From ab21e72aa938835c23fb71ff80ea39132871cb75 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Mar 2025 14:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2733.json | 18 +++++++ 2025/30xxx/CVE-2025-30560.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30561.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30562.json | 18 +++++++ 2025/30xxx/CVE-2025-30563.json | 18 +++++++ 2025/30xxx/CVE-2025-30564.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30565.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30566.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30567.json | 18 +++++++ 2025/30xxx/CVE-2025-30568.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30569.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30570.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30571.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30572.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30573.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30574.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30575.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30576.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30577.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30578.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30579.json | 18 +++++++ 2025/30xxx/CVE-2025-30580.json | 18 +++++++ 2025/30xxx/CVE-2025-30581.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30582.json | 18 +++++++ 2025/30xxx/CVE-2025-30583.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30584.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30585.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30586.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30587.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30588.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30589.json | 18 +++++++ 2025/30xxx/CVE-2025-30590.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30591.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30592.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30593.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30594.json | 18 +++++++ 2025/30xxx/CVE-2025-30595.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30596.json | 18 +++++++ 2025/30xxx/CVE-2025-30597.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30598.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30599.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30600.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30601.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30602.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30603.json | 85 ++-------------------------------- 2025/30xxx/CVE-2025-30604.json | 18 +++++++ 2025/30xxx/CVE-2025-30605.json | 18 +++++++ 2025/30xxx/CVE-2025-30606.json | 18 +++++++ 2025/30xxx/CVE-2025-30607.json | 18 +++++++ 2025/30xxx/CVE-2025-30608.json | 18 +++++++ 2025/30xxx/CVE-2025-30609.json | 18 +++++++ 2025/30xxx/CVE-2025-30610.json | 18 +++++++ 2025/30xxx/CVE-2025-30611.json | 18 +++++++ 2025/30xxx/CVE-2025-30612.json | 18 +++++++ 2025/30xxx/CVE-2025-30613.json | 18 +++++++ 2025/30xxx/CVE-2025-30614.json | 18 +++++++ 2025/30xxx/CVE-2025-30615.json | 18 +++++++ 2025/30xxx/CVE-2025-30616.json | 18 +++++++ 2025/30xxx/CVE-2025-30617.json | 18 +++++++ 2025/30xxx/CVE-2025-30618.json | 18 +++++++ 2025/30xxx/CVE-2025-30619.json | 18 +++++++ 2025/30xxx/CVE-2025-30620.json | 18 +++++++ 2025/30xxx/CVE-2025-30621.json | 85 ++++++++++++++++++++++++++++++++-- 2025/30xxx/CVE-2025-30623.json | 85 ++++++++++++++++++++++++++++++++-- 64 files changed, 788 insertions(+), 2843 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2733.json create mode 100644 2025/30xxx/CVE-2025-30562.json create mode 100644 2025/30xxx/CVE-2025-30563.json create mode 100644 2025/30xxx/CVE-2025-30567.json create mode 100644 2025/30xxx/CVE-2025-30579.json create mode 100644 2025/30xxx/CVE-2025-30580.json create mode 100644 2025/30xxx/CVE-2025-30582.json create mode 100644 2025/30xxx/CVE-2025-30589.json create mode 100644 2025/30xxx/CVE-2025-30594.json create mode 100644 2025/30xxx/CVE-2025-30596.json create mode 100644 2025/30xxx/CVE-2025-30604.json create mode 100644 2025/30xxx/CVE-2025-30605.json create mode 100644 2025/30xxx/CVE-2025-30606.json create mode 100644 2025/30xxx/CVE-2025-30607.json create mode 100644 2025/30xxx/CVE-2025-30608.json create mode 100644 2025/30xxx/CVE-2025-30609.json create mode 100644 2025/30xxx/CVE-2025-30610.json create mode 100644 2025/30xxx/CVE-2025-30611.json create mode 100644 2025/30xxx/CVE-2025-30612.json create mode 100644 2025/30xxx/CVE-2025-30613.json create mode 100644 2025/30xxx/CVE-2025-30614.json create mode 100644 2025/30xxx/CVE-2025-30615.json create mode 100644 2025/30xxx/CVE-2025-30616.json create mode 100644 2025/30xxx/CVE-2025-30617.json create mode 100644 2025/30xxx/CVE-2025-30618.json create mode 100644 2025/30xxx/CVE-2025-30619.json create mode 100644 2025/30xxx/CVE-2025-30620.json diff --git a/2025/2xxx/CVE-2025-2733.json b/2025/2xxx/CVE-2025-2733.json new file mode 100644 index 00000000000..13e5fa54610 --- /dev/null +++ b/2025/2xxx/CVE-2025-2733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30560.json b/2025/30xxx/CVE-2025-30560.json index 3c7684dab07..02a101b8e1c 100644 --- a/2025/30xxx/CVE-2025-30560.json +++ b/2025/30xxx/CVE-2025-30560.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30560", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Sana Ullah", - "product": { - "product_data": [ - { - "product_name": "jQuery Dropdown Menu", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/jquery-drop-down-menu-plugin/vulnerability/wordpress-jquery-dropdown-menu-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/jquery-drop-down-menu-plugin/vulnerability/wordpress-jquery-dropdown-menu-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Xuan Chien (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30561.json b/2025/30xxx/CVE-2025-30561.json index abaff2377be..b5c4dd14bf5 100644 --- a/2025/30xxx/CVE-2025-30561.json +++ b/2025/30xxx/CVE-2025-30561.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30561", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Henrique Mouta", - "product": { - "product_data": [ - { - "product_name": "CAS Maestro", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/cas-maestro/vulnerability/wordpress-cas-maestro-plugin-1-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/cas-maestro/vulnerability/wordpress-cas-maestro-plugin-1-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Xuan Chien (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30562.json b/2025/30xxx/CVE-2025-30562.json new file mode 100644 index 00000000000..31206157169 --- /dev/null +++ b/2025/30xxx/CVE-2025-30562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30563.json b/2025/30xxx/CVE-2025-30563.json new file mode 100644 index 00000000000..5ef22928bfa --- /dev/null +++ b/2025/30xxx/CVE-2025-30563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30564.json b/2025/30xxx/CVE-2025-30564.json index c00cbf30529..e438f4b4f79 100644 --- a/2025/30xxx/CVE-2025-30564.json +++ b/2025/30xxx/CVE-2025-30564.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30564", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script Integration allows Stored XSS. This issue affects Custom Script Integration: from n/a through 2.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "wpwox", - "product": { - "product_data": [ - { - "product_name": "Custom Script Integration", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/custom-script-integration/vulnerability/wordpress-custom-script-integration-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/custom-script-integration/vulnerability/wordpress-custom-script-integration-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30565.json b/2025/30xxx/CVE-2025-30565.json index 15131a8d2d0..6cfa5398abd 100644 --- a/2025/30xxx/CVE-2025-30565.json +++ b/2025/30xxx/CVE-2025-30565.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30565", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager allows Stored XSS. This issue affects banner-manager: from n/a through 16.04.19." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "karrikas", - "product": { - "product_data": [ - { - "product_name": "banner-manager", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "16.04.19" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/banner-manager/vulnerability/wordpress-banner-manager-plugin-16-04-19-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/banner-manager/vulnerability/wordpress-banner-manager-plugin-16-04-19-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Xuan Chien (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30566.json b/2025/30xxx/CVE-2025-30566.json index 303321b60fc..0cc16e3b7e0 100644 --- a/2025/30xxx/CVE-2025-30566.json +++ b/2025/30xxx/CVE-2025-30566.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30566", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aryan Themes Clink allows DOM-Based XSS. This issue affects Clink: from n/a through 1.2.2." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Aryan Themes", - "product": { - "product_data": [ - { - "product_name": "Clink", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.2.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/clink/vulnerability/wordpress-clink-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/clink/vulnerability/wordpress-clink-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "muhammad yudha (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30567.json b/2025/30xxx/CVE-2025-30567.json new file mode 100644 index 00000000000..7c0212e8789 --- /dev/null +++ b/2025/30xxx/CVE-2025-30567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30568.json b/2025/30xxx/CVE-2025-30568.json index 7dd396fa4d9..b45c43684d4 100644 --- a/2025/30xxx/CVE-2025-30568.json +++ b/2025/30xxx/CVE-2025-30568.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30568", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "hitoy", - "product": { - "product_data": [ - { - "product_name": "Super Static Cache", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.3.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/super-static-cache/vulnerability/wordpress-super-static-cache-3-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/super-static-cache/vulnerability/wordpress-super-static-cache-3-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30569.json b/2025/30xxx/CVE-2025-30569.json index cd42144d08f..a30326fb8e0 100644 --- a/2025/30xxx/CVE-2025-30569.json +++ b/2025/30xxx/CVE-2025-30569.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30569", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jahertor WP Featured Entries allows SQL Injection. This issue affects WP Featured Entries: from n/a through 1.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jahertor", - "product": { - "product_data": [ - { - "product_name": "WP Featured Entries", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/wp-featured-entries/vulnerability/wordpress-wp-featured-entries-1-0-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/wp-featured-entries/vulnerability/wordpress-wp-featured-entries-1-0-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "timomangcut (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 8.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30570.json b/2025/30xxx/CVE-2025-30570.json index e1a30ca49d9..3ead84c3b59 100644 --- a/2025/30xxx/CVE-2025-30570.json +++ b/2025/30xxx/CVE-2025-30570.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30570", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AliRezaMohammadi \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f allows SQL Injection. This issue affects \u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f: from n/a through 2.0.6." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "AliRezaMohammadi", - "product": { - "product_data": [ - { - "product_name": "\u062f\u06a9\u0645\u0647\u060c \u0634\u0628\u06a9\u0647 \u0627\u062c\u062a\u0645\u0627\u0639\u06cc \u062e\u0631\u06cc\u062f", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.0.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/dokme/vulnerability/wordpress-d-mh-shb-h-gtm-aa-khr-d-2-0-6-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/dokme/vulnerability/wordpress-d-mh-shb-h-gtm-aa-khr-d-2-0-6-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "kuteminh11 - VNPT Cyber Immunity (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.6, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30571.json b/2025/30xxx/CVE-2025-30571.json index 93338779c7d..bde17b29061 100644 --- a/2025/30xxx/CVE-2025-30571.json +++ b/2025/30xxx/CVE-2025-30571.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30571", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in STEdb Corp. STEdb Forms allows SQL Injection. This issue affects STEdb Forms: from n/a through 1.0.4." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "STEdb Corp.", - "product": { - "product_data": [ - { - "product_name": "STEdb Forms", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/stedb-forms/vulnerability/wordpress-stedb-forms-1-0-4-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/stedb-forms/vulnerability/wordpress-stedb-forms-1-0-4-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "kuteminh11 - VNPT Cyber Immunity (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.6, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30572.json b/2025/30xxx/CVE-2025-30572.json index d0abbf8ffd5..38d2491ae8b 100644 --- a/2025/30xxx/CVE-2025-30572.json +++ b/2025/30xxx/CVE-2025-30572.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30572", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Igor Yavych", - "product": { - "product_data": [ - { - "product_name": "Simple Rating", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/simple-rating/vulnerability/wordpress-simple-rating-plugin-1-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/simple-rating/vulnerability/wordpress-simple-rating-plugin-1-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30573.json b/2025/30xxx/CVE-2025-30573.json index f8340403f85..ffebd3743ba 100644 --- a/2025/30xxx/CVE-2025-30573.json +++ b/2025/30xxx/CVE-2025-30573.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30573", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny My Default Post Content allows Stored XSS. This issue affects My Default Post Content: from n/a through 0.7.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "mrdenny", - "product": { - "product_data": [ - { - "product_name": "My Default Post Content", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.7.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/my-default-post-content/vulnerability/wordpress-my-default-post-content-0-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/my-default-post-content/vulnerability/wordpress-my-default-post-content-0-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30574.json b/2025/30xxx/CVE-2025-30574.json index e3d39beff9c..f9250d7621a 100644 --- a/2025/30xxx/CVE-2025-30574.json +++ b/2025/30xxx/CVE-2025-30574.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30574", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jenst Mobile Navigation allows Stored XSS. This issue affects Mobile Navigation: from n/a through 1.5." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenst", - "product": { - "product_data": [ - { - "product_name": "Mobile Navigation", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/mobile-navigation/vulnerability/wordpress-mobile-navigation-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/mobile-navigation/vulnerability/wordpress-mobile-navigation-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30575.json b/2025/30xxx/CVE-2025-30575.json index 223b178f079..7b4c97b043f 100644 --- a/2025/30xxx/CVE-2025-30575.json +++ b/2025/30xxx/CVE-2025-30575.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30575", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Login Redirect allows Stored XSS. This issue affects Login Redirect: from n/a through 1.0.5." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Arefly", - "product": { - "product_data": [ - { - "product_name": "Login Redirect", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/login-redirect/vulnerability/wordpress-login-redirect-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/login-redirect/vulnerability/wordpress-login-redirect-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30576.json b/2025/30xxx/CVE-2025-30576.json index ae34ee0e901..1f2ae2218e0 100644 --- a/2025/30xxx/CVE-2025-30576.json +++ b/2025/30xxx/CVE-2025-30576.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30576", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Image Autosave allows Cross Site Request Forgery. This issue affects Hacklog Remote Image Autosave: from n/a through 2.1.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "HuangYe WuDeng", - "product": { - "product_data": [ - { - "product_name": "Hacklog Remote Image Autosave", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/hacklog-remote-image-autosave/vulnerability/wordpress-hacklog-remote-image-autosave-2-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/hacklog-remote-image-autosave/vulnerability/wordpress-hacklog-remote-image-autosave-2-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30577.json b/2025/30xxx/CVE-2025-30577.json index fe0b668938d..6d8ee19ab43 100644 --- a/2025/30xxx/CVE-2025-30577.json +++ b/2025/30xxx/CVE-2025-30577.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30577", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS. This issue affects Browser Address Bar Color: from n/a through 3.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "mendibass", - "product": { - "product_data": [ - { - "product_name": "Browser Address Bar Color", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/browser-address-bar-color/vulnerability/wordpress-browser-address-bar-color-plugin-3-3-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/browser-address-bar-color/vulnerability/wordpress-browser-address-bar-color-plugin-3-3-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30578.json b/2025/30xxx/CVE-2025-30578.json index 131e97c5789..5eadc730786 100644 --- a/2025/30xxx/CVE-2025-30578.json +++ b/2025/30xxx/CVE-2025-30578.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30578", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS. This issue affects AdSense Privacy Policy: from n/a through 1.1.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "hotvanrod", - "product": { - "product_data": [ - { - "product_name": "AdSense Privacy Policy", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/adsense-privacy-policy/vulnerability/wordpress-adsense-privacy-policy-plugin-1-1-1-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/adsense-privacy-policy/vulnerability/wordpress-adsense-privacy-policy-plugin-1-1-1-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30579.json b/2025/30xxx/CVE-2025-30579.json new file mode 100644 index 00000000000..0699ae8abc2 --- /dev/null +++ b/2025/30xxx/CVE-2025-30579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30580.json b/2025/30xxx/CVE-2025-30580.json new file mode 100644 index 00000000000..109e6dd8860 --- /dev/null +++ b/2025/30xxx/CVE-2025-30580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30581.json b/2025/30xxx/CVE-2025-30581.json index c4f20d85ea8..c553407ebef 100644 --- a/2025/30xxx/CVE-2025-30581.json +++ b/2025/30xxx/CVE-2025-30581.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30581", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in PluginOps Top Bar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Top Bar: from n/a through 3.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PluginOps", - "product": { - "product_data": [ - { - "product_name": "Top Bar", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/ultimate-bar/vulnerability/wordpress-top-bar-3-3-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/ultimate-bar/vulnerability/wordpress-top-bar-3-3-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "0xd4rk5id3 (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30582.json b/2025/30xxx/CVE-2025-30582.json new file mode 100644 index 00000000000..f3139bd26a6 --- /dev/null +++ b/2025/30xxx/CVE-2025-30582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30583.json b/2025/30xxx/CVE-2025-30583.json index 25b2b9dcf7a..de3da01a8ce 100644 --- a/2025/30xxx/CVE-2025-30583.json +++ b/2025/30xxx/CVE-2025-30583.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30583", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker allows Stored XSS. This issue affects Pro Rank Tracker: from n/a through 1.0.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ProRankTracker", - "product": { - "product_data": [ - { - "product_name": "Pro Rank Tracker", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/proranktracker/vulnerability/wordpress-pro-rank-tracker-plugin-1-0-0-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/proranktracker/vulnerability/wordpress-pro-rank-tracker-plugin-1-0-0-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Abdi Pranata (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30584.json b/2025/30xxx/CVE-2025-30584.json index a96ade3a8d8..f2733720a91 100644 --- a/2025/30xxx/CVE-2025-30584.json +++ b/2025/30xxx/CVE-2025-30584.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30584", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through 3.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "alphaomegaplugins", - "product": { - "product_data": [ - { - "product_name": "AlphaOmega Captcha & Anti-Spam Filter", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/alphaomega-captcha-anti-spam/vulnerability/wordpress-alphaomega-captcha-anti-spam-filter-plugin-3-3-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/alphaomega-captcha-anti-spam/vulnerability/wordpress-alphaomega-captcha-anti-spam-filter-plugin-3-3-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30585.json b/2025/30xxx/CVE-2025-30585.json index 3bd3e3c9ede..d25e76b75d3 100644 --- a/2025/30xxx/CVE-2025-30585.json +++ b/2025/30xxx/CVE-2025-30585.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30585", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails allows Cross Site Request Forgery. This issue affects Generate Post Thumbnails: from n/a through 0.8." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "marynixie", - "product": { - "product_data": [ - { - "product_name": "Generate Post Thumbnails", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.8" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/generate-post-thumbnails/vulnerability/wordpress-generate-post-thumbnails-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/generate-post-thumbnails/vulnerability/wordpress-generate-post-thumbnails-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30586.json b/2025/30xxx/CVE-2025-30586.json index b3f3f1529ab..6ed95174432 100644 --- a/2025/30xxx/CVE-2025-30586.json +++ b/2025/30xxx/CVE-2025-30586.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30586", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS. This issue affects cTabs: from n/a through 1.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "bbodine1", - "product": { - "product_data": [ - { - "product_name": "cTabs", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/ctabs/vulnerability/wordpress-ctabs-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/ctabs/vulnerability/wordpress-ctabs-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Abdi Pranata (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30587.json b/2025/30xxx/CVE-2025-30587.json index 34044aefad5..9a7eb4b9c9f 100644 --- a/2025/30xxx/CVE-2025-30587.json +++ b/2025/30xxx/CVE-2025-30587.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30587", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "shawfactor", - "product": { - "product_data": [ - { - "product_name": "LH OGP Meta", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.73" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/lh-ogp-meta-tags/vulnerability/wordpress-lh-ogp-meta-plugin-1-73-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/lh-ogp-meta-tags/vulnerability/wordpress-lh-ogp-meta-plugin-1-73-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Abdi Pranata (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30588.json b/2025/30xxx/CVE-2025-30588.json index 73d0b7da90c..c87ce8e54e2 100644 --- a/2025/30xxx/CVE-2025-30588.json +++ b/2025/30xxx/CVE-2025-30588.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30588", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact allows Stored XSS. This issue affects Map Contact: from n/a through 3.0.4." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ryan_xantoo", - "product": { - "product_data": [ - { - "product_name": "Map Contact", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.0.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/map-contact/vulnerability/wordpress-map-contact-plugin-3-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/map-contact/vulnerability/wordpress-map-contact-plugin-3-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Abdi Pranata (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30589.json b/2025/30xxx/CVE-2025-30589.json new file mode 100644 index 00000000000..2a056bab423 --- /dev/null +++ b/2025/30xxx/CVE-2025-30589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30590.json b/2025/30xxx/CVE-2025-30590.json index 8b304393087..e7fb2ef2fed 100644 --- a/2025/30xxx/CVE-2025-30590.json +++ b/2025/30xxx/CVE-2025-30590.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30590", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows allows SQL Injection. This issue affects Flickr set slideshows: from n/a through 0.9." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dourou", - "product": { - "product_data": [ - { - "product_name": "Flickr set slideshows", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.9" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/flickr-set-slideshows/vulnerability/wordpress-flickr-set-slideshows-0-9-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/flickr-set-slideshows/vulnerability/wordpress-flickr-set-slideshows-0-9-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "timomangcut (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 8.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30591.json b/2025/30xxx/CVE-2025-30591.json index 07a4ee63ff6..5405a594b92 100644 --- a/2025/30xxx/CVE-2025-30591.json +++ b/2025/30xxx/CVE-2025-30591.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30591", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "tuyennv", - "product": { - "product_data": [ - { - "product_name": "Music Press Pro", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.4.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/music-press-pro/vulnerability/wordpress-music-press-pro-1-4-6-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/music-press-pro/vulnerability/wordpress-music-press-pro-1-4-6-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "0xd4rk5id3 (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30592.json b/2025/30xxx/CVE-2025-30592.json index 901a00f6356..1bdf786ae1c 100644 --- a/2025/30xxx/CVE-2025-30592.json +++ b/2025/30xxx/CVE-2025-30592.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30592", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "westerndeal", - "product": { - "product_data": [ - { - "product_name": "Advanced Dewplayer", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/advanced-dewplayer/vulnerability/wordpress-advanced-dewplayer-1-6-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/advanced-dewplayer/vulnerability/wordpress-advanced-dewplayer-1-6-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "0xd4rk5id3 (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30593.json b/2025/30xxx/CVE-2025-30593.json index d3f11c17225..1521f002c94 100644 --- a/2025/30xxx/CVE-2025-30593.json +++ b/2025/30xxx/CVE-2025-30593.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30593", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk Include URL allows Stored XSS. This issue affects Include URL: from n/a through 0.3.5." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "samsk", - "product": { - "product_data": [ - { - "product_name": "Include URL", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.3.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/include-url/vulnerability/wordpress-include-url-0-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/include-url/vulnerability/wordpress-include-url-0-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "timomangcut (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30594.json b/2025/30xxx/CVE-2025-30594.json new file mode 100644 index 00000000000..2c5625d9382 --- /dev/null +++ b/2025/30xxx/CVE-2025-30594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30595.json b/2025/30xxx/CVE-2025-30595.json index d7067c49d02..90c25fdc951 100644 --- a/2025/30xxx/CVE-2025-30595.json +++ b/2025/30xxx/CVE-2025-30595.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30595", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file allows Stored XSS. This issue affects include-file: from n/a through 1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "tstafford", - "product": { - "product_data": [ - { - "product_name": "include-file", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/include-file/vulnerability/wordpress-include-file-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/include-file/vulnerability/wordpress-include-file-1-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "timomangcut (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30596.json b/2025/30xxx/CVE-2025-30596.json new file mode 100644 index 00000000000..b5eadfbe88b --- /dev/null +++ b/2025/30xxx/CVE-2025-30596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30597.json b/2025/30xxx/CVE-2025-30597.json index e9c0cfbe96e..c2287f54ac8 100644 --- a/2025/30xxx/CVE-2025-30597.json +++ b/2025/30xxx/CVE-2025-30597.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30597", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iografica IG Shortcodes allows DOM-Based XSS. This issue affects IG Shortcodes: from n/a through 3.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "iografica", - "product": { - "product_data": [ - { - "product_name": "IG Shortcodes", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/ig-shortcodes/vulnerability/wordpress-ig-shortcodes-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/ig-shortcodes/vulnerability/wordpress-ig-shortcodes-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "timomangcut (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30598.json b/2025/30xxx/CVE-2025-30598.json index bd7d8b1a716..63f779cb253 100644 --- a/2025/30xxx/CVE-2025-30598.json +++ b/2025/30xxx/CVE-2025-30598.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30598", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload allows Cross Site Request Forgery. This issue affects OSS Upload: from n/a through 4.8.9." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Link", - "product": { - "product_data": [ - { - "product_name": "OSS Upload", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "4.8.9" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/oss-upload/vulnerability/wordpress-oss-upload-4-8-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/oss-upload/vulnerability/wordpress-oss-upload-4-8-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30599.json b/2025/30xxx/CVE-2025-30599.json index a58fa9f8a41..b7cb093007c 100644 --- a/2025/30xxx/CVE-2025-30599.json +++ b/2025/30xxx/CVE-2025-30599.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30599", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp-maverick WP Parallax Content Slider allows Stored XSS. This issue affects WP Parallax Content Slider: from n/a through 0.9.8." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "wp-maverick", - "product": { - "product_data": [ - { - "product_name": "WP Parallax Content Slider", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.9.8" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/wp-parallax-content-slider/vulnerability/wordpress-wp-parallax-content-slider-plugin-0-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/wp-parallax-content-slider/vulnerability/wordpress-wp-parallax-content-slider-plugin-0-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30600.json b/2025/30xxx/CVE-2025-30600.json index 39a3b1f5aaa..f8245241f01 100644 --- a/2025/30xxx/CVE-2025-30600.json +++ b/2025/30xxx/CVE-2025-30600.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30600", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar allows Stored XSS. This issue affects WP Hotjar: from n/a through 0.0.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "thiagogsrwp", - "product": { - "product_data": [ - { - "product_name": "WP Hotjar", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.0.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/wp-hotjar/vulnerability/wordpress-wp-hotjar-plugin-0-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/wp-hotjar/vulnerability/wordpress-wp-hotjar-plugin-0-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 5.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30601.json b/2025/30xxx/CVE-2025-30601.json index 7b82ec83662..d4b7a703764 100644 --- a/2025/30xxx/CVE-2025-30601.json +++ b/2025/30xxx/CVE-2025-30601.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30601", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "flipdish", - "product": { - "product_data": [ - { - "product_name": "Flipdish Ordering System", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.4.16" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/flipdish-ordering-system/vulnerability/wordpress-flipdish-ordering-system-plugin-1-4-16-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/flipdish-ordering-system/vulnerability/wordpress-flipdish-ordering-system-plugin-1-4-16-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30602.json b/2025/30xxx/CVE-2025-30602.json index e647d6e2191..d3f94ac8b73 100644 --- a/2025/30xxx/CVE-2025-30602.json +++ b/2025/30xxx/CVE-2025-30602.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30602", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories allows Stored XSS. This issue affects Related Posts via Categories: from n/a through 2.1.2." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "alphasis", - "product": { - "product_data": [ - { - "product_name": "Related Posts via Categories", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.1.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/related-posts-via-categories/vulnerability/wordpress-related-posts-via-categories-plugin-2-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/related-posts-via-categories/vulnerability/wordpress-related-posts-via-categories-plugin-2-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30603.json b/2025/30xxx/CVE-2025-30603.json index d6024a5cde7..ddaffce3cb8 100644 --- a/2025/30xxx/CVE-2025-30603.json +++ b/2025/30xxx/CVE-2025-30603.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30603", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "DEJAN", - "product": { - "product_data": [ - { - "product_name": "CopyLink", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/wordpress/plugin/copy-link/vulnerability/wordpress-copylink-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/wordpress/plugin/copy-link/vulnerability/wordpress-copylink-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Nabil Irawan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/30xxx/CVE-2025-30604.json b/2025/30xxx/CVE-2025-30604.json new file mode 100644 index 00000000000..9d73861b536 --- /dev/null +++ b/2025/30xxx/CVE-2025-30604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30605.json b/2025/30xxx/CVE-2025-30605.json new file mode 100644 index 00000000000..b86d55a1e5f --- /dev/null +++ b/2025/30xxx/CVE-2025-30605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30606.json b/2025/30xxx/CVE-2025-30606.json new file mode 100644 index 00000000000..a68f199f388 --- /dev/null +++ b/2025/30xxx/CVE-2025-30606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30607.json b/2025/30xxx/CVE-2025-30607.json new file mode 100644 index 00000000000..c99b8c7941f --- /dev/null +++ b/2025/30xxx/CVE-2025-30607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30608.json b/2025/30xxx/CVE-2025-30608.json new file mode 100644 index 00000000000..cbdb9a9eaff --- /dev/null +++ b/2025/30xxx/CVE-2025-30608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30609.json b/2025/30xxx/CVE-2025-30609.json new file mode 100644 index 00000000000..4e22360b6d2 --- /dev/null +++ b/2025/30xxx/CVE-2025-30609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30610.json b/2025/30xxx/CVE-2025-30610.json new file mode 100644 index 00000000000..33e2af2ffd3 --- /dev/null +++ b/2025/30xxx/CVE-2025-30610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30611.json b/2025/30xxx/CVE-2025-30611.json new file mode 100644 index 00000000000..a42a515264c --- /dev/null +++ b/2025/30xxx/CVE-2025-30611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30612.json b/2025/30xxx/CVE-2025-30612.json new file mode 100644 index 00000000000..2067f62a80a --- /dev/null +++ b/2025/30xxx/CVE-2025-30612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30613.json b/2025/30xxx/CVE-2025-30613.json new file mode 100644 index 00000000000..5309c5bea26 --- /dev/null +++ b/2025/30xxx/CVE-2025-30613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30614.json b/2025/30xxx/CVE-2025-30614.json new file mode 100644 index 00000000000..12f31540754 --- /dev/null +++ b/2025/30xxx/CVE-2025-30614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30615.json b/2025/30xxx/CVE-2025-30615.json new file mode 100644 index 00000000000..f1e61048b30 --- /dev/null +++ b/2025/30xxx/CVE-2025-30615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30616.json b/2025/30xxx/CVE-2025-30616.json new file mode 100644 index 00000000000..02bfad7abaf --- /dev/null +++ b/2025/30xxx/CVE-2025-30616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30617.json b/2025/30xxx/CVE-2025-30617.json new file mode 100644 index 00000000000..cb044563879 --- /dev/null +++ b/2025/30xxx/CVE-2025-30617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30618.json b/2025/30xxx/CVE-2025-30618.json new file mode 100644 index 00000000000..429b19026bd --- /dev/null +++ b/2025/30xxx/CVE-2025-30618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30619.json b/2025/30xxx/CVE-2025-30619.json new file mode 100644 index 00000000000..87e57409695 --- /dev/null +++ b/2025/30xxx/CVE-2025-30619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30620.json b/2025/30xxx/CVE-2025-30620.json new file mode 100644 index 00000000000..474b20d077e --- /dev/null +++ b/2025/30xxx/CVE-2025-30620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30621.json b/2025/30xxx/CVE-2025-30621.json index 0972a9f4473..ed730daf2b9 100644 --- a/2025/30xxx/CVE-2025-30621.json +++ b/2025/30xxx/CVE-2025-30621.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kornelly", + "product": { + "product_data": [ + { + "product_name": "Translator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/translator/vulnerability/wordpress-translator-plugin-0-3-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/translator/vulnerability/wordpress-translator-plugin-0-3-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30623.json b/2025/30xxx/CVE-2025-30623.json index d3d4b8825db..25f6420f744 100644 --- a/2025/30xxx/CVE-2025-30623.json +++ b/2025/30xxx/CVE-2025-30623.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y \u2013 The Web Accessibility Toolbox allows Stored XSS. This issue affects wA11y \u2013 The Web Accessibility Toolbox: from n/a through 1.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rachel Cherry", + "product": { + "product_data": [ + { + "product_name": "wA11y \u2013 The Web Accessibility Toolbox", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wa11y/vulnerability/wordpress-wa11y-the-web-accessibility-toolbox-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wa11y/vulnerability/wordpress-wa11y-the-web-accessibility-toolbox-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nabil Irawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] }