From 3e68a7086beab47e5abb4c3cf58da43efcc1eeee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 16 Mar 2025 06:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13126.json | 72 +++++++++++++++++++++++++++++++--- 2024/13xxx/CVE-2024-13602.json | 72 +++++++++++++++++++++++++++++++--- 2025/1xxx/CVE-2025-1619.json | 72 +++++++++++++++++++++++++++++++--- 2025/1xxx/CVE-2025-1620.json | 72 +++++++++++++++++++++++++++++++--- 2025/1xxx/CVE-2025-1621.json | 72 +++++++++++++++++++++++++++++++--- 2025/1xxx/CVE-2025-1622.json | 72 +++++++++++++++++++++++++++++++--- 2025/30xxx/CVE-2025-30066.json | 2 +- 7 files changed, 403 insertions(+), 31 deletions(-) diff --git a/2024/13xxx/CVE-2024-13126.json b/2024/13xxx/CVE-2024-13126.json index 0315a5d159e..0f0357419a8 100644 --- a/2024/13xxx/CVE-2024-13126.json +++ b/2024/13xxx/CVE-2024-13126.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Download Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.3.07" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13602.json b/2024/13xxx/CVE-2024-13602.json index 006df05a5d2..0fce05a8baf 100644 --- a/2024/13xxx/CVE-2024-13602.json +++ b/2024/13xxx/CVE-2024-13602.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Poll Maker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krugov Artyom" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1619.json b/2025/1xxx/CVE-2025-1619.json index 9c75fa71f51..a41fbf0e1d4 100644 --- a/2025/1xxx/CVE-2025-1619.json +++ b/2025/1xxx/CVE-2025-1619.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GDPR Cookie Compliance", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/ae9bc19d-1634-4501-a258-8c56b2afee88/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/ae9bc19d-1634-4501-a258-8c56b2afee88/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1620.json b/2025/1xxx/CVE-2025-1620.json index 45f62b9bbc2..1524d25307d 100644 --- a/2025/1xxx/CVE-2025-1620.json +++ b/2025/1xxx/CVE-2025-1620.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GDPR Cookie Compliance", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/923db805-92e7-4489-8e57-374a19f817d7/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/923db805-92e7-4489-8e57-374a19f817d7/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1621.json b/2025/1xxx/CVE-2025-1621.json index 92e8e1f356b..bf28a25785d 100644 --- a/2025/1xxx/CVE-2025-1621.json +++ b/2025/1xxx/CVE-2025-1621.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GDPR Cookie Compliance", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c30b9631-2024-4081-9cc5-8294a77c5ebb/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c30b9631-2024-4081-9cc5-8294a77c5ebb/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1622.json b/2025/1xxx/CVE-2025-1622.json index d00fdc853ab..b3ad93c8946 100644 --- a/2025/1xxx/CVE-2025-1622.json +++ b/2025/1xxx/CVE-2025-1622.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GDPR Cookie Compliance", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30066.json b/2025/30xxx/CVE-2025-30066.json index 29525afc5da..b05210c9c46 100644 --- a/2025/30xxx/CVE-2025-30066.json +++ b/2025/30xxx/CVE-2025-30066.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were not originally affected, but were modified by a threat actor to point at commit 0e58ed8, which contains the malicious updateFeatures code.)" + "value": "tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)" } ] },