admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-27 15:00:59 +00:00
parent 979eeea7e4
commit 490d6fe11f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
43 changed files with 3885 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2024/57xxx/CVE-2024-57590.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-57590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-57590",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface \"ntp_sync.cgi\",which allows remote attackers to execute arbitrary commands via parameter \"ntp_server\" passed to the \"ntp_sync.cgi\" binary through a POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md",
"refsource": "MISC",
"name": "https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md"
}
]
}

67
2024/57xxx/CVE-2024-57595.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-57595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-57595",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter \"wps_pin\" passed to the apc_client_pin.cgi binary through a POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md",
"refsource": "MISC",
"name": "https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md"
}
]
}

18
2025/0xxx/CVE-2025-0751.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0752.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0753.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0754.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2025/23xxx/CVE-2025-23529.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Blokhaus",
"product": {
"product_data": [
{
"product_name": "Minterpress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/minterpress/vulnerability/wordpress-minterpress-plugin-1-0-5-arbitrary-content-deletion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/minterpress/vulnerability/wordpress-minterpress-plugin-1-0-5-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23531.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David F. Carr RSVPMaker Volunteer Roles allows Reflected XSS. This issue affects RSVPMaker Volunteer Roles: from n/a through 1.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David F. Carr",
"product": {
"product_data": [
{
"product_name": "RSVPMaker Volunteer Roles",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/rsvpmaker-volunteer-roles/vulnerability/wordpress-rsvpmaker-volunteer-roles-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/rsvpmaker-volunteer-roles/vulnerability/wordpress-rsvpmaker-volunteer-roles-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23574.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jonathan Lau",
"product": {
"product_data": [
{
"product_name": "CubePM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cubepm/vulnerability/wordpress-cubepm-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/cubepm/vulnerability/wordpress-cubepm-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23656.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Saul Morales Pacheco",
"product": {
"product_data": [
{
"product_name": "Donate visa",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/donate-visa/vulnerability/wordpress-donate-visa-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/donate-visa/vulnerability/wordpress-donate-visa-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "SOPROBRO (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23669.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin, Mohammad Saiful Islam WP Smart Tooltip allows Stored XSS. This issue affects WP Smart Tooltip: from n/a through 1.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nurul Amin, Mohammad Saiful Islam",
"product": {
"product_data": [
{
"product_name": "WP Smart Tooltip",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-smart-tool-tip/vulnerability/wordpress-wp-smart-tooltip-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/wp-smart-tool-tip/vulnerability/wordpress-wp-smart-tooltip-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "SOPROBRO (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23752.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NotFound",
"product": {
"product_data": [
{
"product_name": "CGD Arrange Terms",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/shopp-arrange/vulnerability/wordpress-cgd-arrange-terms-plugin-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/shopp-arrange/vulnerability/wordpress-cgd-arrange-terms-plugin-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23754.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops allows Reflected XSS. This issue affects The Loops: from n/a through 1.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ulrich Sossou",
"product": {
"product_data": [
{
"product_name": "The Loops",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/the-loops/vulnerability/wordpress-the-loops-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/the-loops/vulnerability/wordpress-the-loops-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23756.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress \u2013 Law Firm Website Management allows Reflected XSS. This issue affects LawPress \u2013 Law Firm Website Management: from n/a through 1.4.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivan Chernyakov",
"product": {
"product_data": [
{
"product_name": "LawPress \u2013 Law Firm Website Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/lawpress/vulnerability/wordpress-lawpress-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/lawpress/vulnerability/wordpress-lawpress-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23849.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Benjamin Piwowarski",
"product": {
"product_data": [
{
"product_name": "PAPERCITE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "0.5.18"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/papercite/vulnerability/wordpress-papercite-plugin-0-5-18-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/papercite/vulnerability/wordpress-papercite-plugin-0-5-18-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

85
2025/23xxx/CVE-2025-23982.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Marian Kanev",
"product": {
"product_data": [
{
"product_name": "Cab fare calculator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cab-fare-calculator/vulnerability/wordpress-fare-calculator-plugin-1-1-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/cab-fare-calculator/vulnerability/wordpress-fare-calculator-plugin-1-1-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "SOPROBRO (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24537.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Events Calendar",
"product": {
"product_data": [
{
"product_name": "The Events Calendar",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "6.7.0",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "6.7.1",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress The Events Calendar plugin to the latest available version (at least 6.7.1)."
}
],
"value": "Update the WordPress The Events Calendar plugin to the latest available version (at least 6.7.1)."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24538.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "slaFFik",
"product": {
"product_data": [
{
"product_name": "BuddyPress Groups Extras",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.6.10",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "3.7.0",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/buddypress-groups-extras/vulnerability/wordpress-buddypress-groups-extras-plugin-3-6-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/buddypress-groups-extras/vulnerability/wordpress-buddypress-groups-extras-plugin-3-6-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress BuddyPress Groups Extras wordpress plugin to the latest available version (at least 3.7.0)."
}
],
"value": "Update the WordPress BuddyPress Groups Extras wordpress plugin to the latest available version (at least 3.7.0)."
}
],
"credits": [
{
"lang": "en",
"value": "Marek Mikita (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24540.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SeedProd",
"product": {
"product_data": [
{
"product_name": "Coming Soon Page, Under Construction & Maintenance Mode by SeedProd",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "6.18.9",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "6.18.10",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-plugin-6-18-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-plugin-6-18-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin to the latest available version (at least 6.18.10)."
}
],
"value": "Update the WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin to the latest available version (at least 6.18.10)."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24590.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Haptiq picu \u2013 Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu \u2013 Online Photo Proofing Gallery: from n/a through 2.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Haptiq",
"product": {
"product_data": [
{
"product_name": "picu \u2013 Online Photo Proofing Gallery",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "2.4.1",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/picu/vulnerability/wordpress-picu-online-photo-proofing-gallery-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/picu/vulnerability/wordpress-picu-online-photo-proofing-gallery-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress picu \u2013 Online Photo Proofing Gallery plugin to the latest available version (at least 2.4.1)."
}
],
"value": "Update the WordPress picu \u2013 Online Photo Proofing Gallery plugin to the latest available version (at least 2.4.1)."
}
],
"credits": [
{
"lang": "en",
"value": "thiennv (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24593.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WisdmLabs",
"product": {
"product_data": [
{
"product_name": "Edwiser Bridge",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.0.8",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "3.1.0",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/edwiser-bridge/vulnerability/wordpress-edwiser-bridge-plugin-3-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/edwiser-bridge/vulnerability/wordpress-edwiser-bridge-plugin-3-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Edwiser Bridge wordpress plugin to the latest available version (at least 3.1.0)."
}
],
"value": "Update the WordPress Edwiser Bridge wordpress plugin to the latest available version (at least 3.1.0)."
}
],
"credits": [
{
"lang": "en",
"value": "Le Ngoc Anh (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24600.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David F. Carr",
"product": {
"product_data": [
{
"product_name": "RSVPMarker",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "11.4.5",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "11.4.6",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/rsvpmaker/vulnerability/wordpress-rsvpmaker-plugin-11-4-5-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/rsvpmaker/vulnerability/wordpress-rsvpmaker-plugin-11-4-5-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress RSVPMarker plugin to the latest available version (at least 11.4.6)."
}
],
"value": "Update the WordPress RSVPMarker plugin to the latest available version (at least 11.4.6)."
}
],
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24603.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "UkrSolution",
"product": {
"product_data": [
{
"product_name": "Print Barcode Labels for your WooCommerce products/orders",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.4.10",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "3.4.11",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/a4-barcode-generator/vulnerability/wordpress-print-labels-with-barcodes-create-price-tags-product-labels-order-labels-for-woocommerce-plugin-3-4-10-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/a4-barcode-generator/vulnerability/wordpress-print-labels-with-barcodes-create-price-tags-product-labels-order-labels-for-woocommerce-plugin-3-4-10-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Print Barcode Labels for your WooCommerce products/orders plugin to the latest available version (at least 3.4.11)."
}
],
"value": "Update the WordPress Print Barcode Labels for your WooCommerce products/orders plugin to the latest available version (at least 3.4.11)."
}
],
"credits": [
{
"lang": "en",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24606.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sprout Invoices",
"product": {
"product_data": [
{
"product_name": "Client Invoicing by Sprout Invoices",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "20.8.1",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "20.8.2",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-for-wordpress-plugin-20-8-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-for-wordpress-plugin-20-8-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Client Invoicing by Sprout Invoices wordpress plugin to the latest available version (at least 20.8.2)."
}
],
"value": "Update the WordPress Client Invoicing by Sprout Invoices wordpress plugin to the latest available version (at least 20.8.2)."
}
],
"credits": [
{
"lang": "en",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24626.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CodePeople",
"product": {
"product_data": [
{
"product_name": "Music Store",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.1.19",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.2.0",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/music-store/vulnerability/wordpress-music-store-wordpress-ecommerce-plugin-1-1-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/music-store/vulnerability/wordpress-music-store-wordpress-ecommerce-plugin-1-1-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Music Store wordpress plugin to the latest available version (at least 1.2.0)."
}
],
"value": "Update the WordPress Music Store wordpress plugin to the latest available version (at least 1.2.0)."
}
],
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24628.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BestWebSoft",
"product": {
"product_data": [
{
"product_name": "Google Captcha",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.79",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Google Captcha wordpress plugin to the latest available version (at least 1.79)."
}
],
"value": "Update the WordPress Google Captcha wordpress plugin to the latest available version (at least 1.79)."
}
],
"credits": [
{
"lang": "en",
"value": "cod3beat (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24653.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NotFound",
"product": {
"product_data": [
{
"product_name": "Admin and Site Enhancements (ASE) Pro",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "7.6.1.1",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "7.6.3",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/admin-site-enhancements-pro/vulnerability/wordpress-admin-and-site-enhancements-ase-pro-plugin-7-6-1-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/admin-site-enhancements-pro/vulnerability/wordpress-admin-and-site-enhancements-ase-pro-plugin-7-6-1-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Admin and Site Enhancements (ASE) Pro wordpress plugin to the latest available version (at least 7.6.3)."
}
],
"value": "Update the WordPress Admin and Site Enhancements (ASE) Pro wordpress plugin to the latest available version (at least 7.6.3)."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24662.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NotFound",
"product": {
"product_data": [
{
"product_name": "LearnDash LMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "4.20.0.1",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "4.20.0.3",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/sfwd-lms/vulnerability/wordpress-learndash-lms-plugin-4-20-0-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/sfwd-lms/vulnerability/wordpress-learndash-lms-plugin-4-20-0-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress LearnDash LMS wordpress plugin to the latest available version (at least 4.20.0.3)."
}
],
"value": "Update the WordPress LearnDash LMS wordpress plugin to the latest available version (at least 4.20.0.3)."
}
],
"credits": [
{
"lang": "en",
"value": "David Ojeda Guijarro (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24665.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes \u2013 Unishippers Edition: from n/a through 2.4.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eniture Technology",
"product": {
"product_data": [
{
"product_name": "Small Package Quotes \u2013 Unishippers Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "2.4.9",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-unishippers-edition/vulnerability/wordpress-small-package-quotes-plugin-2-4-8-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-unishippers-edition/vulnerability/wordpress-small-package-quotes-plugin-2-4-8-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Small Package Quotes \u2013 Unishippers Edition wordpress plugin to the latest available version (at least 2.4.9)."
}
],
"value": "Update the WordPress Small Package Quotes \u2013 Unishippers Edition wordpress plugin to the latest available version (at least 2.4.9)."
}
],
"credits": [
{
"lang": "en",
"value": "Colin Xu (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseSeverity": "CRITICAL",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24667.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes \u2013 Worldwide Express Edition: from n/a through 5.2.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eniture Technology",
"product": {
"product_data": [
{
"product_name": "Small Package Quotes \u2013 Worldwide Express Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "5.2.17",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "5.2.18",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Small Package Quotes \u2013 Worldwide Express Edition wordpress plugin to the latest available version (at least 5.2.18)."
}
],
"value": "Update the WordPress Small Package Quotes \u2013 Worldwide Express Edition wordpress plugin to the latest available version (at least 5.2.18)."
}
],
"credits": [
{
"lang": "en",
"value": "Colin Xu (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseSeverity": "CRITICAL",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24671.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pdfcrowd",
"product": {
"product_data": [
{
"product_name": "Save as PDF plugin by Pdfcrowd",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "4.4.0",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "4.4.1",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Save as PDF plugin by Pdfcrowd wordpress plugin to the latest available version (at least 4.4.1)."
}
],
"value": "Update the WordPress Save as PDF plugin by Pdfcrowd wordpress plugin to the latest available version (at least 4.4.1)."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "CRITICAL",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24680.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WpMultiStoreLocator",
"product": {
"product_data": [
{
"product_name": "WP Multi Store Locator",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "2.5.1",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WP Multi Store Locator wordpress plugin to the latest available version (at least 2.5.1)."
}
],
"value": "Update the WordPress WP Multi Store Locator wordpress plugin to the latest available version (at least 2.5.1)."
}
],
"credits": [
{
"lang": "en",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24689.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"cweId": "CWE-538"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codection",
"product": {
"product_data": [
{
"product_name": "Import and export users and customers",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.27.12",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.27.13",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Import and export users and customers wordpress plugin to the latest available version (at least 1.27.13)."
}
],
"value": "Update the WordPress Import and export users and customers wordpress plugin to the latest available version (at least 1.27.13)."
}
],
"credits": [
{
"lang": "en",
"value": "Caesar Evan Santoso (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24708.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CRM Perks",
"product": {
"product_data": [
{
"product_name": "WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.1.6",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.1.7",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cf7-dynamics-crm/vulnerability/wordpress-wp-dynamics-crm-plugin-1-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/cf7-dynamics-crm/vulnerability/wordpress-wp-dynamics-crm-plugin-1-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin to the latest available version (at least 1.1.7)."
}
],
"value": "Update the WordPress WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin to the latest available version (at least 1.1.7)."
}
],
"credits": [
{
"lang": "en",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24734.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CodeSolz",
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.6.7",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.6.8",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-6-7-privilege-escalation-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-6-7-privilege-escalation-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Better Find and Replace wordpress plugin to the latest available version (at least 1.6.8)."
}
],
"value": "Update the WordPress Better Find and Replace wordpress plugin to the latest available version (at least 1.6.8)."
}
],
"credits": [
{
"lang": "en",
"value": "Ananda Dhakal (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24740.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24740",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThimPress",
"product": {
"product_data": [
{
"product_name": "LearnPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "4.2.7.1",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "4.2.7.2",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/learnpress/vulnerability/wordpress-learnpress-plugin-4-2-7-1-open-redirection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/learnpress/vulnerability/wordpress-learnpress-plugin-4-2-7-1-open-redirection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress LearnPress plugin to the latest available version (at least 4.2.7.2)."
}
],
"value": "Update the WordPress LearnPress plugin to the latest available version (at least 4.2.7.2)."
}
],
"credits": [
{
"lang": "en",
"value": "Muhamad Agil Fachrian (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24741.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KB Support",
"product": {
"product_data": [
{
"product_name": "KB Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.6.7",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.6.8",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/kb-support/vulnerability/wordpress-kb-support-plugin-1-6-7-open-redirection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/kb-support/vulnerability/wordpress-kb-support-plugin-1-6-7-open-redirection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress KB Support plugin to the latest available version (at least 1.6.8)."
}
],
"value": "Update the WordPress KB Support plugin to the latest available version (at least 1.6.8)."
}
],
"credits": [
{
"lang": "en",
"value": "Muhamad Agil Fachrian (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24742.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WP Go Maps (formerly WP Google Maps)",
"product": {
"product_data": [
{
"product_name": "WP Go Maps",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "9.0.40",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "9.0.41",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-google-maps/vulnerability/wordpress-wp-google-maps-plugin-9-0-40-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/wp-google-maps/vulnerability/wordpress-wp-google-maps-plugin-9-0-40-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WP Google Maps plugin to the latest available version (at least 9.0.41)."
}
],
"value": "Update the WordPress WP Google Maps plugin to the latest available version (at least 9.0.41)."
}
],
"credits": [
{
"lang": "en",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24743.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rometheme",
"product": {
"product_data": [
{
"product_name": "RomethemeKit For Elementor",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.5.3",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress RomethemeKit For Elementor wordpress plugin to the latest available version (at least 1.5.3)."
}
],
"value": "Update the WordPress RomethemeKit For Elementor wordpress plugin to the latest available version (at least 1.5.3)."
}
],
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24744.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NotFound",
"product": {
"product_data": [
{
"product_name": "Bridge Core",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "3.3.1",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/bridge-core/vulnerability/wordpress-bridge-core-plugin-3-3-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/bridge-core/vulnerability/wordpress-bridge-core-plugin-3-3-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Bridge Core plugin to the latest available version (at least 3.3.1)."
}
],
"value": "Update the WordPress Bridge Core plugin to the latest available version (at least 3.3.1)."
}
],
"credits": [
{
"lang": "en",
"value": "Ananda Dhakal (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24747.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Houzez.co",
"product": {
"product_data": [
{
"product_name": "Houzez",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.4.0",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "3.4.2",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-3-4-0-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-3-4-0-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Houzez theme to the latest available version (at least 3.4.2)."
}
],
"value": "Update the WordPress Houzez theme to the latest available version (at least 3.4.2)."
}
],
"credits": [
{
"lang": "en",
"value": "Ananda Dhakal (Patchstack)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

113
2025/24xxx/CVE-2025-24782.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
"cweId": "CWE-98"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpWax",
"product": {
"product_data": [
{
"product_name": "Post Grid, Slider & Carousel Ultimate",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.6.10",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "1.7",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/post-grid-carousel-ultimate/vulnerability/wordpress-post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-plugin-1-6-10-local-file-inclusion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/post-grid-carousel-ultimate/vulnerability/wordpress-post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-plugin-1-6-10-local-file-inclusion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Post Grid, Slider & Carousel Ultimate plugin to the latest available version (at least 1.7)."
}
],
"value": "Update the WordPress Post Grid, Slider & Carousel Ultimate plugin to the latest available version (at least 1.7)."
}
],
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

67
2025/24xxx/CVE-2025-24783.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.\n\nThis issue affects Apache Cocoon: all versions.\n\nWhen a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.\n\nAs a mitigation, you may enable the \"session-bound-continuations\" option to make sure continuations are not shared across sessions.\n\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
"cweId": "CWE-335"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Cocoon",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Xiangfan Wu from the StarMap Team of Legendsec at Qi-Anxin Group"
}
]
}