diff --git a/cves.json b/cves.json
index dae046057aa..2e50dbaa5fa 100644
--- a/cves.json
+++ b/cves.json
@@ -930,6 +930,7 @@
 {"ID":"CVE-2020-13405","Info":{"Name":"Microweber \u003c1.1.20 - Information Disclosure","Severity":"high","Description":"Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13405.yaml"}
 {"ID":"CVE-2020-13483","Info":{"Name":"Bitrix24 \u003c=20.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13483.yaml"}
 {"ID":"CVE-2020-13638","Info":{"Name":"rConfig 3.9 - Authentication Bypass(Admin Login)","Severity":"critical","Description":"lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13638.yaml"}
+{"ID":"CVE-2020-13640","Info":{"Name":"wpDiscuz \u003c= 5.3.5 - SQL Injection","Severity":"critical","Description":"A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13640.yaml"}
 {"ID":"CVE-2020-13700","Info":{"Name":"WordPress acf-to-rest-api \u003c=3.1.0 - Insecure Direct Object Reference","Severity":"high","Description":"WordPress acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13700.yaml"}
 {"ID":"CVE-2020-13820","Info":{"Name":"Extreme Management Center 8.4.1.24 - Cross-Site Scripting","Severity":"medium","Description":"Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13820.yaml"}
 {"ID":"CVE-2020-13851","Info":{"Name":"Artica Pandora FMS 7.44 - Remote Code Execution","Severity":"high","Description":"Artica Pandora FMS 7.44 allows remote command execution via the events feature.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-13851.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 603fac80702..4f937ed5ffc 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-440eda0419ec13ca0f57249d7b5fc9b2
+a33b2014de103872c0007cb4f9972aa8