diff --git a/mapping.csv b/mapping.csv
index fe96f2041d5..64e8f148652 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -213056,3 +213056,6 @@ vulnerability,CVE-2023-42811,vulnerability--9374eace-9bee-4530-be97-e0b000f3fee3
 vulnerability,CVE-2023-42812,vulnerability--ec5638d4-a89f-4830-b73d-bf92ea6e1c3e
 vulnerability,CVE-2023-42798,vulnerability--eb477ba8-1d50-4f4c-8e7a-3c33bc4e68dc
 vulnerability,CVE-2023-42821,vulnerability--f397b05d-1e5f-4f44-a15b-aea699939e91
+vulnerability,CVE-2022-3962,vulnerability--311f97b7-7d06-49dc-a200-5cbf7fee6bf1
+vulnerability,CVE-2023-5125,vulnerability--2ce2fce4-2735-4fae-8c47-7edc434990b3
+vulnerability,CVE-2023-5134,vulnerability--b31654ce-57f8-4a7a-b904-27b66bad468e
diff --git a/objects/vulnerability/vulnerability--2ce2fce4-2735-4fae-8c47-7edc434990b3.json b/objects/vulnerability/vulnerability--2ce2fce4-2735-4fae-8c47-7edc434990b3.json
new file mode 100644
index 00000000000..605fb44c445
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2ce2fce4-2735-4fae-8c47-7edc434990b3.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--a0b73b24-ed3b-4d7d-8724-d3d23e215684",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2ce2fce4-2735-4fae-8c47-7edc434990b3",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-09-24T00:05:33.862374Z",
+            "modified": "2023-09-24T00:05:33.862374Z",
+            "name": "CVE-2023-5125",
+            "description": "The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5125"
+                }
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--311f97b7-7d06-49dc-a200-5cbf7fee6bf1.json b/objects/vulnerability/vulnerability--311f97b7-7d06-49dc-a200-5cbf7fee6bf1.json
new file mode 100644
index 00000000000..e1732e150f5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--311f97b7-7d06-49dc-a200-5cbf7fee6bf1.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9c567707-1825-487b-a71d-151816a061ca",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--311f97b7-7d06-49dc-a200-5cbf7fee6bf1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-09-24T00:05:22.21685Z",
+            "modified": "2023-09-24T00:05:22.21685Z",
+            "name": "CVE-2022-3962",
+            "description": "A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-3962"
+                }
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b31654ce-57f8-4a7a-b904-27b66bad468e.json b/objects/vulnerability/vulnerability--b31654ce-57f8-4a7a-b904-27b66bad468e.json
new file mode 100644
index 00000000000..db52d74dbf5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b31654ce-57f8-4a7a-b904-27b66bad468e.json
@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e3d4db9a-be56-4434-8927-9beb18a303d9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b31654ce-57f8-4a7a-b904-27b66bad468e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-09-24T00:05:33.879434Z",
+            "modified": "2023-09-24T00:05:33.879434Z",
+            "name": "CVE-2023-5134",
+            "description": "The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5134"
+                }
+            ]
+        }
+    ]
+}
\ No newline at end of file