Auto-Update: 2025-04-12T10:00:20.489376+00:00

CVE-2025/CVE-2025-14xx/CVE-2025-1455.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-1455",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-04-12T09:15:14.660",
+  "lastModified": "2025-04-12T09:15:14.660",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/woo-grid/widgets/wpr-woo-grid.php#L9280",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3262790/royal-elementor-addons/tags/1.7.1013/modules/woo-grid/widgets/wpr-woo-grid.php?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5666e2b7-acb3-4abb-ac2a-1575206435cf?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-14xx/CVE-2025-1456.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-1456",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-04-12T09:15:16.600",
+  "lastModified": "2025-04-12T09:15:16.600",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/assets/js/frontend.min.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3262790/royal-elementor-addons/tags/1.7.1013/assets/js/frontend.js?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fassets%2Fjs%2Ffrontend.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68c6e428-b9cf-442f-a896-a8ceb4b9be0e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-04-12T08:00:20.428469+00:00
+2025-04-12T10:00:20.489376+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-04-12T07:15:27.277000+00:00
+2025-04-12T09:15:16.600000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,19 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-289716
+289718
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `2`
 
-- [CVE-2024-13337](CVE-2024/CVE-2024-133xx/CVE-2024-13337.json) (`2025-04-12T07:15:26.307`)
-- [CVE-2024-13338](CVE-2024/CVE-2024-133xx/CVE-2024-13338.json) (`2025-04-12T07:15:26.707`)
-- [CVE-2025-3276](CVE-2025/CVE-2025-32xx/CVE-2025-3276.json) (`2025-04-12T07:15:26.860`)
-- [CVE-2025-3282](CVE-2025/CVE-2025-32xx/CVE-2025-3282.json) (`2025-04-12T07:15:27.003`)
-- [CVE-2025-3292](CVE-2025/CVE-2025-32xx/CVE-2025-3292.json) (`2025-04-12T07:15:27.143`)
-- [CVE-2025-3418](CVE-2025/CVE-2025-34xx/CVE-2025-3418.json) (`2025-04-12T07:15:27.277`)
+- [CVE-2025-1455](CVE-2025/CVE-2025-14xx/CVE-2025-1455.json) (`2025-04-12T09:15:14.660`)
+- [CVE-2025-1456](CVE-2025/CVE-2025-14xx/CVE-2025-1456.json) (`2025-04-12T09:15:16.600`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -247803,8 +247803,8 @@ CVE-2024-13333,0,0,413ea7e4b64b8aef5dd8714980de1abedc1d4af046b4d782740c89a880443
 CVE-2024-13334,0,0,892c3ce546b2f6a66e9e4dfd761dd08aaefb851a17185548e40c2e88d5655747,2025-01-15T04:15:19.720000
 CVE-2024-13335,0,0,20c8c7696547a710a7247fc1375c3fab2f06247460845b286129a3d00d1d053e,2025-02-05T01:37:46.517000
 CVE-2024-13336,0,0,0617973929b7ee171ae51423b79a35eb33e0e7b251f4a98140a45686002fe4e1,2025-03-06T15:11:50.350000
-CVE-2024-13337,1,1,6b8fd25b14c15392b6f19d2564503543a93ec427d751e213b4cbefd2d259ee8a,2025-04-12T07:15:26.307000
-CVE-2024-13338,1,1,057ff63f886720c6d91462207df6cde029d2429bacac8035b122abb424b11100,2025-04-12T07:15:26.707000
+CVE-2024-13337,0,0,6b8fd25b14c15392b6f19d2564503543a93ec427d751e213b4cbefd2d259ee8a,2025-04-12T07:15:26.307000
+CVE-2024-13338,0,0,057ff63f886720c6d91462207df6cde029d2429bacac8035b122abb424b11100,2025-04-12T07:15:26.707000
 CVE-2024-13339,0,0,340eea0e2bd475f42d733c8b21f5a4ae0c4c2c22f00aa8474acaaa1473a3f477,2025-02-26T13:36:56.200000
 CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000
 CVE-2024-13340,0,0,410a07bb948a432c6c68e7813dd264dbb94d6d7c0c36b44969bc437f75da1ae8,2025-01-31T16:02:16.553000
@@ -282206,6 +282206,8 @@ CVE-2025-1449,0,0,f0e6218526167e689cd8ac50c2ba9ee8bc2cd9e9aee512507ed12c93e0c9fc
 CVE-2025-1450,0,0,f0a28cf37155f4c16fff9326b0ffe6a415c6c5c1475546052ba68718728afcec,2025-03-11T15:46:05.180000
 CVE-2025-1451,0,0,12a938aee967d5ea2c9b43d523c78df71d3aa4fc1d58b85bd5cbd9ad34dbd3d2,2025-03-27T15:40:03.640000
 CVE-2025-1452,0,0,3e2a2b961d493642668dd5d757e3135aee03e85d6914645ab6a62b9e89b5cf1e,2025-03-27T16:45:46.410000
+CVE-2025-1455,1,1,70f7aa76f51e870cd053a045f9a5c9a72a88c20d51c466d4f4e5461e5f18da60,2025-04-12T09:15:14.660000
+CVE-2025-1456,1,1,d47a06c7ef7c517605dfb55196b47355332d396edf8db40269cae3b2c7f79e75,2025-04-12T09:15:16.600000
 CVE-2025-1459,0,0,84da8b0d00734a81887e372630f8aae1161cbf72d12203a68a08585146659d7a,2025-03-01T07:15:10.980000
 CVE-2025-1460,0,0,a5c8e5382cd35abbaca03691402634777bdd210b53f824eaa70027825fcc1ff3,2025-02-26T23:15:10.193000
 CVE-2025-1463,0,0,2a489d18ab145c49d92d5d5423e0c75c250fe44656454c4f0f8f59222848993b,2025-03-05T12:15:35.270000
@@ -289565,7 +289567,7 @@ CVE-2025-32755,0,0,0e4b2d997ad26f458b04806dc5bea537010e4bad018db4379186ce4e7652b
 CVE-2025-32757,0,0,c640364748c5c666fd6dc8aec9d84948af9deb15cd9711efe75ce6833fb0d8c1,2025-04-11T03:15:13.903000
 CVE-2025-32758,0,0,d3608f6f13a9a5b49230d2ebeae393f102196b87b92e834ebddf934752919dc3,2025-04-11T03:15:14.427000
 CVE-2025-32759,0,0,4ec2028500fce9598ebd65d94b8913a1d569360cd32f22b47c68102fcbfca47a,2025-04-11T03:15:14.477000
-CVE-2025-3276,1,1,931a88b98a6130c8a5f5d27a462ee5d2373e4318ffca0c6199cc29863b65a752,2025-04-12T07:15:26.860000
+CVE-2025-3276,0,0,931a88b98a6130c8a5f5d27a462ee5d2373e4318ffca0c6199cc29863b65a752,2025-04-12T07:15:26.860000
 CVE-2025-32760,0,0,b49616aee650d484034da17cd41c523e46d17a1af9bca82d77fef3f534ef6eb7,2025-04-11T03:15:14.530000
 CVE-2025-32761,0,0,177a1c1146899dbe2adee28b3395241103cc5f3e843fc2a57149473c7e8b0150,2025-04-11T03:15:14.583000
 CVE-2025-32762,0,0,d0d8b9a3f3412c3e1ec3920ce0a53310113d5e2867a9b430bee3e240824aae2c,2025-04-11T03:15:14.637000
@@ -289585,13 +289587,13 @@ CVE-2025-32807,0,0,791ea9650394de4a3c6a4bce28448af084ce5e8fb834d69b1769b35b955fd
 CVE-2025-32808,0,0,4460b802a312298836218e51f145ee69f847802ae0b680f0631fd4c9d767af72,2025-04-11T16:15:20.673000
 CVE-2025-32809,0,0,ca90ff3ced06efa4e939486b48b76783f1482c86186847921ab08cd5bd99e3d5,2025-04-11T16:15:20.807000
 CVE-2025-32816,0,0,7146ab229fea4de6245a9faadeb60513e017f27b734755baaf195d3f55011510,2025-04-11T15:39:52.920000
-CVE-2025-3282,1,1,6163a59fd68c6efb444994c0160024cc299c7afde3bbcc464fb769baba72cd14,2025-04-12T07:15:27.003000
+CVE-2025-3282,0,0,6163a59fd68c6efb444994c0160024cc299c7afde3bbcc464fb769baba72cd14,2025-04-12T07:15:27.003000
 CVE-2025-3285,0,0,e28a4e88da7ffb77ad01de08bcfd2b4a71d41180820a080f587b6350c35f9e48,2025-04-08T18:13:53.347000
 CVE-2025-3286,0,0,c247e4e94cc04e66afe391d63c6254a128435a66f18dde665fe78a6cdb0ab317,2025-04-08T18:13:53.347000
 CVE-2025-3287,0,0,bff258a343cd08a61757791ae0246a98daa5f12cd52be7d2e4f1314c24254af2,2025-04-08T18:13:53.347000
 CVE-2025-3288,0,0,6c3436c1bb9a5ae79382862f9efeedd904207179bae65402a0755339708c80d4,2025-04-08T18:13:53.347000
 CVE-2025-3289,0,0,827f59b01ecb1240cc36827fa98bfacb84591c8b915a26513129f42996d37d73,2025-04-08T18:13:53.347000
-CVE-2025-3292,1,1,2e1db750cfd1563a06db7ac495c3f640edc42fb0c4158d03489de1beb7a4ae8f,2025-04-12T07:15:27.143000
+CVE-2025-3292,0,0,2e1db750cfd1563a06db7ac495c3f640edc42fb0c4158d03489de1beb7a4ae8f,2025-04-12T07:15:27.143000
 CVE-2025-3296,0,0,604544c60030717a0b7298a4216c2cee6c0b09dc746101c73c6d715c2da17326,2025-04-08T16:49:21.037000
 CVE-2025-3297,0,0,450f027df383ac012c0d670b8246ab459ec83da0d22f33695d8eb8051ee5200e,2025-04-08T16:49:12.910000
 CVE-2025-3298,0,0,289613560130dabe199eea55128a1bdfe9eecd882e62238f3674c43e858ef0bc,2025-04-08T16:49:00.290000
@@ -289692,7 +289694,7 @@ CVE-2025-3412,0,0,25a3c2ab8fa0aef3dfffc2c9723b43f279f3600f9f3d1f7632095f66cdc52e
 CVE-2025-3413,0,0,e9ae6f9ee954dc0b39e2e9a8b6ad41f6cbd8628b2d84dff62138fbf7e2823b11,2025-04-08T18:13:53.347000
 CVE-2025-3416,0,0,52d35af283afef5bb6d8cccc38fa0eb8d4ad3029b21142a4de9837a0c397cd70,2025-04-09T20:02:41.860000
 CVE-2025-3417,0,0,e393b15114feb46d95f488ee34d16b125c38ee49e2798d5b216b189c39465cf9,2025-04-11T15:39:52.920000
-CVE-2025-3418,1,1,63bba6daa19cec7b3a858974cdad5389fd6e1545a0fd25df63a0f1a7ab755f94,2025-04-12T07:15:27.277000
+CVE-2025-3418,0,0,63bba6daa19cec7b3a858974cdad5389fd6e1545a0fd25df63a0f1a7ab755f94,2025-04-12T07:15:27.277000
 CVE-2025-3421,0,0,f0b0f2fac32f095e78653a3f079907a85827a89faac1aa3c204f37fe09b5c50e,2025-04-11T15:39:52.920000
 CVE-2025-3422,0,0,67da956b7a6b8167e42afa6b34d074d1413252f8ae249df1ac8fab6d91861e99,2025-04-11T15:39:52.920000
 CVE-2025-3424,0,0,f161b96f7ead82573f94b591ee29deb4e0df9f8f7eb925f2312c3762b9a3484d,2025-04-10T16:15:29.207000