From a99aa1fb2e5704d3608f0c0991b8171d67649fea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 19 Apr 2025 03:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2010.json | 76 ++++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3278.json | 76 ++++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3284.json | 76 ++++++++++++++++++++++++++++++++-- 2025/43xxx/CVE-2025-43893.json | 8 ++-- 2025/43xxx/CVE-2025-43894.json | 8 ++-- 2025/43xxx/CVE-2025-43895.json | 8 ++-- 2025/43xxx/CVE-2025-43896.json | 8 ++-- 2025/43xxx/CVE-2025-43897.json | 8 ++-- 2025/43xxx/CVE-2025-43898.json | 8 ++-- 2025/43xxx/CVE-2025-43899.json | 8 ++-- 2025/43xxx/CVE-2025-43900.json | 8 ++-- 2025/43xxx/CVE-2025-43901.json | 8 ++-- 2025/43xxx/CVE-2025-43904.json | 18 ++++++++ 13 files changed, 270 insertions(+), 48 deletions(-) create mode 100644 2025/43xxx/CVE-2025-43904.json diff --git a/2025/2xxx/CVE-2025-2010.json b/2025/2xxx/CVE-2025-2010.json index 6475f134201..e09ca568c99 100644 --- a/2025/2xxx/CVE-2025-2010.json +++ b/2025/2xxx/CVE-2025-2010.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mhmrajib", + "product": { + "product_data": [ + { + "product_name": "JobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.3.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3b658f0-b9d8-4b7f-8d40-39ce185ef797?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3b658f0-b9d8-4b7f-8d40-39ce185ef797?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3271612/jobwp/tags/2.4.0/core/job_application.php?old=3230672&old_path=jobwp%2Ftags%2F2.3.9%2Fcore%2Fjob_application.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3271612/jobwp/tags/2.4.0/core/job_application.php?old=3230672&old_path=jobwp%2Ftags%2F2.3.9%2Fcore%2Fjob_application.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Matthew Rollings" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2025/3xxx/CVE-2025-3278.json b/2025/3xxx/CVE-2025-3278.json index 3aef0b42b98..6a4d859d56f 100644 --- a/2025/3xxx/CVE-2025-3278.json +++ b/2025/3xxx/CVE-2025-3278.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Edge-Themes", + "product": { + "product_data": [ + { + "product_name": "UrbanGo Membership", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve" + }, + { + "url": "https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624", + "refsource": "MISC", + "name": "https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Alyudin Nafiie" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2025/3xxx/CVE-2025-3284.json b/2025/3xxx/CVE-2025-3284.json index f03111a0d21..6bad0a53bc3 100644 --- a/2025/3xxx/CVE-2025-3284.json +++ b/2025/3xxx/CVE-2025-3284.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPEverest", + "product": { + "product_data": [ + { + "product_name": "User Registration PRO \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4616b609-e8dc-4004-a5b7-2de3e83719be?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4616b609-e8dc-4004-a5b7-2de3e83719be?source=cve" + }, + { + "url": "https://wpuserregistration.com/changelog/", + "refsource": "MISC", + "name": "https://wpuserregistration.com/changelog/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/43xxx/CVE-2025-43893.json b/2025/43xxx/CVE-2025-43893.json index daae42675fd..573c7b722c7 100644 --- a/2025/43xxx/CVE-2025-43893.json +++ b/2025/43xxx/CVE-2025-43893.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43894.json b/2025/43xxx/CVE-2025-43894.json index 673c370f049..404fd581e5e 100644 --- a/2025/43xxx/CVE-2025-43894.json +++ b/2025/43xxx/CVE-2025-43894.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43895.json b/2025/43xxx/CVE-2025-43895.json index f3c0d8172a9..6e2ec26f52a 100644 --- a/2025/43xxx/CVE-2025-43895.json +++ b/2025/43xxx/CVE-2025-43895.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43896.json b/2025/43xxx/CVE-2025-43896.json index 63d3c6b710e..8ddd8542c38 100644 --- a/2025/43xxx/CVE-2025-43896.json +++ b/2025/43xxx/CVE-2025-43896.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43897.json b/2025/43xxx/CVE-2025-43897.json index ba31b691ac0..0ab3a1099f5 100644 --- a/2025/43xxx/CVE-2025-43897.json +++ b/2025/43xxx/CVE-2025-43897.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43898.json b/2025/43xxx/CVE-2025-43898.json index 23c85c9537c..4f14f21cec9 100644 --- a/2025/43xxx/CVE-2025-43898.json +++ b/2025/43xxx/CVE-2025-43898.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43899.json b/2025/43xxx/CVE-2025-43899.json index 696a1a6081c..cd4c2bf3982 100644 --- a/2025/43xxx/CVE-2025-43899.json +++ b/2025/43xxx/CVE-2025-43899.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43900.json b/2025/43xxx/CVE-2025-43900.json index 4ceabb41a3e..44ba745df16 100644 --- a/2025/43xxx/CVE-2025-43900.json +++ b/2025/43xxx/CVE-2025-43900.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43901.json b/2025/43xxx/CVE-2025-43901.json index 488d267017c..12b0882ecd6 100644 --- a/2025/43xxx/CVE-2025-43901.json +++ b/2025/43xxx/CVE-2025-43901.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Not used" } ] } diff --git a/2025/43xxx/CVE-2025-43904.json b/2025/43xxx/CVE-2025-43904.json new file mode 100644 index 00000000000..817f832c1a6 --- /dev/null +++ b/2025/43xxx/CVE-2025-43904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-43904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file