From 13f49e1e4f13e68ec3642de1a7699e7d428bc6b2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 18 Jan 2025 09:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13184.json | 90 ++++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13375.json | 76 ++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0537.json | 8 ++- 2025/0xxx/CVE-2025-0538.json | 8 ++- 2025/0xxx/CVE-2025-0567.json | 18 +++++++ 5 files changed, 188 insertions(+), 12 deletions(-) create mode 100644 2025/0xxx/CVE-2025-0567.json diff --git a/2024/13xxx/CVE-2024-13184.json b/2024/13xxx/CVE-2024-13184.json index 83ee1229d00..6d342f9b6d9 100644 --- a/2024/13xxx/CVE-2024-13184.json +++ b/2024/13xxx/CVE-2024-13184.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpextended", + "product": { + "product_data": [ + { + "product_name": "The Ultimate WordPress Toolkit \u2013 WP Extended", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abab29c7-88a9-4c6f-9691-ed9087cde2ff?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abab29c7-88a9-4c6f-9691-ed9087cde2ff?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_limit_login_attempts/wpext_limit_login_attempts.php#L105", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_limit_login_attempts/wpext_limit_login_attempts.php#L105" + }, + { + "url": "https://wordpress.org/plugins/wpextended/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wpextended/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3220003/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3220003/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Matthew Rollings" + }, + { + "lang": "en", + "value": "Youcef Hamdani" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13375.json b/2024/13xxx/CVE-2024-13375.json index 12bd2416d90..0e6260ce9ea 100644 --- a/2024/13xxx/CVE-2024-13375.json +++ b/2024/13xxx/CVE-2024-13375.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13375", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-620 Unverified Password Change", + "cweId": "CWE-620" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "spoonthemes", + "product": { + "product_data": [ + { + "product_name": "Adifier System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve" + }, + { + "url": "https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950", + "refsource": "MISC", + "name": "https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tonn" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2025/0xxx/CVE-2025-0537.json b/2025/0xxx/CVE-2025-0537.json index adb07125109..21c4bd21d1f 100644 --- a/2025/0xxx/CVE-2025-0537.json +++ b/2025/0xxx/CVE-2025-0537.json @@ -83,9 +83,9 @@ "name": "https://vuldb.com/?submit.479864" }, { - "url": "https://github.com/aaryan-11-x/My-CVEs/blob/main/Stored%20XSS%20-%20Code-Projects%20Online%20Car%20Rental%20System%201.0.md", + "url": "https://github.com/aaryan-11-x/My-CVEs/blob/main/CVE-2025-0537.md", "refsource": "MISC", - "name": "https://github.com/aaryan-11-x/My-CVEs/blob/main/Stored%20XSS%20-%20Code-Projects%20Online%20Car%20Rental%20System%201.0.md" + "name": "https://github.com/aaryan-11-x/My-CVEs/blob/main/CVE-2025-0537.md" }, { "url": "https://code-projects.org/", @@ -95,6 +95,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "aaryan11x (VulDB User)" + }, { "lang": "en", "value": "aaryan11x (VulDB User)" diff --git a/2025/0xxx/CVE-2025-0538.json b/2025/0xxx/CVE-2025-0538.json index 3a792db972b..e2a02cf2450 100644 --- a/2025/0xxx/CVE-2025-0538.json +++ b/2025/0xxx/CVE-2025-0538.json @@ -83,9 +83,9 @@ "name": "https://vuldb.com/?submit.479895" }, { - "url": "https://github.com/aaryan-11-x/My-CVEs/blob/main/Stored%20XSS%20-%20Code-Projects%20Tourism%20Management%20System%201.0.md", + "url": "https://github.com/aaryan-11-x/My-CVEs/blob/main/CVE-2025-0538.md", "refsource": "MISC", - "name": "https://github.com/aaryan-11-x/My-CVEs/blob/main/Stored%20XSS%20-%20Code-Projects%20Tourism%20Management%20System%201.0.md" + "name": "https://github.com/aaryan-11-x/My-CVEs/blob/main/CVE-2025-0538.md" }, { "url": "https://code-projects.org/", @@ -95,6 +95,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "aaryan11x (VulDB User)" + }, { "lang": "en", "value": "aaryan11x (VulDB User)" diff --git a/2025/0xxx/CVE-2025-0567.json b/2025/0xxx/CVE-2025-0567.json new file mode 100644 index 00000000000..cd0204aa79f --- /dev/null +++ b/2025/0xxx/CVE-2025-0567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file