2023/CVE-2023-3041.md b/2023/CVE-2023-3041.md new file mode 100644 index 0000000000..119854c047 --- /dev/null +++ b/2023/CVE-2023-3041.md @@ -0,0 +1,17 @@ +### [CVE-2023-3041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3041) +![](https://img.shields.io/static/v1?label=Product&message=Autochat%20Automatic%20Conversation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/93cad990-b6be-4ee1-9cdf-0211a7fe6c96 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-30445.md b/2023/CVE-2023-30445.md index 6fe9ac8b60..f3900902ad 100644 --- a/2023/CVE-2023-30445.md +++ b/2023/CVE-2023-30445.md @@ -13,5 +13,5 @@ IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, an - https://www.ibm.com/support/pages/node/7010557 #### Github -No PoCs found on GitHub currently. +- https://github.com/vulsio/go-cve-dictionary diff --git a/2023/CVE-2023-3047.md b/2023/CVE-2023-3047.md new file mode 100644 index 0000000000..0ef786124f --- /dev/null +++ b/2023/CVE-2023-3047.md @@ -0,0 +1,20 @@ +### [CVE-2023-3047](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3047) +![](https://img.shields.io/static/v1?label=Product&message=Lockcell&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Kimsovannareth/Phamchie +- https://github.com/Phamchie/CVE-2023-3047 +- https://github.com/d0r4-hackers/dora-hacking +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-30480.md b/2023/CVE-2023-30480.md new file mode 100644 index 0000000000..6adfdf1520 --- /dev/null +++ b/2023/CVE-2023-30480.md @@ -0,0 +1,17 @@ +### [CVE-2023-30480](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30480) +![](https://img.shields.io/static/v1?label=Product&message=Educenter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-30590.md b/2023/CVE-2023-30590.md new file mode 100644 index 0000000000..537477e84c --- /dev/null +++ b/2023/CVE-2023-30590.md @@ -0,0 +1,17 @@ +### [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590) +![](https://img.shields.io/static/v1?label=Product&message=Node.js&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.20.1%3C%2016.20.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values".The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-3076.md b/2023/CVE-2023-3076.md index 8751539058..0fc010776c 100644 --- a/2023/CVE-2023-3076.md +++ b/2023/CVE-2023-3076.md @@ -10,7 +10,7 @@ The MStore API WordPress plugin before 3.9.9 does not prevent visitors from crea ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b #### Github - https://github.com/im-hanzou/MSAPer diff --git a/2023/CVE-2023-3077.md b/2023/CVE-2023-3077.md new file mode 100644 index 0000000000..a5965627ec --- /dev/null +++ b/2023/CVE-2023-3077.md @@ -0,0 +1,17 @@ +### [CVE-2023-3077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3077) +![](https://img.shields.io/static/v1?label=Product&message=MStore%20API&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.9.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-30861.md b/2023/CVE-2023-30861.md index dbefa1bad6..d5b17c8605 100644 --- a/2023/CVE-2023-30861.md +++ b/2023/CVE-2023-30861.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/elifesciences/github-repo-security-alerts - https://github.com/mansi1811-s/samp - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/saxetr/dependabot_vulnerabilities_check diff --git a/2023/CVE-2023-30943.md b/2023/CVE-2023-30943.md index 6a4afaa19c..5524859147 100644 --- a/2023/CVE-2023-30943.md +++ b/2023/CVE-2023-30943.md @@ -1,7 +1,7 @@ ### [CVE-2023-30943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30943) -![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20-%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) ### Description @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/Chocapikk/CVE-2023-30943 +- https://github.com/RubyCat1337/CVE-2023-30943 - https://github.com/d0rb/CVE-2023-30943 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-3106.md b/2023/CVE-2023-3106.md index fb4ce7c27c..80301a73bb 100644 --- a/2023/CVE-2023-3106.md +++ b/2023/CVE-2023-3106.md @@ -1,10 +1,8 @@ ### [CVE-2023-3106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3106) -![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=kernel&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) diff --git a/2023/CVE-2023-31122.md b/2023/CVE-2023-31122.md index 2efa2f693e..b7b140fe06 100644 --- a/2023/CVE-2023-31122.md +++ b/2023/CVE-2023-31122.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/arsenalzp/apch-operator +- https://github.com/klemakle/audit-pentest-BOX - https://github.com/xonoxitron/cpe2cve diff --git a/2023/CVE-2023-3118.md b/2023/CVE-2023-3118.md new file mode 100644 index 0000000000..2efcad150e --- /dev/null +++ b/2023/CVE-2023-3118.md @@ -0,0 +1,17 @@ +### [CVE-2023-3118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3118) +![](https://img.shields.io/static/v1?label=Product&message=Export%20All%20URLs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8a9efc8d-561a-42c6-8e61-ae5c3be581ea + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3129.md b/2023/CVE-2023-3129.md new file mode 100644 index 0000000000..12f7de053c --- /dev/null +++ b/2023/CVE-2023-3129.md @@ -0,0 +1,17 @@ +### [CVE-2023-3129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3129) +![](https://img.shields.io/static/v1?label=Product&message=URL%20Shortify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5717d729-c24b-4415-bb99-fcdd259328c4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31290.md b/2023/CVE-2023-31290.md new file mode 100644 index 0000000000..6cc2910ea1 --- /dev/null +++ b/2023/CVE-2023-31290.md @@ -0,0 +1,18 @@ +### [CVE-2023-31290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31290) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/00000rest/py_trustwallet_wasm +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-3130.md b/2023/CVE-2023-3130.md new file mode 100644 index 0000000000..01c5d77a54 --- /dev/null +++ b/2023/CVE-2023-3130.md @@ -0,0 +1,17 @@ +### [CVE-2023-3130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3130) +![](https://img.shields.io/static/v1?label=Product&message=Short%20URL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6e167864-c304-402e-8b2d-d47b5a3767d1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3131.md b/2023/CVE-2023-3131.md new file mode 100644 index 0000000000..2f710d56a8 --- /dev/null +++ b/2023/CVE-2023-3131.md @@ -0,0 +1,17 @@ +### [CVE-2023-3131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3131) +![](https://img.shields.io/static/v1?label=Product&message=MStore%20API&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.9.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/970735f1-24bb-441c-89b6-5a0959246d6c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3133.md b/2023/CVE-2023-3133.md new file mode 100644 index 0000000000..a707ad9f82 --- /dev/null +++ b/2023/CVE-2023-3133.md @@ -0,0 +1,17 @@ +### [CVE-2023-3133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3133) +![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3b6969a7-5cbc-4e16-8f27-5dde481237f5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3134.md b/2023/CVE-2023-3134.md index 6c82ccf3fe..3077bde525 100644 --- a/2023/CVE-2023-3134.md +++ b/2023/CVE-2023-3134.md @@ -10,6 +10,7 @@ The Forminator WordPress plugin before 1.24.4 does not properly escape values th ### POC #### Reference +- https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da - https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins #### Github diff --git a/2023/CVE-2023-3138.md b/2023/CVE-2023-3138.md index 2c7ca61e31..1d38439cf3 100644 --- a/2023/CVE-2023-3138.md +++ b/2023/CVE-2023-3138.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/AWSXXF/xorg_mirror_libx11 +- https://github.com/LingmoOS/libx11 - https://github.com/deepin-community/libx11 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-3139.md b/2023/CVE-2023-3139.md new file mode 100644 index 0000000000..a7e85c77df --- /dev/null +++ b/2023/CVE-2023-3139.md @@ -0,0 +1,17 @@ +### [CVE-2023-3139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3139) +![](https://img.shields.io/static/v1?label=Product&message=Protect%20WP%20Admin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%3A%20Observable%20Discrepancy&color=brighgreen) + +### Description + +The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f8a29aee-19cd-4e62-b829-afc9107f69bd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31437.md b/2023/CVE-2023-31437.md index ac48a73e51..685cee7839 100644 --- a/2023/CVE-2023-31437.md +++ b/2023/CVE-2023-31437.md @@ -13,5 +13,7 @@ No PoCs from references. #### Github +- https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/fokypoky/places-list - https://github.com/kastel-security/Journald diff --git a/2023/CVE-2023-31438.md b/2023/CVE-2023-31438.md index fac061667d..b749810618 100644 --- a/2023/CVE-2023-31438.md +++ b/2023/CVE-2023-31438.md @@ -13,5 +13,7 @@ No PoCs from references. #### Github +- https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/fokypoky/places-list - https://github.com/kastel-security/Journald diff --git a/2023/CVE-2023-31439.md b/2023/CVE-2023-31439.md index 1d8ddb263e..29c28ebc2b 100644 --- a/2023/CVE-2023-31439.md +++ b/2023/CVE-2023-31439.md @@ -13,5 +13,7 @@ - https://github.com/systemd/systemd/pull/28885 #### Github +- https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/fokypoky/places-list - https://github.com/kastel-security/Journald diff --git a/2023/CVE-2023-31474.md b/2023/CVE-2023-31474.md new file mode 100644 index 0000000000..31ca138d98 --- /dev/null +++ b/2023/CVE-2023-31474.md @@ -0,0 +1,17 @@ +### [CVE-2023-31474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31474) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. + +### POC + +#### Reference +- https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31484.md b/2023/CVE-2023-31484.md index e507518f2d..d1f4d713f8 100644 --- a/2023/CVE-2023-31484.md +++ b/2023/CVE-2023-31484.md @@ -13,5 +13,9 @@ CPAN.pm before 2.35 does not verify TLS certificates when downloading distributi No PoCs from references. #### Github +- https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/fokypoky/places-list +- https://github.com/raylivesun/pldo +- https://github.com/raylivesun/ploa - https://github.com/shakyaraj9569/Documentation diff --git a/2023/CVE-2023-31486.md b/2023/CVE-2023-31486.md index 8f984129ef..e1c0775b0e 100644 --- a/2023/CVE-2023-31486.md +++ b/2023/CVE-2023-31486.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/Dalifo/wik-dvs-tp02 +- https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/fokypoky/places-list - https://github.com/mauraneh/WIK-DPS-TP02 diff --git a/2023/CVE-2023-31517.md b/2023/CVE-2023-31517.md index b053b761bd..5db79e5d78 100644 --- a/2023/CVE-2023-31517.md +++ b/2023/CVE-2023-31517.md @@ -5,7 +5,7 @@ ### Description -Teeworlds v0.7.5 was discovered to contain memory leaks. +A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file. ### POC diff --git a/2023/CVE-2023-3154.md b/2023/CVE-2023-3154.md new file mode 100644 index 0000000000..19cea28838 --- /dev/null +++ b/2023/CVE-2023-3154.md @@ -0,0 +1,17 @@ +### [CVE-2023-3154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3154) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Gallery%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3155.md b/2023/CVE-2023-3155.md new file mode 100644 index 0000000000..4d9dbcbe7c --- /dev/null +++ b/2023/CVE-2023-3155.md @@ -0,0 +1,17 @@ +### [CVE-2023-3155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3155) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Gallery%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3159.md b/2023/CVE-2023-3159.md new file mode 100644 index 0000000000..1cb063d80b --- /dev/null +++ b/2023/CVE-2023-3159.md @@ -0,0 +1,17 @@ +### [CVE-2023-3159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3159) +![](https://img.shields.io/static/v1?label=Product&message=Kernel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416&color=brighgreen) + +### Description + +A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ethan42/linux-ieee1394 + diff --git a/2023/CVE-2023-31634.md b/2023/CVE-2023-31634.md new file mode 100644 index 0000000000..74dbfb1aee --- /dev/null +++ b/2023/CVE-2023-31634.md @@ -0,0 +1,18 @@ +### [CVE-2023-31634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31634) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. + +### POC + +#### Reference +- https://github.com/XC9409/CVE-2023-31634/blob/main/PoC + +#### Github +- https://github.com/XC9409/CVE-2023-31634 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-3169.md b/2023/CVE-2023-3169.md new file mode 100644 index 0000000000..94af9a21f8 --- /dev/null +++ b/2023/CVE-2023-3169.md @@ -0,0 +1,17 @@ +### [CVE-2023-3169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3169) +![](https://img.shields.io/static/v1?label=Product&message=tagDiv%20Composer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3170.md b/2023/CVE-2023-3170.md new file mode 100644 index 0000000000..49b7db289d --- /dev/null +++ b/2023/CVE-2023-3170.md @@ -0,0 +1,17 @@ +### [CVE-2023-3170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3170) +![](https://img.shields.io/static/v1?label=Product&message=tagDiv%20Composer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e95ff3c6-283b-4e5e-bea0-1f1375da08da + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31722.md b/2023/CVE-2023-31722.md new file mode 100644 index 0000000000..402215cd56 --- /dev/null +++ b/2023/CVE-2023-31722.md @@ -0,0 +1,17 @@ +### [CVE-2023-31722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31722) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/deezombiedude612/rca-tool + diff --git a/2023/CVE-2023-31729.md b/2023/CVE-2023-31729.md new file mode 100644 index 0000000000..2ef73d0ee7 --- /dev/null +++ b/2023/CVE-2023-31729.md @@ -0,0 +1,17 @@ +### [CVE-2023-31729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31729) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. + +### POC + +#### Reference +- https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3175.md b/2023/CVE-2023-3175.md new file mode 100644 index 0000000000..399f4e35fa --- /dev/null +++ b/2023/CVE-2023-3175.md @@ -0,0 +1,17 @@ +### [CVE-2023-3175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3175) +![](https://img.shields.io/static/v1?label=Product&message=AI%20ChatBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7643980b-eaa2-45d1-bd9d-9afae0943f43 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3178.md b/2023/CVE-2023-3178.md new file mode 100644 index 0000000000..173927a432 --- /dev/null +++ b/2023/CVE-2023-3178.md @@ -0,0 +1,17 @@ +### [CVE-2023-3178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3178) +![](https://img.shields.io/static/v1?label=Product&message=POST%20SMTP%20Mailer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.5.0%3C%202.5.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3179.md b/2023/CVE-2023-3179.md new file mode 100644 index 0000000000..c118c5f7a4 --- /dev/null +++ b/2023/CVE-2023-3179.md @@ -0,0 +1,17 @@ +### [CVE-2023-3179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3179) +![](https://img.shields.io/static/v1?label=Product&message=POST%20SMTP%20Mailer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.5.0%3C%202.5.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3182.md b/2023/CVE-2023-3182.md new file mode 100644 index 0000000000..481cb409c7 --- /dev/null +++ b/2023/CVE-2023-3182.md @@ -0,0 +1,17 @@ +### [CVE-2023-3182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3182) +![](https://img.shields.io/static/v1?label=Product&message=Membership%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/655a68ee-9447-41ca-899e-986a419fb7ed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3186.md b/2023/CVE-2023-3186.md new file mode 100644 index 0000000000..e793c0b4fb --- /dev/null +++ b/2023/CVE-2023-3186.md @@ -0,0 +1,17 @@ +### [CVE-2023-3186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3186) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20by%20Supsystic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.10.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1321%20Improperly%20Controlled%20Modification%20of%20Object%20Prototype%20Attributes%20('Prototype%20Pollution')&color=brighgreen) + +### Description + +The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/545007fc-3173-47b1-82c4-ed3fd1247b9c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31923.md b/2023/CVE-2023-31923.md new file mode 100644 index 0000000000..2c5f88beb3 --- /dev/null +++ b/2023/CVE-2023-31923.md @@ -0,0 +1,17 @@ +### [CVE-2023-31923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31923) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. + +### POC + +#### Reference +- https://nobugescapes.com/blog/creating-a-new-user-with-admin-privilege/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31972.md b/2023/CVE-2023-31972.md index c8ba138e51..436501644f 100644 --- a/2023/CVE-2023-31972.md +++ b/2023/CVE-2023-31972.md @@ -5,7 +5,7 @@ ### Description -yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. +** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. ### POC diff --git a/2023/CVE-2023-31973.md b/2023/CVE-2023-31973.md index b60be58583..8682c477d3 100644 --- a/2023/CVE-2023-31973.md +++ b/2023/CVE-2023-31973.md @@ -5,7 +5,7 @@ ### Description -yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. +** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. ### POC diff --git a/2023/CVE-2023-31974.md b/2023/CVE-2023-31974.md index 69e887c267..884d7774e7 100644 --- a/2023/CVE-2023-31974.md +++ b/2023/CVE-2023-31974.md @@ -5,7 +5,7 @@ ### Description -yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. +** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. ### POC diff --git a/2023/CVE-2023-32007.md b/2023/CVE-2023-32007.md index b0830f73a5..11b6e9204c 100644 --- a/2023/CVE-2023-32007.md +++ b/2023/CVE-2023-32007.md @@ -13,9 +13,11 @@ No PoCs from references. #### Github +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-3209.md b/2023/CVE-2023-3209.md new file mode 100644 index 0000000000..e904606745 --- /dev/null +++ b/2023/CVE-2023-3209.md @@ -0,0 +1,17 @@ +### [CVE-2023-3209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3209) +![](https://img.shields.io/static/v1?label=Product&message=MStore%20API&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.9.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/970735f1-24bb-441c-89b6-5a0959246d6c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3211.md b/2023/CVE-2023-3211.md new file mode 100644 index 0000000000..0bbe102035 --- /dev/null +++ b/2023/CVE-2023-3211.md @@ -0,0 +1,17 @@ +### [CVE-2023-3211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3211) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Database%20Administrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/873824f0-e8b1-45bd-8579-bc3c649a54e5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-32113.md b/2023/CVE-2023-32113.md index 9051c77ad4..4ee37d509e 100644 --- a/2023/CVE-2023-32113.md +++ b/2023/CVE-2023-32113.md @@ -1,6 +1,6 @@ ### [CVE-2023-32113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32113) ![](https://img.shields.io/static/v1?label=Product&message=SAP%20GUI%20for%20Windows&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%207.70%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%207.70%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) ### Description diff --git a/2023/CVE-2023-32170.md b/2023/CVE-2023-32170.md new file mode 100644 index 0000000000..99383d7133 --- /dev/null +++ b/2023/CVE-2023-32170.md @@ -0,0 +1,17 @@ +### [CVE-2023-32170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32170) +![](https://img.shields.io/static/v1?label=Product&message=UaGateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.12.482%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate.The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20494. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0vercl0k/pwn2own2023-miami + diff --git a/2023/CVE-2023-32171.md b/2023/CVE-2023-32171.md new file mode 100644 index 0000000000..4e80b1a8f9 --- /dev/null +++ b/2023/CVE-2023-32171.md @@ -0,0 +1,17 @@ +### [CVE-2023-32171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32171) +![](https://img.shields.io/static/v1?label=Product&message=UaGateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.12.482%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20495. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0vercl0k/pwn2own2023-miami + diff --git a/2023/CVE-2023-32172.md b/2023/CVE-2023-32172.md new file mode 100644 index 0000000000..de2ada19fa --- /dev/null +++ b/2023/CVE-2023-32172.md @@ -0,0 +1,17 @@ +### [CVE-2023-32172](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32172) +![](https://img.shields.io/static/v1?label=Product&message=UaGateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.12.482%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.The specific flaw exists within the implementation of the ImportXML function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20497. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/claroty/opcua-exploit-framework + diff --git a/2023/CVE-2023-32173.md b/2023/CVE-2023-32173.md new file mode 100644 index 0000000000..293e5d3e68 --- /dev/null +++ b/2023/CVE-2023-32173.md @@ -0,0 +1,17 @@ +### [CVE-2023-32173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32173) +![](https://img.shields.io/static/v1?label=Product&message=UaGateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R.47.0.0%20AutoCAD%202021%20%26%20R.47.0.0%20AutoCAD%20LT%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-91%3A%20XML%20Injection&color=brighgreen) + +### Description + +Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0vercl0k/pwn2own2023-miami + diff --git a/2023/CVE-2023-32174.md b/2023/CVE-2023-32174.md new file mode 100644 index 0000000000..902a69285d --- /dev/null +++ b/2023/CVE-2023-32174.md @@ -0,0 +1,17 @@ +### [CVE-2023-32174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32174) +![](https://img.shields.io/static/v1?label=Product&message=UaGateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R.47.0.0%20AutoCAD%202021%20%26%20R.47.0.0%20AutoCAD%20LT%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.The specific flaw exists within the handling of NodeManagerOpcUa objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20577. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0vercl0k/pwn2own2023-miami + diff --git a/2023/CVE-2023-32175.md b/2023/CVE-2023-32175.md new file mode 100644 index 0000000000..a012083aec --- /dev/null +++ b/2023/CVE-2023-32175.md @@ -0,0 +1,17 @@ +### [CVE-2023-32175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32175) +![](https://img.shields.io/static/v1?label=Product&message=Antivirus%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0.6.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/dhn/dhn + diff --git a/2023/CVE-2023-3219.md b/2023/CVE-2023-3219.md index 50334d561b..6a20c1386a 100644 --- a/2023/CVE-2023-3219.md +++ b/2023/CVE-2023-3219.md @@ -11,6 +11,7 @@ The EventON WordPress plugin before 2.1.2 does not validate that the event_id pa #### Reference - http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html +- https://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fd #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-32219.md b/2023/CVE-2023-32219.md index b39c2a5dab..52ad0e28eb 100644 --- a/2023/CVE-2023-32219.md +++ b/2023/CVE-2023-32219.md @@ -13,6 +13,7 @@ A Mazda model (2015-2016) can be unlocked via an unspecified method. No PoCs from references. #### Github +- https://github.com/1-tong/vehicle_cves - https://github.com/Vu1nT0tal/Vehicle-Security - https://github.com/VulnTotal-Team/Vehicle-Security - https://github.com/VulnTotal-Team/vehicle_cves diff --git a/2023/CVE-2023-3223.md b/2023/CVE-2023-3223.md new file mode 100644 index 0000000000..a52d3685a3 --- /dev/null +++ b/2023/CVE-2023-3223.md @@ -0,0 +1,37 @@ +### [CVE-2023-3223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3223) +![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207.12.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.1.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20on%20RHEL%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2013%20(Queens)%20Operational%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6.5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20support%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Allocation%20with%20Excessive%20Size%20Value&color=brighgreen) + +### Description + +A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-32233.md b/2023/CVE-2023-32233.md index 7475aed8ce..88fec4373d 100644 --- a/2023/CVE-2023-32233.md +++ b/2023/CVE-2023-32233.md @@ -37,6 +37,7 @@ In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when - https://github.com/revanmalang/OSCP - https://github.com/sirhc505/CVE_TOOLS - https://github.com/txuswashere/OSCP +- https://github.com/void0red/CVE-2023-32233 - https://github.com/xairy/linux-kernel-exploitation - https://github.com/xhref/OSCP - https://github.com/xyxj1024/xyxj1024.github.io diff --git a/2023/CVE-2023-3224.md b/2023/CVE-2023-3224.md index 16799e39cb..f819dec254 100644 --- a/2023/CVE-2023-3224.md +++ b/2023/CVE-2023-3224.md @@ -15,4 +15,5 @@ Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. #### Github - https://github.com/RuiZha0/TCP1PCTF_2023 - https://github.com/izj007/wechat +- https://github.com/whoami13apt/files2 diff --git a/2023/CVE-2023-3225.md b/2023/CVE-2023-3225.md new file mode 100644 index 0000000000..328da04818 --- /dev/null +++ b/2023/CVE-2023-3225.md @@ -0,0 +1,17 @@ +### [CVE-2023-3225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3225) +![](https://img.shields.io/static/v1?label=Product&message=Float%20menu&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3c76d0f4-2ea8-433d-afb2-e35e45630899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-32259.md b/2023/CVE-2023-32259.md new file mode 100644 index 0000000000..d48a515241 --- /dev/null +++ b/2023/CVE-2023-32259.md @@ -0,0 +1,19 @@ +### [CVE-2023-32259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32259) +![](https://img.shields.io/static/v1?label=Product&message=Asset%20Management%20X%20(AMX)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Service%20Management%20Automation%20X%20(SMAX)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202020.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202021.08%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1220%20Insufficient%20Granularity%20of%20Access%20Control&color=brighgreen) + +### Description + +Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST + diff --git a/2023/CVE-2023-3226.md b/2023/CVE-2023-3226.md index 9ec1e75377..62cc38f634 100644 --- a/2023/CVE-2023-3226.md +++ b/2023/CVE-2023-3226.md @@ -10,7 +10,7 @@ The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape som ### POC #### Reference -No PoCs from references. +- https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-32260.md b/2023/CVE-2023-32260.md new file mode 100644 index 0000000000..a25010f08b --- /dev/null +++ b/2023/CVE-2023-32260.md @@ -0,0 +1,20 @@ +### [CVE-2023-32260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32260) +![](https://img.shields.io/static/v1?label=Product&message=Asset%20Management%20X%20(AMX)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Hybrid%20Cloud%20Management%20X%20(HCMX)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Service%20Management%20Automation%20X%20(SMAX)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202020.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202021.08%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-115%20Misinterpretation%20of%20Input&color=brighgreen) + +### Description + +Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaInSec/CVE-LIST + diff --git a/2023/CVE-2023-32282.md b/2023/CVE-2023-32282.md new file mode 100644 index 0000000000..a90eca79ea --- /dev/null +++ b/2023/CVE-2023-32282.md @@ -0,0 +1,18 @@ +### [CVE-2023-32282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32282) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20references%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-32309.md b/2023/CVE-2023-32309.md index 2883554ba4..841d34f6fe 100644 --- a/2023/CVE-2023-32309.md +++ b/2023/CVE-2023-32309.md @@ -14,5 +14,6 @@ PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown pro #### Github - https://github.com/MaxymVlasov/renovate-vuln-alerts +- https://github.com/k3vg3n/MDN - https://github.com/renovate-reproductions/22747 diff --git a/2023/CVE-2023-32314.md b/2023/CVE-2023-32314.md index 2a5cd556c3..bac9a19bfa 100644 --- a/2023/CVE-2023-32314.md +++ b/2023/CVE-2023-32314.md @@ -14,5 +14,7 @@ vm2 is a sandbox that can run untrusted code with Node's built-in modules. A san - https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 #### Github +- https://github.com/AdarkSt/Honeypot_Smart_Infrastructure - https://github.com/giovanni-iannaccone/vm2_3.9.17 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-32315.md b/2023/CVE-2023-32315.md index 0c0c7f898e..4482c29c9c 100644 --- a/2023/CVE-2023-32315.md +++ b/2023/CVE-2023-32315.md @@ -19,14 +19,19 @@ Openfire is an XMPP server licensed under the Open Source Apache License. Openfi - https://github.com/5rGJ5aCh5oCq5YW9/CVE-2023-32315exp - https://github.com/ARPSyndicate/cvemon - https://github.com/CN016/Openfire-RCE-CVE-2023-32315- +- https://github.com/H4cking2theGate/TraversalHunter - https://github.com/K3ysTr0K3R/CVE-2023-32315-EXPLOIT +- https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection - https://github.com/MzzdToT/HAC_Bored_Writing - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Pari-Malam/CVE-2023-32315 +- https://github.com/SrcVme50/Jab - https://github.com/TLGKien/SploitusCrawl - https://github.com/ThatNotEasy/CVE-2023-32315 +- https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/XRSec/AWVS-Update - https://github.com/aneasystone/github-trending diff --git a/2023/CVE-2023-3242.md b/2023/CVE-2023-3242.md index a400cf4657..a692522834 100644 --- a/2023/CVE-2023-3242.md +++ b/2023/CVE-2023-3242.md @@ -6,7 +6,7 @@ ### Description -Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: