From 68a988c6fbb1bf07958ac5e341310e34abfb399d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 May 2025 06:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13381.json | 72 +++++++++++++++++++-- 2025/3xxx/CVE-2025-3502.json | 72 +++++++++++++++++++-- 2025/3xxx/CVE-2025-3503.json | 72 +++++++++++++++++++-- 2025/3xxx/CVE-2025-3504.json | 72 +++++++++++++++++++-- 2025/47xxx/CVE-2025-47137.json | 18 ++++++ 2025/47xxx/CVE-2025-47138.json | 18 ++++++ 2025/47xxx/CVE-2025-47139.json | 18 ++++++ 2025/47xxx/CVE-2025-47140.json | 18 ++++++ 2025/47xxx/CVE-2025-47141.json | 18 ++++++ 2025/47xxx/CVE-2025-47142.json | 18 ++++++ 2025/47xxx/CVE-2025-47143.json | 18 ++++++ 2025/47xxx/CVE-2025-47144.json | 18 ++++++ 2025/47xxx/CVE-2025-47145.json | 18 ++++++ 2025/47xxx/CVE-2025-47146.json | 18 ++++++ 2025/4xxx/CVE-2025-4151.json | 114 +++++++++++++++++++++++++++++++-- 15 files changed, 558 insertions(+), 24 deletions(-) create mode 100644 2025/47xxx/CVE-2025-47137.json create mode 100644 2025/47xxx/CVE-2025-47138.json create mode 100644 2025/47xxx/CVE-2025-47139.json create mode 100644 2025/47xxx/CVE-2025-47140.json create mode 100644 2025/47xxx/CVE-2025-47141.json create mode 100644 2025/47xxx/CVE-2025-47142.json create mode 100644 2025/47xxx/CVE-2025-47143.json create mode 100644 2025/47xxx/CVE-2025-47144.json create mode 100644 2025/47xxx/CVE-2025-47145.json create mode 100644 2025/47xxx/CVE-2025-47146.json diff --git a/2024/13xxx/CVE-2024-13381.json b/2024/13xxx/CVE-2024-13381.json index 974b279516b..877e84fac0a 100644 --- a/2024/13xxx/CVE-2024-13381.json +++ b/2024/13xxx/CVE-2024-13381.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Calculated Fields Form", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.2.62" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/da099e52-7f7b-4d76-a0bc-a46315510e0a/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/da099e52-7f7b-4d76-a0bc-a46315510e0a/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3502.json b/2025/3xxx/CVE-2025-3502.json index 9e6c7d051c6..967b9ef24f9 100644 --- a/2025/3xxx/CVE-2025-3502.json +++ b/2025/3xxx/CVE-2025-3502.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Maps", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/dd436064-e611-4a4b-a873-67ed6029c46f/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/dd436064-e611-4a4b-a873-67ed6029c46f/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3503.json b/2025/3xxx/CVE-2025-3503.json index f900f7c09ac..df51e444b00 100644 --- a/2025/3xxx/CVE-2025-3503.json +++ b/2025/3xxx/CVE-2025-3503.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Maps", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/83ddd432-309f-4ff5-974c-fdc9c67d1051/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/83ddd432-309f-4ff5-974c-fdc9c67d1051/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3504.json b/2025/3xxx/CVE-2025-3504.json index 19bb1beee81..37834526e8e 100644 --- a/2025/3xxx/CVE-2025-3504.json +++ b/2025/3xxx/CVE-2025-3504.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Maps", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/252484a6-96f0-43f3-a7dc-d20cc89ba119/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/252484a6-96f0-43f3-a7dc-d20cc89ba119/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47137.json b/2025/47xxx/CVE-2025-47137.json new file mode 100644 index 00000000000..69baffcb8b4 --- /dev/null +++ b/2025/47xxx/CVE-2025-47137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47138.json b/2025/47xxx/CVE-2025-47138.json new file mode 100644 index 00000000000..a2706f71bc4 --- /dev/null +++ b/2025/47xxx/CVE-2025-47138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47139.json b/2025/47xxx/CVE-2025-47139.json new file mode 100644 index 00000000000..02e3427974f --- /dev/null +++ b/2025/47xxx/CVE-2025-47139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47140.json b/2025/47xxx/CVE-2025-47140.json new file mode 100644 index 00000000000..b29d85cad7a --- /dev/null +++ b/2025/47xxx/CVE-2025-47140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47141.json b/2025/47xxx/CVE-2025-47141.json new file mode 100644 index 00000000000..cbd5f903381 --- /dev/null +++ b/2025/47xxx/CVE-2025-47141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47142.json b/2025/47xxx/CVE-2025-47142.json new file mode 100644 index 00000000000..c1cebfdb5ad --- /dev/null +++ b/2025/47xxx/CVE-2025-47142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47143.json b/2025/47xxx/CVE-2025-47143.json new file mode 100644 index 00000000000..5916007aeff --- /dev/null +++ b/2025/47xxx/CVE-2025-47143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47144.json b/2025/47xxx/CVE-2025-47144.json new file mode 100644 index 00000000000..dc128c6f983 --- /dev/null +++ b/2025/47xxx/CVE-2025-47144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47145.json b/2025/47xxx/CVE-2025-47145.json new file mode 100644 index 00000000000..7543d4ba467 --- /dev/null +++ b/2025/47xxx/CVE-2025-47145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/47xxx/CVE-2025-47146.json b/2025/47xxx/CVE-2025-47146.json new file mode 100644 index 00000000000..0310267cc2f --- /dev/null +++ b/2025/47xxx/CVE-2025-47146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-47146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4151.json b/2025/4xxx/CVE-2025-4151.json index 90c07ebbddd..0b50dc3d898 100644 --- a/2025/4xxx/CVE-2025-4151.json +++ b/2025/4xxx/CVE-2025-4151.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in PHPGurukul Curfew e-Pass Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/pass-bwdates-reports-details.php. Durch die Manipulation des Arguments fromdate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Curfew e-Pass Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306683", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306683" + }, + { + "url": "https://vuldb.com/?ctiid.306683", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306683" + }, + { + "url": "https://vuldb.com/?submit.560806", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.560806" + }, + { + "url": "https://github.com/faithhard/cve/issues/1", + "refsource": "MISC", + "name": "https://github.com/faithhard/cve/issues/1" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "faith181s (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] }