diff --git a/CVE-2025/CVE-2025-08xx/CVE-2025-0822.json b/CVE-2025/CVE-2025-08xx/CVE-2025-0822.json new file mode 100644 index 00000000000..4469486ab85 --- /dev/null +++ b/CVE-2025/CVE-2025-08xx/CVE-2025-0822.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-0822", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-15T13:15:28.847", + "lastModified": "2025-02-15T13:15:28.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bit-assist/tags/1.5.2/backend/app/HTTP/Controllers/DownloadController.php#L65", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3239816/#file3", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/bit-assist/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9b0eba-5d2b-427c-a199-88bf96c26f5e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e90a673435b..5ae1bda9656 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-15T13:00:19.830231+00:00 +2025-02-15T15:00:19.737645+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-15T12:15:30.610000+00:00 +2025-02-15T13:15:28.847000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281469 +281470 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `1` -- [CVE-2024-10581](CVE-2024/CVE-2024-105xx/CVE-2024-10581.json) (`2025-02-15T12:15:28.900`) -- [CVE-2024-13439](CVE-2024/CVE-2024-134xx/CVE-2024-13439.json) (`2025-02-15T12:15:30.300`) -- [CVE-2024-13488](CVE-2024/CVE-2024-134xx/CVE-2024-13488.json) (`2025-02-15T12:15:30.457`) -- [CVE-2024-13500](CVE-2024/CVE-2024-135xx/CVE-2024-13500.json) (`2025-02-15T12:15:30.610`) +- [CVE-2025-0822](CVE-2025/CVE-2025-08xx/CVE-2025-0822.json) (`2025-02-15T13:15:28.847`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index bd247b11bd7..f025beb5975 100644 --- a/_state.csv +++ b/_state.csv @@ -243979,7 +243979,7 @@ CVE-2024-10578,0,0,66b31bc67aa640c7022b6e2ee0c03a146109396c96bb5c10ab825d27d5228 CVE-2024-10579,0,0,0ae238994e7d51b528cae9d23ed2fa2f0db4469de9914be8d05ed1f76a7dac58,2024-11-26T11:21:58.330000 CVE-2024-1058,0,0,a4bfa26fce255a08c4a0bcd9ca820b184d439ad79e86816be9e12748d1d66b41,2025-01-19T02:44:46.970000 CVE-2024-10580,0,0,7cbec3926b1e0a5918766b8a0adb238fb5e9aded2f47a47f3fe18631e2f40ea4,2024-11-27T07:15:07.920000 -CVE-2024-10581,1,1,6b8ded2f1039861738643b6432a9c6272cb84b4b27b58e7985bc8b41a469309e,2025-02-15T12:15:28.900000 +CVE-2024-10581,0,0,6b8ded2f1039861738643b6432a9c6272cb84b4b27b58e7985bc8b41a469309e,2025-02-15T12:15:28.900000 CVE-2024-10582,0,0,081ced1e3bee3a0a102c94bdff81bc48301372e830a54bd85e35429dcce93b3b,2024-11-19T21:17:53.003000 CVE-2024-10583,0,0,2dd8fa86d783214098b78ecf15207bb297f91c4a4766bbf054ba7ce346e63980,2024-12-12T07:15:05.570000 CVE-2024-10584,0,0,884bde099e6baaab8d72bf2690b23c625dcbcb424035217f134401aa3c174ba2,2024-12-24T11:15:05.670000 @@ -246523,7 +246523,7 @@ CVE-2024-13433,0,0,2a9d89514e9ca62330f67417cbd4f0a14554f70d781af736185219d7398dc CVE-2024-13434,0,0,292fbae0324c9bc0e0a4304860c64d8e4dabea0f0444b12419bd12eebd083320,2025-01-17T05:15:09.290000 CVE-2024-13435,0,0,6836fa547d4932c702deb0657bdaa23c9b9d93c4dd8c924aedac3276df2cc3ed,2025-02-12T15:15:13.093000 CVE-2024-13437,0,0,503d6adff5da567fee536ffb324a5ccc786c3d759f53a9923743108aaa32218f,2025-02-12T10:15:10.920000 -CVE-2024-13439,1,1,9977a2cc02f20b148bdbeb2cb70da6b957cfc1fa7b049bde9614c22678a6305a,2025-02-15T12:15:30.300000 +CVE-2024-13439,0,0,9977a2cc02f20b148bdbeb2cb70da6b957cfc1fa7b049bde9614c22678a6305a,2025-02-15T12:15:30.300000 CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000 CVE-2024-13440,0,0,5766e7a438a8e4269354aacca2cf4360d814b2b0ba936161bc318042a1e4abc8,2025-02-13T17:17:19.413000 CVE-2024-13441,0,0,c4feb7fa45e58abcf7c01d5df380ea3f267be46791773adc8606a649a8a16fa9,2025-02-04T19:37:08.100000 @@ -246554,7 +246554,7 @@ CVE-2024-1348,0,0,1859f4ea1d00e7386fbff1ae86e38e3076d8135556fc20b2256d2f026d7287 CVE-2024-13480,0,0,d49c8370e7e39b031003ed9c57a49bfdefc2c8a040e71164a34ff996e4336b26,2025-02-12T12:15:28.840000 CVE-2024-13484,0,0,4fd55912c77d8dadbebe472ff2c71e4e3fb03970b04450aedc08c21b110060a9,2025-02-12T17:15:23.177000 CVE-2024-13487,0,0,e42f90a861119fddb567fba0eb7966e50fcc402fe16882839f676096df9b809f,2025-02-06T15:15:12.660000 -CVE-2024-13488,1,1,4b8066bce6198329d93f932502dadbbf2e639dfefb1f2df4c60df4f085c6e1e4,2025-02-15T12:15:30.457000 +CVE-2024-13488,0,0,4b8066bce6198329d93f932502dadbbf2e639dfefb1f2df4c60df4f085c6e1e4,2025-02-15T12:15:30.457000 CVE-2024-1349,0,0,8b85fafe827f099aa626e71779ca220a8bf1ec034e9ea4e44b28a687cd219e20,2024-12-31T17:15:36.763000 CVE-2024-13490,0,0,61b1110e3ea573589f69702404cb2c4dc6b4f345244280cfa5a3ba73763f2bda,2025-02-12T10:15:11.973000 CVE-2024-13492,0,0,b366a1d0934eccf698617fb1fc1f766d6bf66d42fc2eb6cd7208ba290ff487ca,2025-02-07T16:15:36.123000 @@ -246563,7 +246563,7 @@ CVE-2024-13495,0,0,7a8bc062291cac2ab3dfb8a0fb7feeecd31abf131df44b7d6a18b1140227b CVE-2024-13496,0,0,192a8533534e044b339576d96e9cea7e19a2bbd248a7b183889cec35656a4f79,2025-01-24T20:45:57.463000 CVE-2024-13499,0,0,6d635dc5b8c51f2804fa43df8b3beb018f4524a3b4ba54f25865b62cf92ed7dc,2025-01-24T20:37:12.533000 CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a81697f,2024-11-21T08:50:23.313000 -CVE-2024-13500,1,1,0c429174cca57ae83685b1f496a3cf42bd0c51ad39e20a565f4f68cce4f1c5cf,2025-02-15T12:15:30.610000 +CVE-2024-13500,0,0,0c429174cca57ae83685b1f496a3cf42bd0c51ad39e20a565f4f68cce4f1c5cf,2025-02-15T12:15:30.610000 CVE-2024-13502,0,0,b6bd5e7a8ccd125fd10c3c602ef666035a1824dda1c710321e34fb9d3259b3fe,2025-01-17T14:15:31.147000 CVE-2024-13503,0,0,ffb0135326ea2a3ea18800ce3bd83bc523a9e303f03b2acc60a1815003b2400e,2025-01-17T14:15:31.317000 CVE-2024-13504,0,0,65d5eda0db4362f31390d7f75ebf33f34fcbb67dce33bcab3e8868827236c840,2025-01-31T06:15:29.603000 @@ -279047,6 +279047,7 @@ CVE-2025-0814,0,0,bfe2f7915210b62a55466da59b48e0bda396f9dfcd76c355bd6412d0b71073 CVE-2025-0815,0,0,056c1ef757b2472b9fcd0969895cef9bf85847763cf4a093e3c2d6a037ca855e,2025-02-13T07:15:11.160000 CVE-2025-0816,0,0,533bc9602517837c7cfc50eaffd15d88f401c009bd48fd94c44340c6f53905a3,2025-02-13T07:15:11.353000 CVE-2025-0821,0,0,eef623ecbc4f931b67c977737dbf8b956ec963ba6d7dfab149142eb36bc3e525,2025-02-14T11:15:10.230000 +CVE-2025-0822,1,1,19eb63234ef431f63c50ebd89131653cdb608481cafa3dc46ad8d59b634f7d92,2025-02-15T13:15:28.847000 CVE-2025-0825,0,0,7f81ca19fb96d77c0731181ff23092e49d4e8a157f0a8fa4a0ca13f53bda7923,2025-02-04T15:15:19.420000 CVE-2025-0834,0,0,239a6f08c2db88ce57ab64c699932d200eff33712703b8a8f00d02b01207348f,2025-01-30T09:15:09.703000 CVE-2025-0837,0,0,2dd7973af6fce81a46dfa76902f2b5db7d3debf86d7a4a86f2d7e2515d71ea0b,2025-02-13T05:15:14.623000