diff --git a/2025/0xxx/CVE-2025-0736.json b/2025/0xxx/CVE-2025-0736.json index 561f96684b4..148b617e8b6 100644 --- a/2025/0xxx/CVE-2025-0736.json +++ b/2025/0xxx/CVE-2025-0736.json @@ -36,13 +36,13 @@ "product": { "product_data": [ { - "product_name": "Red Hat Data Grid 8", + "product_name": "Red Hat Data Grid", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -56,6 +56,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:2663", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2663" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-0736", "refsource": "MISC", diff --git a/2025/1xxx/CVE-2025-1508.json b/2025/1xxx/CVE-2025-1508.json index 366b621b6c4..205cefb360e 100644 --- a/2025/1xxx/CVE-2025-1508.json +++ b/2025/1xxx/CVE-2025-1508.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "themeum", + "product": { + "product_data": [ + { + "product_name": "WP Crowdfunding", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.1.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70a93afa-9801-41d2-8923-ca4ae6ae974f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70a93afa-9801-41d2-8923-ca4ae6ae974f?source=cve" + }, + { + "url": "https://wordpress.org/plugins/wp-crowdfunding/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-crowdfunding/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/29xxx/CVE-2025-29847.json b/2025/29xxx/CVE-2025-29847.json new file mode 100644 index 00000000000..6d9e8bf49a5 --- /dev/null +++ b/2025/29xxx/CVE-2025-29847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2076.json b/2025/2xxx/CVE-2025-2076.json index 3c9a784f45e..857fb97fa1d 100644 --- a/2025/2xxx/CVE-2025-2076.json +++ b/2025/2xxx/CVE-2025-2076.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gnarf", + "product": { + "product_data": [ + { + "product_name": "binlayerpress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af920a9-15fb-44c9-be31-7c9ed5bc2031?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af920a9-15fb-44c9-be31-7c9ed5bc2031?source=cve" + }, + { + "url": "https://wordpress.org/plugins/binlayerpress/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/binlayerpress/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "siyuan shao" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/2xxx/CVE-2025-2077.json b/2025/2xxx/CVE-2025-2077.json index 12e5a3bf492..c4dbaa9c155 100644 --- a/2025/2xxx/CVE-2025-2077.json +++ b/2025/2xxx/CVE-2025-2077.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2077", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "duogeek", + "product": { + "product_data": [ + { + "product_name": "Simple Amazon Affiliate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecd48e2c-343f-4bae-9d9e-260d003ef87c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecd48e2c-343f-4bae-9d9e-260d003ef87c?source=cve" + }, + { + "url": "https://wordpress.org/plugins/simple-amazon-affiliate/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/simple-amazon-affiliate/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "siyuan shao" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/2xxx/CVE-2025-2078.json b/2025/2xxx/CVE-2025-2078.json index 0149ce18a4b..479382f7d3e 100644 --- a/2025/2xxx/CVE-2025-2078.json +++ b/2025/2xxx/CVE-2025-2078.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2078", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gpenverne", + "product": { + "product_data": [ + { + "product_name": "BlogBuzzTime for WP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/746e47f2-3fe3-439c-bd54-a9bba9c86271?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/746e47f2-3fe3-439c-bd54-a9bba9c86271?source=cve" + }, + { + "url": "https://wordpress.org/plugins/blogbuzztime-for-wp/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/blogbuzztime-for-wp/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "siyuan shao" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/2xxx/CVE-2025-2205.json b/2025/2xxx/CVE-2025-2205.json index c46a550641a..e2192fb8667 100644 --- a/2025/2xxx/CVE-2025-2205.json +++ b/2025/2xxx/CVE-2025-2205.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mooveagency", + "product": { + "product_data": [ + { + "product_name": "GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve" + }, + { + "url": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/" + }, + { + "url": "https://research.cleantalk.org/cve-2025-1622/", + "refsource": "MISC", + "name": "https://research.cleantalk.org/cve-2025-1622/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] }