From d7a44a48d8aca5e2349f3b588f71f6637b5c73e5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Mar 2025 07:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13410.json | 93 ++++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13412.json | 76 +++++++++++++++++++++++++-- 2025/30xxx/CVE-2025-30235.json | 67 ++++++++++++++++++++++++ 2025/30xxx/CVE-2025-30236.json | 67 ++++++++++++++++++++++++ 4 files changed, 295 insertions(+), 8 deletions(-) create mode 100644 2025/30xxx/CVE-2025-30235.json create mode 100644 2025/30xxx/CVE-2025-30236.json diff --git a/2024/13xxx/CVE-2024-13410.json b/2024/13xxx/CVE-2024-13410.json index d16491532de..098fc10c2aa 100644 --- a/2024/13xxx/CVE-2024-13410.json +++ b/2024/13xxx/CVE-2024-13410.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LoftOcean", + "product": { + "product_data": [ + { + "product_name": "CozyStay - Hotel Booking WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.7.0" + } + ] + } + }, + { + "product_name": "TinySalt - Personal Food Blog WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve" + }, + { + "url": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog", + "refsource": "MISC", + "name": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog" + }, + { + "url": "https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog", + "refsource": "MISC", + "name": "https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/13xxx/CVE-2024-13412.json b/2024/13xxx/CVE-2024-13412.json index 2972cc086f8..ee1ecb22b0b 100644 --- a/2024/13xxx/CVE-2024-13412.json +++ b/2024/13xxx/CVE-2024-13412.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LoftOcean", + "product": { + "product_data": [ + { + "product_name": "CozyStay - Hotel Booking WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve" + }, + { + "url": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog", + "refsource": "MISC", + "name": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2025/30xxx/CVE-2025-30235.json b/2025/30xxx/CVE-2025-30235.json new file mode 100644 index 00000000000..07fd51338dd --- /dev/null +++ b/2025/30xxx/CVE-2025-30235.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-30235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://reserge.org/probabilistically-breaking-securenvoy-totp/", + "refsource": "MISC", + "name": "https://reserge.org/probabilistically-breaking-securenvoy-totp/" + }, + { + "url": "https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf", + "refsource": "MISC", + "name": "https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30236.json b/2025/30xxx/CVE-2025-30236.json new file mode 100644 index 00000000000..edcfbf214ac --- /dev/null +++ b/2025/30xxx/CVE-2025-30236.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-30236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://reserge.org/probabilistically-breaking-securenvoy-totp/", + "refsource": "MISC", + "name": "https://reserge.org/probabilistically-breaking-securenvoy-totp/" + }, + { + "url": "https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf", + "refsource": "MISC", + "name": "https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf" + } + ] + } +} \ No newline at end of file