From a724cedfe699f738423d392b7c70eac35db1c38c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2025 08:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12085.json | 65 +++++++++++++++++++++------ 2024/13xxx/CVE-2024-13521.json | 76 +++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0321.json | 81 ++++++++++++++++++++++++++++++++-- 2025/24xxx/CVE-2025-24912.json | 18 ++++++++ 4 files changed, 219 insertions(+), 21 deletions(-) create mode 100644 2025/24xxx/CVE-2025-24912.json diff --git a/2024/12xxx/CVE-2024-12085.json b/2024/12xxx/CVE-2024-12085.json index dbd30e9538b..7c38fd6e283 100644 --- a/2024/12xxx/CVE-2024-12085.json +++ b/2024/12xxx/CVE-2024-12085.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.1.2-12.el7_9.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -91,6 +112,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.2.3-9.el9_0.3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "version": { @@ -125,19 +167,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat OpenShift Container Platform 4", "version": { @@ -174,6 +203,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:0637" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:0688", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:0688" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:0714", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:0714" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-12085", "refsource": "MISC", diff --git a/2024/13xxx/CVE-2024-13521.json b/2024/13xxx/CVE-2024-13521.json index fe89acda903..cc6981b6bc4 100644 --- a/2024/13xxx/CVE-2024-13521.json +++ b/2024/13xxx/CVE-2024-13521.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the mas_options function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ghera74", + "product": { + "product_data": [ + { + "product_name": "MailUp Auto Subscription", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ee9b2e9-e3fe-43b2-9caf-7246a4201fe9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ee9b2e9-e3fe-43b2-9caf-7246a4201fe9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3060078%40mailup-auto-subscribtion%2Ftags%2F1.1.0&new=3229728%40mailup-auto-subscribtion%2Ftags%2F1.2.0", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3060078%40mailup-auto-subscribtion%2Ftags%2F1.1.0&new=3229728%40mailup-auto-subscribtion%2Ftags%2F1.2.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/0xxx/CVE-2025-0321.json b/2025/0xxx/CVE-2025-0321.json index c916dff9def..74d14601e75 100644 --- a/2025/0xxx/CVE-2025-0321.json +++ b/2025/0xxx/CVE-2025-0321.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0321", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpmet", + "product": { + "product_data": [ + { + "product_name": "ElementsKit Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/204cfe20-9df1-4f6c-a38c-a21b43dde385?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/204cfe20-9df1-4f6c-a38c-a21b43dde385?source=cve" + }, + { + "url": "https://wpmet.com/plugin/elementskit/", + "refsource": "MISC", + "name": "https://wpmet.com/plugin/elementskit/" + }, + { + "url": "https://wpmet.com/plugin/elementskit/roadmaps/", + "refsource": "MISC", + "name": "https://wpmet.com/plugin/elementskit/roadmaps/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/24xxx/CVE-2025-24912.json b/2025/24xxx/CVE-2025-24912.json new file mode 100644 index 00000000000..d7df04847ef --- /dev/null +++ b/2025/24xxx/CVE-2025-24912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file