diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0436.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0436.json index 4c95dae2c04..ba4e0fcf6f1 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0436.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0436.json @@ -2,13 +2,13 @@ "id": "CVE-2024-0436", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-26T16:27:50.283", - "lastModified": "2025-02-27T02:41:47.957", - "vulnStatus": "Analyzed", + "lastModified": "2025-03-27T11:15:35.710", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.\n\nThe risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute " + "value": "Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.\n\nThe risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute" }, { "lang": "es", @@ -68,7 +68,7 @@ "description": [ { "lang": "en", - "value": "CWE-764" + "value": "CWE-203" } ] }, diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0763.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0763.json index 83658861e3b..6d34bf264fb 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0763.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0763.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0763", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-27T22:15:14.597", - "lastModified": "2025-03-04T14:33:46.043", - "vulnStatus": "Analyzed", + "lastModified": "2025-03-27T11:15:36.570", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -68,7 +68,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-22" } ] }, diff --git a/CVE-2024/CVE-2024-545xx/CVE-2024-54558.json b/CVE-2024/CVE-2024-545xx/CVE-2024-54558.json index 0b97fb27063..7b8a5e6f88f 100644 --- a/CVE-2024/CVE-2024-545xx/CVE-2024-54558.json +++ b/CVE-2024/CVE-2024-545xx/CVE-2024-54558.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54558", "sourceIdentifier": "product-security@apple.com", "published": "2025-03-10T19:15:38.790", - "lastModified": "2025-03-24T15:08:16.257", - "vulnStatus": "Analyzed", + "lastModified": "2025-03-27T12:15:13.477", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -22,20 +22,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 2.8, + "baseSeverity": "LOW", + "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", "availabilityImpact": "NONE" }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "exploitabilityScore": 1.3, + "impactScore": 1.4 } ] }, @@ -86,16 +86,16 @@ "url": "https://support.apple.com/en-us/121238", "source": "product-security@apple.com", "tags": [ - "Vendor Advisory", - "Release Notes" + "Release Notes", + "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/121250", "source": "product-security@apple.com", "tags": [ - "Vendor Advisory", - "Release Notes" + "Release Notes", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8053.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8053.json index c7adbf9b026..dce4f22d57d 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8053.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8053.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8053", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:39.993", - "lastModified": "2025-03-26T16:18:07.887", - "vulnStatus": "Analyzed", + "lastModified": "2025-03-27T11:15:36.737", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -64,17 +64,17 @@ "weaknesses": [ { "source": "security@huntr.dev", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-306" } ] }, { "source": "nvd@nist.gov", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30763.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30763.json new file mode 100644 index 00000000000..943d5b20411 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30763.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30763", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.123", + "lastModified": "2025-03-27T11:15:37.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP allows Stored XSS. This issue affects EO4WP: from n/a through 1.0.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fw-integration-for-emailoctopus/vulnerability/wordpress-eo4wp-1-0-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30764.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30764.json new file mode 100644 index 00000000000..ca60f9033ad --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30764.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30764", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.280", + "lastModified": "2025-03-27T11:15:37.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool allows Cross Site Request Forgery. This issue affects Football Pool: from n/a through 2.12.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/football-pool/vulnerability/wordpress-football-pool-plugin-2-12-2-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30765.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30765.json new file mode 100644 index 00000000000..2f049d264d5 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30765.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30765", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.410", + "lastModified": "2025-03-27T11:15:37.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPPOOL FlexStock allows Blind SQL Injection. This issue affects FlexStock: from n/a through 3.13.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/stock-sync-with-google-sheet-for-woocommerce/vulnerability/wordpress-flexstock-3-13-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30766.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30766.json new file mode 100644 index 00000000000..6d21c1d5cf7 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30766.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30766", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.550", + "lastModified": "2025-03-27T11:15:37.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-3-16-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30767.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30767.json new file mode 100644 index 00000000000..bb7d333b70d --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30767.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30767", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.690", + "lastModified": "2025-03-27T11:15:37.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pdf-for-wpforms/vulnerability/wordpress-pdf-for-wpforms-plugin-5-3-0-arbitrary-shortcode-execution-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30768.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30768.json new file mode 100644 index 00000000000..4007a8bca4a --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30768.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30768", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.830", + "lastModified": "2025-03-27T11:15:37.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows Stored XSS. This issue affects jAlbum Bridge: from n/a through 2.0.18." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/jalbum-bridge/vulnerability/wordpress-jalbum-bridge-2-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30769.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30769.json new file mode 100644 index 00000000000..1202783a17f --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30769.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30769", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:37.970", + "lastModified": "2025-03-27T11:15:37.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wip-woocarousel-lite/vulnerability/wordpress-wip-woocarousel-lite-plugin-1-1-7-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30770.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30770.json new file mode 100644 index 00000000000..48b03c9b7ed --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30770.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30770", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.113", + "lastModified": "2025-03-27T11:15:38.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a through 1.8.4.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/charitable/vulnerability/wordpress-charitable-1-8-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30771.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30771.json new file mode 100644 index 00000000000..171dd919171 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30771.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30771", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.253", + "lastModified": "2025-03-27T11:15:38.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alain-Aymerick FRANCOIS WP Cassify allows DOM-Based XSS. This issue affects WP Cassify: from n/a through 2.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-cassify/vulnerability/wordpress-wp-cassify-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30772.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30772.json new file mode 100644 index 00000000000..e8d9e4eb584 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30772.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30772", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.397", + "lastModified": "2025-03-27T11:15:38.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpc-smart-upsell-funnel/vulnerability/wordpress-wpc-smart-upsell-funnel-for-woocommerce-plugin-3-0-4-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30773.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30773.json new file mode 100644 index 00000000000..f68793365ab --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30773.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30773", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.537", + "lastModified": "2025-03-27T11:15:38.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/translatepress-multilingual/vulnerability/wordpress-translatepress-2-9-6-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30775.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30775.json new file mode 100644 index 00000000000..dcbd6dc468e --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30775.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30775", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.673", + "lastModified": "2025-03-27T11:15:38.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy allows SQL Injection. This issue affects WPGuppy: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30776.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30776.json new file mode 100644 index 00000000000..e5b777d589e --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30776.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30776", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.803", + "lastModified": "2025-03-27T11:15:38.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sitekit/vulnerability/wordpress-sitekit-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30777.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30777.json new file mode 100644 index 00000000000..e4f18f97412 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30777.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30777", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:38.930", + "lastModified": "2025-03-27T11:15:38.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/support-genix-lite/vulnerability/wordpress-support-genix-1-4-11-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30779.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30779.json new file mode 100644 index 00000000000..ebaa6495332 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30779.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30779", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.060", + "lastModified": "2025-03-27T11:15:39.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Doneren met Mollie allows Stored XSS. This issue affects Doneren met Mollie: from n/a through 2.10.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/doneren-met-mollie/vulnerability/wordpress-doneren-met-mollie-2-10-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30780.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30780.json new file mode 100644 index 00000000000..9bc029b6a32 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30780.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30780", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.193", + "lastModified": "2025-03-27T11:15:39.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cubecolour Audio Album allows Stored XSS. This issue affects Audio Album: from n/a through 1.5.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/audio-album/vulnerability/wordpress-audio-album-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30781.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30781.json new file mode 100644 index 00000000000..1cfb28e5eac --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30781.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30781", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.320", + "lastModified": "2025-03-27T11:15:39.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce allows Phishing. This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through 3.7.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/order-status-rules-for-woocommerce/vulnerability/wordpress-scheduled-automatic-order-status-controller-for-woocommerce-3-7-1-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30783.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30783.json new file mode 100644 index 00000000000..a330b900cc9 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30783.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30783", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.447", + "lastModified": "2025-03-27T11:15:39.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider allows SQL Injection. This issue affects WP Google Review Slider: from n/a through 16.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-16-0-csrf-to-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30784.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30784.json new file mode 100644 index 00000000000..5e409c7b4b4 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30784.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30784", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.577", + "lastModified": "2025-03-27T11:15:39.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Shuffle WP Subscription Forms allows SQL Injection. This issue affects WP Subscription Forms: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-subscription-forms/vulnerability/wordpress-wp-subscription-forms-1-2-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30785.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30785.json new file mode 100644 index 00000000000..c9a66833fb7 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30785.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30785", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.703", + "lastModified": "2025-03-27T11:15:39.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Download Lite allows PHP Local File Inclusion. This issue affects Subscribe to Download Lite: from n/a through 1.2.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/subscribe-to-download-lite/vulnerability/wordpress-subscribe-to-download-lite-1-2-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30786.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30786.json new file mode 100644 index 00000000000..8a88e4260d4 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30786.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30786", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.833", + "lastModified": "2025-03-27T11:15:39.833", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama allows DOM-Based XSS. This issue affects Quotes llama: from n/a through 3.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/quotes-llama/vulnerability/wordpress-quotes-llama-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30787.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30787.json new file mode 100644 index 00000000000..fbbffb16ec3 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30787.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30787", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:39.963", + "lastModified": "2025-03-27T11:15:39.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/elisqlreports/vulnerability/wordpress-ez-sql-reports-shortcode-widget-and-db-backup-plugin-5-25-08-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30788.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30788.json new file mode 100644 index 00000000000..60272237b57 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30788.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30788", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.093", + "lastModified": "2025-03-27T11:15:40.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows SQL Injection. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/elisqlreports/vulnerability/wordpress-ez-sql-reports-shortcode-widget-and-db-backup-plugin-5-25-08-csrf-to-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30789.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30789.json new file mode 100644 index 00000000000..660b63cf9d4 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30789.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30789", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.223", + "lastModified": "2025-03-27T11:15:40.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clearoutio Clearout Email Validator allows Stored XSS. This issue affects Clearout Email Validator: from n/a through 3.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/clearout-email-validator/vulnerability/wordpress-clearout-email-validator-3-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30790.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30790.json new file mode 100644 index 00000000000..19d7084bf4f --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30790.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30790", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.357", + "lastModified": "2025-03-27T11:15:40.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wa-chatbox-manager/vulnerability/wordpress-chatbox-manager-1-2-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30791.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30791.json new file mode 100644 index 00000000000..e646d8d2ac3 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30791.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30791", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.490", + "lastModified": "2025-03-27T11:15:40.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.16." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cart-tracking-for-woocommerce/vulnerability/wordpress-cart-tracking-for-woocommerce-plugin-1-0-16-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30792.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30792.json new file mode 100644 index 00000000000..9e20f96ebb7 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30792.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30792", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.620", + "lastModified": "2025-03-27T11:15:40.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zumbo Comment Approved Notifier Extended allows Stored XSS. This issue affects Comment Approved Notifier Extended: from n/a through 5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/comment-approved-notifier-extended/vulnerability/wordpress-comment-approved-notifier-extended-plugin-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30795.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30795.json new file mode 100644 index 00000000000..a2dd4bfeb16 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30795.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30795", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.753", + "lastModified": "2025-03-27T11:15:40.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-marketing-automations/vulnerability/wordpress-automation-by-autonami-plugin-3-5-1-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30799.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30799.json new file mode 100644 index 00000000000..fdb6579e897 --- /dev/null +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30799.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30799", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:40.883", + "lastModified": "2025-03-27T11:15:40.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup WP Google Street View allows Stored XSS. This issue affects WP Google Street View: from n/a through 1.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-google-street-view/vulnerability/wordpress-wp-google-street-view-plugin-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30800.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30800.json new file mode 100644 index 00000000000..b9f42475b57 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30800.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30800", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.017", + "lastModified": "2025-03-27T11:15:41.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon allows Stored XSS. This issue affects Gum Elementor Addon: from n/a through 1.3.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gum-elementor-addon/vulnerability/wordpress-gum-elementor-addon-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30801.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30801.json new file mode 100644 index 00000000000..589b84f5164 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30801.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30801", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.157", + "lastModified": "2025-03-27T11:15:41.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Abu Bakar TWB Woocommerce Reviews allows Cross Site Request Forgery. This issue affects TWB Woocommerce Reviews: from n/a through 1.7.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/twb-woocommerce-reviews/vulnerability/wordpress-twb-woocommerce-reviews-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30803.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30803.json new file mode 100644 index 00000000000..8352d49918e --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30803.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30803", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.297", + "lastModified": "2025-03-27T11:15:41.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Greg Ross Just Writing Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Just Writing Statistics: from n/a through 5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/just-writing-statistics/vulnerability/wordpress-just-writing-statistics-plugin-5-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30804.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30804.json new file mode 100644 index 00000000000..d2b8e91c3e8 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30804.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30804", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.440", + "lastModified": "2025-03-27T11:15:41.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI allows Cross Site Request Forgery. This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpshopgermany-it-recht-kanzlei/vulnerability/wordpress-wpshopgermany-it-recht-kanzlei-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30805.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30805.json new file mode 100644 index 00000000000..6ef448b9b5d --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30805.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30805", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.573", + "lastModified": "2025-03-27T11:15:41.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies allows Cross Site Request Forgery. This issue affects Flexible Cookies: from n/a through 1.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flexible-cookies/vulnerability/wordpress-flexible-cookies-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30806.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30806.json new file mode 100644 index 00000000000..ca1b4b6b5af --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30806.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30806", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.703", + "lastModified": "2025-03-27T11:15:41.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque allows SQL Injection. This issue affects Vimeotheque: from n/a through 2.3.4.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/codeflavors-vimeo-video-post-lite/vulnerability/wordpress-vimeotheque-plugin-2-3-4-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30809.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30809.json new file mode 100644 index 00000000000..0c4cad7f90c --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30809.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30809", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.837", + "lastModified": "2025-03-27T11:15:41.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/liveforms/vulnerability/wordpress-wordpress-contact-form-drag-and-drop-form-builder-plugin-live-forms-plugin-4-8-4-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30810.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30810.json new file mode 100644 index 00000000000..d63974e2659 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30810.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30810", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:41.970", + "lastModified": "2025-03-27T11:15:41.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smackcoders Lead Form Data Collection to CRM allows Blind SQL Injection. This issue affects Lead Form Data Collection to CRM: from n/a through 3.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-leads-builder-any-crm/vulnerability/wordpress-lead-form-data-collection-to-crm-plugin-3-0-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30811.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30811.json new file mode 100644 index 00000000000..c3619b71c0f --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30811.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30811", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.103", + "lastModified": "2025-03-27T11:15:42.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/validar-certificados-de-cursos/vulnerability/wordpress-validatecertify-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30812.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30812.json new file mode 100644 index 00000000000..455452d31de --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30812.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30812", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.237", + "lastModified": "2025-03-27T11:15:42.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor allows Stored XSS. This issue affects SKT Addons for Elementor: from n/a through 3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/skt-addons-for-elementor/vulnerability/wordpress-skt-addons-for-elementor-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30813.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30813.json new file mode 100644 index 00000000000..472d03ab0a0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30813.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30813", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.370", + "lastModified": "2025-03-27T11:15:42.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/listamester/vulnerability/wordpress-listamester-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30814.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30814.json new file mode 100644 index 00000000000..8ae779646f0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30814.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30814", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.503", + "lastModified": "2025-03-27T11:15:42.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid allows PHP Local File Inclusion. This issue affects The Post Grid: from n/a through 7.7.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/the-post-grid/vulnerability/wordpress-the-post-grid-plugin-7-7-17-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30815.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30815.json new file mode 100644 index 00000000000..2fa773b1abb --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30815.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30815", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.640", + "lastModified": "2025-03-27T11:15:42.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hesabfa-accounting/vulnerability/wordpress-hesabfa-accounting-plugin-2-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30816.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30816.json new file mode 100644 index 00000000000..12bd5420dac --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30816.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30816", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.773", + "lastModified": "2025-03-27T11:15:42.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery. This issue affects publish post email notification: from n/a through 1.0.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/publish-post-email-notification/vulnerability/wordpress-publish-post-email-notification-plugin-1-0-2-3-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30817.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30817.json new file mode 100644 index 00000000000..642b4f0c6e3 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30817.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30817", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:42.907", + "lastModified": "2025-03-27T11:15:42.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/z-companion/vulnerability/wordpress-z-companion-plugin-1-0-13-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30818.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30818.json new file mode 100644 index 00000000000..834f725faaf --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30818.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30818", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.047", + "lastModified": "2025-03-27T11:15:43.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/jalbum-bridge/vulnerability/wordpress-jalbum-bridge-plugin-2-0-17-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30819.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30819.json new file mode 100644 index 00000000000..2e6395601f0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30819.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30819", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.183", + "lastModified": "2025-03-27T11:15:43.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways allows SQL Injection. This issue affects Simple Giveaways: from n/a through 2.48.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/giveasap/vulnerability/wordpress-simple-giveaways-plugin-2-48-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30820.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30820.json new file mode 100644 index 00000000000..28d1f7f20c7 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30820.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30820", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.320", + "lastModified": "2025-03-27T11:15:43.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite allows PHP Local File Inclusion. This issue affects WishSuite: from n/a through 1.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wishsuite/vulnerability/wordpress-wishsuite-plugin-1-4-4-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30821.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30821.json new file mode 100644 index 00000000000..951ffca145a --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30821.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30821", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.453", + "lastModified": "2025-03-27T11:15:43.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/h5pxapikatchu/vulnerability/wordpress-snordian-s-h5pxapikatchu-plugin-0-4-14-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30822.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30822.json new file mode 100644 index 00000000000..b8ea4bbc665 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30822.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30822", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.583", + "lastModified": "2025-03-27T11:15:43.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ideal-wp-login-logo-changer/vulnerability/wordpress-custom-login-logo-plugin-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30823.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30823.json new file mode 100644 index 00000000000..4fb1d29f76e --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30823.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30823", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.713", + "lastModified": "2025-03-27T11:15:43.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/anthologize/vulnerability/wordpress-anthologize-plugin-0-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30824.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30824.json new file mode 100644 index 00000000000..61cfbc2ba1b --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30824.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30824", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.847", + "lastModified": "2025-03-27T11:15:43.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/webtexttool/vulnerability/wordpress-textmetrics-plugin-3-6-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30826.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30826.json new file mode 100644 index 00000000000..f6d0794ea53 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30826.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30826", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:43.980", + "lastModified": "2025-03-27T11:15:43.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator allows DOM-Based XSS. This issue affects IP Locator: from n/a through 4.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ip-locator/vulnerability/wordpress-ip-locator-plugin-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30828.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30828.json new file mode 100644 index 00000000000..5860eca6dc4 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30828.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30828", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.117", + "lastModified": "2025-03-27T11:15:44.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-29-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30829.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30829.json new file mode 100644 index 00000000000..3d36bf714c4 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30829.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30829", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.257", + "lastModified": "2025-03-27T11:15:44.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.31." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-cafe/vulnerability/wordpress-wpcafe-plugin-2-2-31-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30830.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30830.json new file mode 100644 index 00000000000..42ced7c9405 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30830.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30830", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.390", + "lastModified": "2025-03-27T11:15:44.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hm-cool-author-box-widget/vulnerability/wordpress-cool-author-box-plugin-2-9-9-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30831.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30831.json new file mode 100644 index 00000000000..b87aca87364 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30831.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30831", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.520", + "lastModified": "2025-03-27T11:15:44.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post allows PHP Local File Inclusion. This issue affects Themify Event Post: from n/a through 1.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/themify-event-post/vulnerability/wordpress-themify-event-post-plugin-1-3-2-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30832.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30832.json new file mode 100644 index 00000000000..46e0c74f685 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30832.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30832", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.653", + "lastModified": "2025-03-27T11:15:44.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/themify-event-post/vulnerability/wordpress-themify-event-post-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30833.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30833.json new file mode 100644 index 00000000000..e444cb6349f --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30833.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30833", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.793", + "lastModified": "2025-03-27T11:15:44.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-publishing-and-e-commerce-plugin-4-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30836.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30836.json new file mode 100644 index 00000000000..076642d5fb7 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30836.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30836", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:44.930", + "lastModified": "2025-03-27T11:15:44.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/latepoint/vulnerability/wordpress-latepoint-plugin-5-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30838.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30838.json new file mode 100644 index 00000000000..0e18e6989b7 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30838.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30838", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.060", + "lastModified": "2025-03-27T11:15:45.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS. This issue affects Cozy Blocks: from n/a through 2.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cozy-addons/vulnerability/wordpress-cozy-blocks-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30839.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30839.json new file mode 100644 index 00000000000..b3ad14a2048 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30839.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30839", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.193", + "lastModified": "2025-03-27T11:15:45.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30842.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30842.json new file mode 100644 index 00000000000..994fc71c00c --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30842.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30842", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.340", + "lastModified": "2025-03-27T11:15:45.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda allows Cross Site Request Forgery. This issue affects Christmas Panda: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/christmas-panda/vulnerability/wordpress-christmas-panda-plugin-1-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30843.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30843.json new file mode 100644 index 00000000000..e2e1923bb68 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30843.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30843", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.490", + "lastModified": "2025-03-27T11:15:45.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in setriosoft bizcalendar-web allows SQL Injection. This issue affects bizcalendar-web: from n/a through 1.1.0.34." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bizcalendar-web/vulnerability/wordpress-bizcalendar-web-plugin-1-1-0-34-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30845.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30845.json new file mode 100644 index 00000000000..85146305b8f --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30845.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30845", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.643", + "lastModified": "2025-03-27T11:15:45.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons allows PHP Local File Inclusion. This issue affects The Pack Elementor addons: from n/a through 2.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/the-pack-addon/vulnerability/wordpress-the-pack-elementor-addons-plugin-2-1-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30846.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30846.json new file mode 100644 index 00000000000..c0745dd64a2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30846.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30846", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.787", + "lastModified": "2025-03-27T11:15:45.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress allows PHP Local File Inclusion. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-4-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30847.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30847.json new file mode 100644 index 00000000000..43f81a3a98d --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30847.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30847", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:45.923", + "lastModified": "2025-03-27T11:15:45.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashley Novelist allows Stored XSS. This issue affects Novelist: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/novelist/vulnerability/wordpress-novelist-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30850.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30850.json new file mode 100644 index 00000000000..b8fdf15f9ae --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30850.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30850", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.067", + "lastModified": "2025-03-27T11:15:46.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex allows Stored XSS. This issue affects Dr. Flex: from n/a through 2.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dr-flex/vulnerability/wordpress-dr-flex-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30851.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30851.json new file mode 100644 index 00000000000..7ec9adb73de --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30851.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30851", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.217", + "lastModified": "2025-03-27T11:15:46.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Tickera Tickera allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tickera: from n/a through 3.5.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tickera-event-ticketing-system/vulnerability/wordpress-tickera-plugin-3-5-5-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30854.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30854.json new file mode 100644 index 00000000000..a4e0e517f93 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30854.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30854", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.390", + "lastModified": "2025-03-27T11:15:46.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30856.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30856.json new file mode 100644 index 00000000000..0487b322aed --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30856.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30856", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.547", + "lastModified": "2025-03-27T11:15:46.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/custom-field-for-wp-job-manager/vulnerability/wordpress-custom-field-for-wp-job-manager-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30857.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30857.json new file mode 100644 index 00000000000..65a3a0fe2c0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30857.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30857", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.700", + "lastModified": "2025-03-27T11:15:46.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows Stored XSS. This issue affects Currency Switcher for WooCommerce: from n/a through 0.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/currency-switcher-for-woocommerce/vulnerability/wordpress-currency-switcher-for-woocommerce-plugin-0-0-7-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30859.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30859.json new file mode 100644 index 00000000000..8e5785088d2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30859.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30859", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.843", + "lastModified": "2025-03-27T11:15:46.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ali2woo-lite/vulnerability/wordpress-alinext-plugin-3-5-1-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30860.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30860.json new file mode 100644 index 00000000000..6d3a24da4b2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30860.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30860", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:46.983", + "lastModified": "2025-03-27T11:15:46.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows DOM-Based XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/off-canvas-sidebars/vulnerability/wordpress-off-canvas-sidebars-menus-slidebars-plugin-0-5-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30861.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30861.json new file mode 100644 index 00000000000..417a0987f4d --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30861.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30861", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.130", + "lastModified": "2025-03-27T11:15:47.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.6.29." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-6-29-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30862.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30862.json new file mode 100644 index 00000000000..26a61f8f3b9 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30862.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30862", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.273", + "lastModified": "2025-03-27T11:15:47.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.22." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/recaptcha-for-all/vulnerability/wordpress-recaptcha-for-all-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30863.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30863.json new file mode 100644 index 00000000000..5babddc6008 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30863.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30863", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.410", + "lastModified": "2025-03-27T11:15:47.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/integration-for-contact-form-7-and-google-sheets/vulnerability/wordpress-integration-for-google-sheets-and-contact-form-7-wpforms-elementor-ninja-forms-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30864.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30864.json new file mode 100644 index 00000000000..b36b5ec9162 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30864.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30864", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.550", + "lastModified": "2025-03-27T11:15:47.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/exchange-rates/vulnerability/wordpress-exchange-rates-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30865.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30865.json new file mode 100644 index 00000000000..49caecadb7e --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30865.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30865", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.683", + "lastModified": "2025-03-27T11:15:47.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery. This issue affects 3DPrint Lite: from n/a through 2.1.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/3dprint-lite/vulnerability/wordpress-3dprint-lite-plugin-2-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30866.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30866.json new file mode 100644 index 00000000000..ec71be4b9c0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30866.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30866", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.820", + "lastModified": "2025-03-27T11:15:47.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Terms & Conditions Per Product: from n/a through 1.2.15." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/terms-and-conditions-per-product/vulnerability/wordpress-terms-conditions-per-product-plugin-1-2-15-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30867.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30867.json new file mode 100644 index 00000000000..376053ca644 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30867.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30867", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:47.960", + "lastModified": "2025-03-27T11:15:47.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SearchIQ SearchIQ allows Stored XSS. This issue affects SearchIQ: from n/a through 4.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30868.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30868.json new file mode 100644 index 00000000000..482128dfb21 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30868.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30868", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.103", + "lastModified": "2025-03-27T11:15:48.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DynamicWebLab Team Manager allows PHP Local File Inclusion. This issue affects Team Manager: from n/a through 2.1.23." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-team-manager/vulnerability/wordpress-team-manager-plugin-2-1-23-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30871.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30871.json new file mode 100644 index 00000000000..26617fe5725 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30871.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30871", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.243", + "lastModified": "2025-03-27T11:15:48.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-3-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30872.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30872.json new file mode 100644 index 00000000000..1de3ff8a176 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30872.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30872", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.383", + "lastModified": "2025-03-27T11:15:48.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce allows Cross Site Request Forgery. This issue affects Product Author for WooCommerce: from n/a through 1.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-product-author/vulnerability/wordpress-product-author-for-woocommerce-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30873.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30873.json new file mode 100644 index 00000000000..7d021fe02d3 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30873.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30873", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.523", + "lastModified": "2025-03-27T11:15:48.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/greenshift-animation-and-page-builder-blocks/vulnerability/wordpress-greenshift-plugin-11-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30874.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30874.json new file mode 100644 index 00000000000..072ff9f30c8 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30874.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30874", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.663", + "lastModified": "2025-03-27T11:15:48.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/specific-content-for-mobile/vulnerability/wordpress-specific-content-for-mobile-plugin-0-5-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30877.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30877.json new file mode 100644 index 00000000000..e27566b2714 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30877.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30877", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.803", + "lastModified": "2025-03-27T11:15:48.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/quiz-cat/vulnerability/wordpress-quiz-cat-plugin-3-0-8-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30879.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30879.json new file mode 100644 index 00000000000..caeb6d7756a --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30879.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30879", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:48.940", + "lastModified": "2025-03-27T11:15:48.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in moreconvert MC Woocommerce Wishlist allows SQL Injection. This issue affects MC Woocommerce Wishlist: from n/a through 1.8.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smart-wishlist-for-more-convert/vulnerability/wordpress-mc-woocommerce-wishlist-plugin-1-8-9-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30881.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30881.json new file mode 100644 index 00000000000..a85e71a8f98 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30881.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30881", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.080", + "lastModified": "2025-03-27T11:15:49.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/big-store/vulnerability/wordpress-big-store-theme-2-0-8-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30883.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30883.json new file mode 100644 index 00000000000..d2a9ba5bf34 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30883.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30883", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.220", + "lastModified": "2025-03-27T11:15:49.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in richplugins Trust.Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trust.Reviews: from n/a through 2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fb-reviews-widget/vulnerability/wordpress-trust-reviews-plugin-2-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30884.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30884.json new file mode 100644 index 00000000000..a17dd8bbec1 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30884.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30884", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.357", + "lastModified": "2025-03-27T11:15:49.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations allows Phishing. This issue affects Bit Integrations: from n/a through 2.4.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bit-integrations/vulnerability/wordpress-bit-integrations-plugin-2-4-10-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30885.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30885.json new file mode 100644 index 00000000000..4ff52378be0 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30885.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30885", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.493", + "lastModified": "2025-03-27T11:15:49.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form \u2013 Contact Form Plugin allows Phishing. This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.18.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bit-form/vulnerability/wordpress-bit-form-plugin-2-18-0-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30887.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30887.json new file mode 100644 index 00000000000..62f2562a74d --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30887.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30887", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.633", + "lastModified": "2025-03-27T11:15:49.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30888.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30888.json new file mode 100644 index 00000000000..0fcbc386cd2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30888.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30888", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.773", + "lastModified": "2025-03-27T11:15:49.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery. This issue affects Custom Fields Account Registration For Woocommerce: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/custom-fields-account-registration-for-woocommerce/vulnerability/wordpress-custom-fields-account-registration-for-woocommerce-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30890.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30890.json new file mode 100644 index 00000000000..6e1c29ad2f2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30890.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30890", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:49.920", + "lastModified": "2025-03-27T11:15:49.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/login-widget-for-ultimate-member/vulnerability/wordpress-login-widget-for-ultimate-member-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30891.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30891.json new file mode 100644 index 00000000000..5c43bbb6d45 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30891.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30891", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.057", + "lastModified": "2025-03-27T11:15:50.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-7-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30893.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30893.json new file mode 100644 index 00000000000..78599278855 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30893.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30893", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.190", + "lastModified": "2025-03-27T11:15:50.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leadconnector/vulnerability/wordpress-leadconnector-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30894.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30894.json new file mode 100644 index 00000000000..335fbb963b2 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30894.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30894", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.333", + "lastModified": "2025-03-27T11:15:50.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.79.262." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fulltext-search/vulnerability/wordpress-wp-fast-total-search-plugin-1-79-262-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30895.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30895.json new file mode 100644 index 00000000000..122df4d0c61 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30895.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30895", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.470", + "lastModified": "2025-03-27T11:15:50.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30896.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30896.json new file mode 100644 index 00000000000..6b7fd5a75c1 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30896.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30896", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.623", + "lastModified": "2025-03-27T11:15:50.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-13-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30897.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30897.json new file mode 100644 index 00000000000..b96dfbf37e1 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30897.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30897", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.777", + "lastModified": "2025-03-27T11:15:50.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30898.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30898.json new file mode 100644 index 00000000000..4fa9ec6f543 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30898.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30898", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:50.920", + "lastModified": "2025-03-27T11:15:50.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] \u0627\u0641\u0632\u0648\u0646\u0647 \u062d\u0645\u0644 \u0648 \u0646\u0642\u0644 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 (\u067e\u0633\u062a \u067e\u06cc\u0634\u062a\u0627\u0632 \u0648 \u0633\u0641\u0627\u0631\u0634\u06cc\u060c \u067e\u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631\u06cc) allows Stored XSS. This issue affects \u0627\u0641\u0632\u0648\u0646\u0647 \u062d\u0645\u0644 \u0648 \u0646\u0642\u0644 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 (\u067e\u0633\u062a \u067e\u06cc\u0634\u062a\u0627\u0632 \u0648 \u0633\u0641\u0627\u0631\u0634\u06cc\u060c \u067e\u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631\u06cc): from n/a through 4.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/persian-woocommerce-shipping/vulnerability/wordpress-fzonh-hml-o-nkl-oo-mrs-st-sht-z-o-sf-rsh-motor-plugin-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-308xx/CVE-2025-30899.json b/CVE-2025/CVE-2025-308xx/CVE-2025-30899.json new file mode 100644 index 00000000000..b3d9c5921e1 --- /dev/null +++ b/CVE-2025/CVE-2025-308xx/CVE-2025-30899.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30899", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.060", + "lastModified": "2025-03-27T11:15:51.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30900.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30900.json new file mode 100644 index 00000000000..89c1fddd54a --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30900.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30900", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.200", + "lastModified": "2025-03-27T11:15:51.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing \u2013 Embed Payment Form allows Stored XSS. This issue affects Zoho Billing \u2013 Embed Payment Form: from n/a through 4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/zoho-subscriptions/vulnerability/wordpress-zoho-billing-embed-payment-form-plugin-4-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30903.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30903.json new file mode 100644 index 00000000000..476a7e17e8c --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30903.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30903", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.340", + "lastModified": "2025-03-27T11:15:51.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Mills SyntaxHighlighter Evolved allows DOM-Based XSS. This issue affects SyntaxHighlighter Evolved: from n/a through 3.7.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/syntaxhighlighter/vulnerability/wordpress-syntaxhighlighter-evolved-plugin-3-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30904.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30904.json new file mode 100644 index 00000000000..ddf6f648a44 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30904.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30904", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.480", + "lastModified": "2025-03-27T11:15:51.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/chart-builder/vulnerability/wordpress-chartify-plugin-3-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30907.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30907.json new file mode 100644 index 00000000000..175dd59dbeb --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30907.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30907", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.620", + "lastModified": "2025-03-27T11:15:51.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/secupress/vulnerability/wordpress-secupress-free-plugin-2-2-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30909.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30909.json new file mode 100644 index 00000000000..bf52004f782 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30909.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30909", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.773", + "lastModified": "2025-03-27T11:15:51.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/enhanced-e-commerce-for-woocommerce-store/vulnerability/wordpress-conversios-io-plugin-7-2-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30912.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30912.json new file mode 100644 index 00000000000..fb4e176655d --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30912.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30912", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:51.953", + "lastModified": "2025-03-27T11:15:51.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/float-menu/vulnerability/wordpress-float-menu-plugin-6-1-2-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30914.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30914.json new file mode 100644 index 00000000000..0bbd00edb6d --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30914.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30914", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.130", + "lastModified": "2025-03-27T11:15:52.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/metform/vulnerability/wordpress-metform-elementor-contact-form-builder-plugin-3-9-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30918.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30918.json new file mode 100644 index 00000000000..bc4e3ad02ba --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30918.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30918", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.277", + "lastModified": "2025-03-27T11:15:52.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/structured-content/vulnerability/wordpress-structured-content-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30919.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30919.json new file mode 100644 index 00000000000..49f81216cb3 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30919.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30919", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.477", + "lastModified": "2025-03-27T11:15:52.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/store-locator-widget/vulnerability/wordpress-store-locator-widget-plugin-20200131-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30920.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30920.json new file mode 100644 index 00000000000..844b1519ea0 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30920.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30920", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.633", + "lastModified": "2025-03-27T11:15:52.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-posts-carousel/vulnerability/wordpress-wp-posts-carousel-plugin-1-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30921.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30921.json new file mode 100644 index 00000000000..10aaee5762b --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30921.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30921", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.770", + "lastModified": "2025-03-27T11:15:52.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-9-9-7-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30922.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30922.json new file mode 100644 index 00000000000..50f4b4f4513 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30922.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30922", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:52.917", + "lastModified": "2025-03-27T11:15:52.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simplebooklet/vulnerability/wordpress-simplebooklet-pdf-viewer-and-embedder-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30923.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30923.json new file mode 100644 index 00000000000..f47828c21c6 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30923.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30923", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:53.053", + "lastModified": "2025-03-27T11:15:53.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gift-message-for-woocommerce/vulnerability/wordpress-gift-message-for-woocommerce-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30925.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30925.json new file mode 100644 index 00000000000..f61d40b98e5 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30925.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30925", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-03-27T11:15:53.207", + "lastModified": "2025-03-27T11:15:53.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/the-pack-addon/vulnerability/wordpress-the-pack-elementor-addons-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31139.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31139.json new file mode 100644 index 00000000000..033db958f11 --- /dev/null +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31139.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31139", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2025-03-27T12:15:14.660", + "lastModified": "2025-03-27T12:15:14.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31140.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31140.json new file mode 100644 index 00000000000..326b8139d0f --- /dev/null +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31140.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31140", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2025-03-27T12:15:14.860", + "lastModified": "2025-03-27T12:15:14.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31141.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31141.json new file mode 100644 index 00000000000..f7ee6214f82 --- /dev/null +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31141.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31141", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2025-03-27T12:15:15.050", + "lastModified": "2025-03-27T12:15:15.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 73c4515bbf3..6d6c8a8d697 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-27T11:00:19.775803+00:00 +2025-03-27T13:00:19.674866+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-27T10:15:14.063000+00:00 +2025-03-27T12:15:15.050000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -286764 +286883 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `119` -- [CVE-2025-29993](CVE-2025/CVE-2025-299xx/CVE-2025-29993.json) (`2025-03-27T10:15:14.063`) +- [CVE-2025-30891](CVE-2025/CVE-2025-308xx/CVE-2025-30891.json) (`2025-03-27T11:15:50.057`) +- [CVE-2025-30893](CVE-2025/CVE-2025-308xx/CVE-2025-30893.json) (`2025-03-27T11:15:50.190`) +- [CVE-2025-30894](CVE-2025/CVE-2025-308xx/CVE-2025-30894.json) (`2025-03-27T11:15:50.333`) +- [CVE-2025-30895](CVE-2025/CVE-2025-308xx/CVE-2025-30895.json) (`2025-03-27T11:15:50.470`) +- [CVE-2025-30896](CVE-2025/CVE-2025-308xx/CVE-2025-30896.json) (`2025-03-27T11:15:50.623`) +- [CVE-2025-30897](CVE-2025/CVE-2025-308xx/CVE-2025-30897.json) (`2025-03-27T11:15:50.777`) +- [CVE-2025-30898](CVE-2025/CVE-2025-308xx/CVE-2025-30898.json) (`2025-03-27T11:15:50.920`) +- [CVE-2025-30899](CVE-2025/CVE-2025-308xx/CVE-2025-30899.json) (`2025-03-27T11:15:51.060`) +- [CVE-2025-30900](CVE-2025/CVE-2025-309xx/CVE-2025-30900.json) (`2025-03-27T11:15:51.200`) +- [CVE-2025-30903](CVE-2025/CVE-2025-309xx/CVE-2025-30903.json) (`2025-03-27T11:15:51.340`) +- [CVE-2025-30904](CVE-2025/CVE-2025-309xx/CVE-2025-30904.json) (`2025-03-27T11:15:51.480`) +- [CVE-2025-30907](CVE-2025/CVE-2025-309xx/CVE-2025-30907.json) (`2025-03-27T11:15:51.620`) +- [CVE-2025-30909](CVE-2025/CVE-2025-309xx/CVE-2025-30909.json) (`2025-03-27T11:15:51.773`) +- [CVE-2025-30912](CVE-2025/CVE-2025-309xx/CVE-2025-30912.json) (`2025-03-27T11:15:51.953`) +- [CVE-2025-30914](CVE-2025/CVE-2025-309xx/CVE-2025-30914.json) (`2025-03-27T11:15:52.130`) +- [CVE-2025-30918](CVE-2025/CVE-2025-309xx/CVE-2025-30918.json) (`2025-03-27T11:15:52.277`) +- [CVE-2025-30919](CVE-2025/CVE-2025-309xx/CVE-2025-30919.json) (`2025-03-27T11:15:52.477`) +- [CVE-2025-30920](CVE-2025/CVE-2025-309xx/CVE-2025-30920.json) (`2025-03-27T11:15:52.633`) +- [CVE-2025-30921](CVE-2025/CVE-2025-309xx/CVE-2025-30921.json) (`2025-03-27T11:15:52.770`) +- [CVE-2025-30922](CVE-2025/CVE-2025-309xx/CVE-2025-30922.json) (`2025-03-27T11:15:52.917`) +- [CVE-2025-30923](CVE-2025/CVE-2025-309xx/CVE-2025-30923.json) (`2025-03-27T11:15:53.053`) +- [CVE-2025-30925](CVE-2025/CVE-2025-309xx/CVE-2025-30925.json) (`2025-03-27T11:15:53.207`) +- [CVE-2025-31139](CVE-2025/CVE-2025-311xx/CVE-2025-31139.json) (`2025-03-27T12:15:14.660`) +- [CVE-2025-31140](CVE-2025/CVE-2025-311xx/CVE-2025-31140.json) (`2025-03-27T12:15:14.860`) +- [CVE-2025-31141](CVE-2025/CVE-2025-311xx/CVE-2025-31141.json) (`2025-03-27T12:15:15.050`) ### CVEs modified in the last Commit Recently modified CVEs: `4` -- [CVE-2024-10441](CVE-2024/CVE-2024-104xx/CVE-2024-10441.json) (`2025-03-27T09:15:13.927`) -- [CVE-2024-10445](CVE-2024/CVE-2024-104xx/CVE-2024-10445.json) (`2025-03-27T09:15:14.070`) -- [CVE-2024-45361](CVE-2024/CVE-2024-453xx/CVE-2024-45361.json) (`2025-03-27T08:15:17.263`) -- [CVE-2024-50629](CVE-2024/CVE-2024-506xx/CVE-2024-50629.json) (`2025-03-27T09:15:14.190`) +- [CVE-2024-0436](CVE-2024/CVE-2024-04xx/CVE-2024-0436.json) (`2025-03-27T11:15:35.710`) +- [CVE-2024-0763](CVE-2024/CVE-2024-07xx/CVE-2024-0763.json) (`2025-03-27T11:15:36.570`) +- [CVE-2024-54558](CVE-2024/CVE-2024-545xx/CVE-2024-54558.json) (`2025-03-27T12:15:13.477`) +- [CVE-2024-8053](CVE-2024/CVE-2024-80xx/CVE-2024-8053.json) (`2025-03-27T11:15:36.737`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c12f115c256..66d3331fe1d 100644 --- a/_state.csv +++ b/_state.csv @@ -243828,7 +243828,7 @@ CVE-2024-0432,0,0,40ddea47985bed893fbf8b1d050475ad40fc2113798b9e214041e86fab77a6 CVE-2024-0433,0,0,d680bd226b9288db7a430af873eb53cdea48bf8d7416e904156b1818458082cd,2025-02-10T14:43:32.977000 CVE-2024-0434,0,0,0c57c5e159e3e6c393bce0fbeb391a87baccb445e5bdfb638a63d25f31352e44,2024-11-21T08:46:35.013000 CVE-2024-0435,0,0,f3a94ee861258fc8ec79a7730c5cc7b622defaffa2c92eb31b3d930080b29e72,2025-02-25T22:55:58.797000 -CVE-2024-0436,0,0,fb868ea2b4152a41de242fb6022e1012532295461ff0ded45f4ce3f12d5cd7a5,2025-02-27T02:41:47.957000 +CVE-2024-0436,0,1,4ea26de99d7c4743a23c042f741802de843d3fdd480c7e67f2fbe6e8c41609b5,2025-03-27T11:15:35.710000 CVE-2024-0437,0,0,b3dbadc4bf51769a17424af985e0a0105b8dbb7d07004337c8d5eaa5c305f6a5,2024-11-21T08:46:35.363000 CVE-2024-0438,0,0,d8d9eff4f5112adcfa9d0d912a225f89819e081a28cbd99d4ee09d61949b8798,2024-12-27T15:51:18.320000 CVE-2024-0439,0,0,cf9bae371bf2d51ecf80b9e6f60c5c7be2772f9cde48a0fd585794ad6d1a857a,2025-02-27T02:42:37.823000 @@ -244142,7 +244142,7 @@ CVE-2024-0759,0,0,99b9eb8ee7043f71b6949c108b98a1a65f3d27bc16c58f4c0db3736fc04232 CVE-2024-0760,0,0,28b1688290a8429996cb15aa4a590dfc852aa2c256b386e9997c92991939332f,2024-11-21T08:47:18.850000 CVE-2024-0761,0,0,862e4c887a97ccd6e0ed5165f4de47f8991bd45bee511f493ef7ab898282e708,2025-03-24T14:32:35.300000 CVE-2024-0762,0,0,55ce0ccbbb179304c2f94ca58c87f5c89024696b56a67d10de02a4397359f1e2,2025-03-20T14:15:16.470000 -CVE-2024-0763,0,0,2fda1eb8296cb6fa787c30d0596620796cc26e6d14774e3e7885e7a139af41ee,2025-03-04T14:33:46.043000 +CVE-2024-0763,0,1,6575cb1dfcd212fa073fed0213858d81192b12758468cb886a506de01f8016ac,2025-03-27T11:15:36.570000 CVE-2024-0765,0,0,147924df3c2a99e28ac84acf5407b5a7987726a2c64f3e2adccb459d5985f3d0,2025-01-08T14:32:04.447000 CVE-2024-0766,0,0,8d8b47eb35ac4fbeaf262a06f0eddbbba34c1a2755f916cda469cbece9f642de,2025-01-08T18:43:16.317000 CVE-2024-0767,0,0,a7ee481ab1c66b7c498da64ae1084c6748849512829a473ad9f194f786a0f5bb,2025-01-08T18:42:46.573000 @@ -244778,11 +244778,11 @@ CVE-2024-10438,0,0,9ced19709ace1d6bfb86b8de1801377c2112b016d1dc92ec0264f2bb581a3 CVE-2024-10439,0,0,dff63217c69fae9244806d074600acaa18035b339be2a233d07b224cb66e4434,2024-10-31T00:35:36.173000 CVE-2024-1044,0,0,afe542ab3d14120a4dc6f87d2e56310efaf4c6644bbb29e84c8a93856ebe6be3,2025-02-05T14:39:38.177000 CVE-2024-10440,0,0,28edfb6b2838e0c83bba465fa859f9eabfcf16c21fbb114f33945ddeeeda5c34,2024-10-31T00:34:23.870000 -CVE-2024-10441,0,1,bcc571f371f99849fa6947b841ce1ebd06ed2be724f65ac00ff818dcae727660,2025-03-27T09:15:13.927000 +CVE-2024-10441,0,0,bcc571f371f99849fa6947b841ce1ebd06ed2be724f65ac00ff818dcae727660,2025-03-27T09:15:13.927000 CVE-2024-10442,0,0,a4840658738b809609aeb5cab59bac04ac7ad04c438ef21ac68a74cefac7e4bc,2025-03-19T03:15:11.790000 CVE-2024-10443,0,0,b5880eef6814beeb6face696da783710e442c740974fb86b9d2b4d745d2c39b7,2025-01-14T19:29:55.853000 CVE-2024-10444,0,0,7bb927b5564eb033ce963c7f9cb0aa9f8001deaea1e02717b87de3c6ee99fb6c,2025-03-19T02:15:28.297000 -CVE-2024-10445,0,1,70109605f87b2f0127267d02fa8cb2a0148d2463a7240908cab8dfcb4f12ba63,2025-03-27T09:15:14.070000 +CVE-2024-10445,0,0,70109605f87b2f0127267d02fa8cb2a0148d2463a7240908cab8dfcb4f12ba63,2025-03-27T09:15:14.070000 CVE-2024-10446,0,0,3d25a165556e0fad6d8407d42b9edffae95ba1513463aa6427887274dcd60e3e,2024-11-01T16:39:25.890000 CVE-2024-10447,0,0,1aabb36338a0fb4db4a2b1a8bcc54889f8acb58ed831d08462413a477f5f50d0,2024-10-31T01:23:46.300000 CVE-2024-10448,0,0,30527750f046c9cbebeef89666183ad8cc7981e5e7641fb5f3c0c165f52e1c10,2024-11-01T18:26:55.980000 @@ -268430,7 +268430,7 @@ CVE-2024-45354,0,0,7c90111e1c751fc9fa055c8c8ea15ff4091f036ff1ec808b1c4e4283c7140 CVE-2024-45355,0,0,3e5edc80d642adfd4fa6967dd356b90a54b44a922a4b0457ced66ec58892b5f0,2025-03-27T07:15:38.623000 CVE-2024-45356,0,0,6d23b1c73b04a4dcd1d83e18e331cfa2dc49ad3717e22d310d9adba515b2be3f,2025-03-27T08:15:16.297000 CVE-2024-4536,0,0,d554a9fba63153c422b87ae2d4b0219537ca1cbc00fd943074006c5d6a843426,2025-02-06T17:32:48.777000 -CVE-2024-45361,0,1,3ca49e7a5729e1b04c46c3ab1de7e907a91f25ed9af205023b510479a6a8e2d1,2025-03-27T08:15:17.263000 +CVE-2024-45361,0,0,3ca49e7a5729e1b04c46c3ab1de7e907a91f25ed9af205023b510479a6a8e2d1,2025-03-27T08:15:17.263000 CVE-2024-45366,0,0,d13f4b03dcbe654ea752888fe69e44580333b063ff67391732408feaba64beb9,2024-11-05T22:35:10.920000 CVE-2024-45367,0,0,64e84bc9ed60e849e1ae71705aae4a59b4ff0cb910f064adb8ff87e0d48d255e,2024-10-04T13:50:43.727000 CVE-2024-45368,0,0,25667bc7c124707859d40d5c6774ea2bc90601e6c98766cdc8f3cc6d89f039b0,2024-09-14T11:47:14.677000 @@ -272363,7 +272363,7 @@ CVE-2024-50625,0,0,600a63b94c23d23207c426e1e43b071296b787357ca99d17c5661761f04e2 CVE-2024-50626,0,0,ee346cb1a02e9d6ceaf318c396c6bbfc04e63993edcd6528fb39c33b5fb34c43,2024-12-12T02:06:32.817000 CVE-2024-50627,0,0,54f35ecd4423ba348ca66129853a9258eaef3460345ced0ea32309ba3face4cb,2024-12-11T17:15:17.200000 CVE-2024-50628,0,0,0643f111de6b649c82d0d465a05ff1bea2d7a2ca8f3d6abb1fa505b9869b41b4,2024-12-11T17:15:17.350000 -CVE-2024-50629,0,1,3ab50aa19ebf689fe8d57d8f4de1f5774923cb743d9a1b552f7b21d6e2840ac2,2025-03-27T09:15:14.190000 +CVE-2024-50629,0,0,3ab50aa19ebf689fe8d57d8f4de1f5774923cb743d9a1b552f7b21d6e2840ac2,2025-03-27T09:15:14.190000 CVE-2024-5063,0,0,c4410869e86851d742c625b6deef659a651b11dd076a037bf0676028b9f3f6c4,2025-03-03T16:05:23.833000 CVE-2024-50630,0,0,5c8281a1fa2d55a1383c52f2f4c6ed3a28e0d51d7e43af12525259f292ce7e7a,2025-03-19T06:15:15.620000 CVE-2024-50631,0,0,ef50b908f9f422c7751dd8f8612e0a5c00e37e0f7f0969be367d57d9248629fb,2025-03-19T06:15:15.773000 @@ -275159,7 +275159,7 @@ CVE-2024-5455,0,0,bb7f0660a3d41dc609cc2469cc15470bc23e52876e20e5d8aaba4695f97fb5 CVE-2024-54550,0,0,cb5f640e320b73770998ee626c9b44b663537cf2c840485556eb8cd618714818,2025-03-19T19:15:42.697000 CVE-2024-54551,0,0,c1d442e2b95c4314a061be15cb2a3adee0edf9c481a85a34152f51fb73f80036,2025-03-24T15:10:00.670000 CVE-2024-54557,0,0,3d0baeae19a93d052c3842b20411bb1817950b16584194ccb52fef0fc3d214c6,2025-01-31T22:15:10.300000 -CVE-2024-54558,0,0,ad8b0add0b02898d04357d1e74d21b1eb82ab896d6607a6544539e79153825e7,2025-03-24T15:08:16.257000 +CVE-2024-54558,0,1,6df7f918c0bd43abbaf5bd0dbdbfccbd8008cbb005870f82309cc6ed2738032f,2025-03-27T12:15:13.477000 CVE-2024-54559,0,0,5b3db2b5fbbc6fab62e19eafc1c2fe17d400722766836a69c673a57a3ee7c207,2025-03-24T15:06:55.983000 CVE-2024-5456,0,0,3a1546469deeff993eb12e81bd13a91014bb8b4c59bc306c05d9d1bfeb03ccf5,2024-11-21T09:47:43.173000 CVE-2024-54560,0,0,9511cfdaacf00672eafd77240d00bd440f12a816c756aa2ba7e9974225003b17,2025-03-14T11:53:55.893000 @@ -279129,7 +279129,7 @@ CVE-2024-8048,0,0,ff295b9c9c8fa93e0c6a3b5204f97237c28cc4185a00b44db9d7dce4c3cc3b CVE-2024-8049,0,0,274cda9f191d2467ab1f7fb567537911ee77e963260dcea32ea2b6e62622893b,2024-11-18T17:46:38.177000 CVE-2024-8051,0,0,8e9fee878d5e7631408c4906ee6d422d2dad39846c3e9dba922a4347408befb7,2024-09-27T18:19:41.863000 CVE-2024-8052,0,0,01bfdadf93739fc2d4fcd8ca2ee549a442e377fc63e756e286ed6ad0eef90332,2024-09-27T16:55:57.383000 -CVE-2024-8053,0,0,169d95c94960b5e7d9ae8a8a40db343b8e9737228e79ca7bbe9aa364fa18d8f1,2025-03-26T16:18:07.887000 +CVE-2024-8053,0,1,d881393c0b6ddb5d30d6ef7475ccfec241c7517a098c19367c307fab2461c964,2025-03-27T11:15:36.737000 CVE-2024-8054,0,0,7587a87813e515f4d1b36dbcf3c7051a83e94df022103a0c59749ae8c66becaa,2024-09-27T21:29:57.607000 CVE-2024-8055,0,0,defac75074f99c813190522e4786e6558148cab7b0432b3c8d8db6ce00cb167a,2025-03-20T10:15:40.127000 CVE-2024-8056,0,0,0063e3259bfec678c90e65014b514e3fc5b53335b06f114b8add8272bc670dcc,2024-09-27T21:29:42.600000 @@ -286584,7 +286584,7 @@ CVE-2025-29927,0,0,326931490ffe364c6a5bf57ee56c72d130519e69a3e9f76987d9e7afa4b7c CVE-2025-29930,0,0,5c209ec60ca4eeb14d225cb677e5ddb09384395f274bc0cae2e3304b0a41e066,2025-03-18T19:15:51.340000 CVE-2025-29932,0,0,53f0efdf01091cff461bff98b0acfceff82d6c29ce76a88fcb8941c3ef932c74,2025-03-25T13:15:41.520000 CVE-2025-29980,0,0,02b1f4fe8cc2958b2decdcfb4a2e99acadf56a3773103d9215c6253bff189364,2025-03-20T20:15:33.233000 -CVE-2025-29993,1,1,f47f28abef876c9a68a001548d9d677d9dbf424a19efe87eb50600ed05841a08,2025-03-27T10:15:14.063000 +CVE-2025-29993,0,0,f47f28abef876c9a68a001548d9d677d9dbf424a19efe87eb50600ed05841a08,2025-03-27T10:15:14.063000 CVE-2025-29994,0,0,8b1d4c4db8a5bb026ac4bf9b653f3b25d05b3b75f8c87e310d6dd90fa8b8e6c7,2025-03-13T12:15:13.660000 CVE-2025-29995,0,0,4e499babdfbbb2f8f3e0d85f41baf447f5b6555ca95dd3dd082c2591d71bbc2e,2025-03-13T12:15:13.830000 CVE-2025-29996,0,0,d9ce8180be5b647a2760a5e1584c793faf6e1ad0f69620939820540427591c65,2025-03-13T12:15:13.980000 @@ -286752,6 +286752,122 @@ CVE-2025-30621,0,0,5d4cdbcdb4b4fcd90b5f2b2106f218b95148d82610e047fabd8c26e50f6e3 CVE-2025-30623,0,0,1d1d541570cee9e8bd680cf66c388813ad97d6b9db28e22b406d83cc5fc8feed,2025-03-24T14:15:34.797000 CVE-2025-30741,0,0,7e28be04c44c5eca306e67e9d56487026b2aeeec1bb89000fe389b1b3e3b5fba,2025-03-25T21:15:43.527000 CVE-2025-30742,0,0,82bfc8ccfda2836c34319d2240fc7c5a7c72b6e004211ac7d9c3d7d639962089,2025-03-26T05:15:40.593000 +CVE-2025-30763,1,1,39889e656f9d0aa4f429fa749472a5d2c550ff55fac47575adeada533a26eb75,2025-03-27T11:15:37.123000 +CVE-2025-30764,1,1,d82047e392e2e999f151f29de45e66fdd15c0e31ad5d6031a2f753a6566b776f,2025-03-27T11:15:37.280000 +CVE-2025-30765,1,1,7dacbd1790b04a109644cf645b84eeca0c570cc362ae5ede8ea0034237a87844,2025-03-27T11:15:37.410000 +CVE-2025-30766,1,1,55a9da3bedede56a4e6f90f74350cbd7281170e527fe535195ee35e147765478,2025-03-27T11:15:37.550000 +CVE-2025-30767,1,1,1844a7ed8bf7c00855ac26367a0533356497ad9c225c3651da6cc798b1b604c5,2025-03-27T11:15:37.690000 +CVE-2025-30768,1,1,4a6c1d5d2a5088391be6f8adc6222f8970ef119234e683adb90a7f04452f62e5,2025-03-27T11:15:37.830000 +CVE-2025-30769,1,1,c1d48339618a7abfa6da942c61a0d0f418db823ec61719e32789eb30209e57f3,2025-03-27T11:15:37.970000 +CVE-2025-30770,1,1,c3bb3fa3fee1eb0bd3308e25766a563c4f95b77e6a6010815087bf500315ab4b,2025-03-27T11:15:38.113000 +CVE-2025-30771,1,1,ef4b74873363df60e4c6dee5e72cbd47ae7285d434c29dcdcedfc2099d66b0fb,2025-03-27T11:15:38.253000 +CVE-2025-30772,1,1,7b404413d3cc5b1d4de48fdab84ee7d82896d981cd486e15cd67767a81837530,2025-03-27T11:15:38.397000 +CVE-2025-30773,1,1,a4804053dbf63f8166ece5deee23d436fe06caab8ce2c890569b1d50095d44c1,2025-03-27T11:15:38.537000 +CVE-2025-30775,1,1,1f43a8e781532853a5d8e7027f69b503a5ee001d3a7c74fd686591ed9c30856b,2025-03-27T11:15:38.673000 +CVE-2025-30776,1,1,45e9e43462aef3a8665853c53fcb028a97cfaf8ae701f6befc9704d8df3dc3a2,2025-03-27T11:15:38.803000 +CVE-2025-30777,1,1,15de5b096cf502bb77ba14c28559e0df8201dcaf73f469f3e34eb816a2e77c5a,2025-03-27T11:15:38.930000 +CVE-2025-30779,1,1,3d2306fdae2aff7dd1ffa06fc1aa4c7b3874130fd42e9194a84f048dc08be17b,2025-03-27T11:15:39.060000 +CVE-2025-30780,1,1,d879668a54d4395f838c07292248bae5b148bdedd69541ee6fdd68ee07674293,2025-03-27T11:15:39.193000 +CVE-2025-30781,1,1,b0a94460754d488354ba342ef4b81e21026ac3998cd1fbb0e41fc59b92a98ef8,2025-03-27T11:15:39.320000 +CVE-2025-30783,1,1,1a7af47f7dbdd438b5b51131e7b40420f6c183c6f052a20bd87a4c9f24bd15e3,2025-03-27T11:15:39.447000 +CVE-2025-30784,1,1,d8dc43fc387164c31c8067b9824226598daba3d3d8276d73ba3a581a0364c69b,2025-03-27T11:15:39.577000 +CVE-2025-30785,1,1,13e4ab3a5794ec08b9506a41462aa6efe3cf252327c3f154d39aae5055f98f45,2025-03-27T11:15:39.703000 +CVE-2025-30786,1,1,dddb57b43ee307982bb3666ef217b65975d1c8a4b5dc4d5ba679b1a79da1b12c,2025-03-27T11:15:39.833000 +CVE-2025-30787,1,1,23287c336118014a60e5621af7ac16f4c7caec7c079df062c01f42b2de850bfd,2025-03-27T11:15:39.963000 +CVE-2025-30788,1,1,541a9ce8b945c7b295fb01b961eec3925a24458e8670011af95e03d3e6d26bc2,2025-03-27T11:15:40.093000 +CVE-2025-30789,1,1,1bdf1584dcc62a7eacaee3a0cff08a8aaed38b6d2cfe820fba7eeb4ccde254c8,2025-03-27T11:15:40.223000 +CVE-2025-30790,1,1,98bab4f1dcbe1a3f18f2011724403d88e3008d0cce7c20df3c3dda5db8549377,2025-03-27T11:15:40.357000 +CVE-2025-30791,1,1,750a22208a83fbf2d9deb7bc03a849886e98a5c1de69eb80bbb65e188c80d256,2025-03-27T11:15:40.490000 +CVE-2025-30792,1,1,a5188a014a5d0dee0c2d1ad23943ebce7c1a4912dbb73937ac1b41bdf400a24e,2025-03-27T11:15:40.620000 +CVE-2025-30795,1,1,e2597120c79e705628a285d60d54dc72a84053cb73bb5de800e7ca58a48cded1,2025-03-27T11:15:40.753000 +CVE-2025-30799,1,1,37fb41ad0da45ffabb69128dbd8788de765ba674c54911ad6a6bd9ed25ee0fbd,2025-03-27T11:15:40.883000 +CVE-2025-30800,1,1,ba8bfc7515b0bc959f550c0bedcf4cedace4d3adfdf92482dd2db6da5500c524,2025-03-27T11:15:41.017000 +CVE-2025-30801,1,1,192f82cdba857f035043f4eec22e73123c71e540baa7b334dd32506f98ead5e8,2025-03-27T11:15:41.157000 +CVE-2025-30803,1,1,b25a5fd631de012fc59e7ea1b6f0e216f4c52e5d8b880f2777294438dbfc1124,2025-03-27T11:15:41.297000 +CVE-2025-30804,1,1,993311ddfb1b63269db8ec17dded733d9fd39d7722827e076305d72e0080bc84,2025-03-27T11:15:41.440000 +CVE-2025-30805,1,1,4bb54a18815546be3b216336041138135630a2dc7882196231c425f09d431d4c,2025-03-27T11:15:41.573000 +CVE-2025-30806,1,1,5b96a0a809769999cd1373bfd22d3a6117db61a21a8b4e82fb5e5c0eb02fbcd6,2025-03-27T11:15:41.703000 +CVE-2025-30809,1,1,aaedad698c69377e1e8c1eba26a377d3a7bbe411ad1392db557bbe0c78105d58,2025-03-27T11:15:41.837000 +CVE-2025-30810,1,1,be37cfcae069825a80f8b4df5875b20170bf6f865a6575b15c8a72661382ad22,2025-03-27T11:15:41.970000 +CVE-2025-30811,1,1,b9c050b73af72b47feb26044fbe21ae1bc050099bc2a123dba537066f87544f4,2025-03-27T11:15:42.103000 +CVE-2025-30812,1,1,5d0b1cb0dc3d2a24f759ccab5bdce860489c99566cfccf34050b7fc58159db45,2025-03-27T11:15:42.237000 +CVE-2025-30813,1,1,bddc42c08f29438e5ceb090da680ce47f2c92cdfab29f96fa6fe5c9dfd20be88,2025-03-27T11:15:42.370000 +CVE-2025-30814,1,1,b28ed28c58484f3fa07ead6bb9d832f490ad017f28f2ff3698e17e279def1205,2025-03-27T11:15:42.503000 +CVE-2025-30815,1,1,118ad1af7f93a857a2de20aaf8476e5f69d39e7c16d096ca8e1241fd1fe95d70,2025-03-27T11:15:42.640000 +CVE-2025-30816,1,1,eb46df4e53cb2c5b3837f2c68fe2b17ecae5f23c9f5d7b84db49fa415ea51c01,2025-03-27T11:15:42.773000 +CVE-2025-30817,1,1,acc7e168eb08374baee58acc533d5b14265a603fbd454d59619c4d3ccdcc3a47,2025-03-27T11:15:42.907000 +CVE-2025-30818,1,1,8c94773c5664558820964336a4ef2e3426d5dea91eab29eb72e162e58280236b,2025-03-27T11:15:43.047000 +CVE-2025-30819,1,1,838424f928d89f165d07dc7c8bc08be10cb1e1a1d23d33fa29c55e3083239d5d,2025-03-27T11:15:43.183000 +CVE-2025-30820,1,1,cf60296161f08380ea3f873857b7331dcc5ef3596c07dcdae585143953ac3e06,2025-03-27T11:15:43.320000 +CVE-2025-30821,1,1,676bdfcdbe8a6b7be67a021c8c33158d77680de2cc0771e307eabab1425ad435,2025-03-27T11:15:43.453000 +CVE-2025-30822,1,1,2ca43a6718dddc00f71df5505a129f54651b0d5ef6c45c2cb9b5bdb87d7d252c,2025-03-27T11:15:43.583000 +CVE-2025-30823,1,1,902f3a6d08a6385aa155a16738891764492882ef1fdb912771616fc772e913e6,2025-03-27T11:15:43.713000 +CVE-2025-30824,1,1,86f6f46c83590bc8f7128f23c55e1905fb345bbbe4c0e796fea77e340ce6bfd4,2025-03-27T11:15:43.847000 +CVE-2025-30826,1,1,d7fa20332fa3ddfe388f259e22e43423996b0ddd68d17aa6deb392b46705a46e,2025-03-27T11:15:43.980000 +CVE-2025-30828,1,1,9dca4cac104de8663fe754f10d7a01b8022f04dd7350b9808d24484871a58a03,2025-03-27T11:15:44.117000 +CVE-2025-30829,1,1,465251114ae5c10ddba1b88fff66af24b4b767e925af98aaa1347e6822123d77,2025-03-27T11:15:44.257000 +CVE-2025-30830,1,1,2345f2513da96843e70368326f841a4504ed899d4909d0016ee76f0c3ea56b89,2025-03-27T11:15:44.390000 +CVE-2025-30831,1,1,9e65dbb37d78ff3f2f28efd6519db6b2c82844d5156da8e715668be4cbc282e8,2025-03-27T11:15:44.520000 +CVE-2025-30832,1,1,9f5dc0f51b83a3ac0968812330d12eca604a1ea9e17c6aacb62a62f4b4d881b8,2025-03-27T11:15:44.653000 +CVE-2025-30833,1,1,be03f126d3eadc01360716bc6b5c0c3ad7c9a9b40b2c89c1f0024d2c2a752303,2025-03-27T11:15:44.793000 +CVE-2025-30836,1,1,e9a46c04f5bb64c092349053940bc6e240b0f3f846b018da3dd9e401b36870bd,2025-03-27T11:15:44.930000 +CVE-2025-30838,1,1,fd673e773bf9fcea90824e121f4c747de814a18a0255838f507da65720cd8076,2025-03-27T11:15:45.060000 +CVE-2025-30839,1,1,3caed30a23c638eabe5fd7b4027cf2660b69652e716bcbdb5d7dd51292453bb4,2025-03-27T11:15:45.193000 +CVE-2025-30842,1,1,08caf6e34f41253416d57a645d8cf584e4ad24a4200e3a7dbd86abb3ef00ecd8,2025-03-27T11:15:45.340000 +CVE-2025-30843,1,1,7143c551915d523158d05968026e2f4e2d14cd83900540d3b5402ebb42e06f7e,2025-03-27T11:15:45.490000 +CVE-2025-30845,1,1,319b1165b367b729bfe9bbd5767dbd326d01e7e4cc9c88662db1b986c90232bc,2025-03-27T11:15:45.643000 +CVE-2025-30846,1,1,e54240a3a047eaedc91248c22a2207f0cdb347f5018dcb2c5b824992f23bcda3,2025-03-27T11:15:45.787000 +CVE-2025-30847,1,1,c86f3fbe7643cd397236fab9c82041aab89ba3bf41bd24af6a3c48ff274337af,2025-03-27T11:15:45.923000 +CVE-2025-30850,1,1,a259e2d75b46aee290ca84e9342eb78fa91f16c72317c026797759e6ec1ace3f,2025-03-27T11:15:46.067000 +CVE-2025-30851,1,1,f3b6ae6365d75ec100a576378f4084a218b8ad4f72b0710531d59aa8c41ce7f2,2025-03-27T11:15:46.217000 +CVE-2025-30854,1,1,98bededaf13fd5ff8390d19fc803ef1762cdc4dc88f086aa69ec38d67f893950,2025-03-27T11:15:46.390000 +CVE-2025-30856,1,1,a9788b9a90c1b7a47206fbc6979e0198a5f2d2521526b9f4995e8fde03c43ff7,2025-03-27T11:15:46.547000 +CVE-2025-30857,1,1,bc71b0b8c59b0726eb889406d4d922703879d3ccf66758cda43c49fe040d0277,2025-03-27T11:15:46.700000 +CVE-2025-30859,1,1,ffcdb1442d6f4e030646b7502626f3c967253e16faba2cc4e9c62b61f697c42b,2025-03-27T11:15:46.843000 +CVE-2025-30860,1,1,7630627d89707d6ddc6a49e5bc6b08b66f1f6d5617810d9de07979201487e216,2025-03-27T11:15:46.983000 +CVE-2025-30861,1,1,cbe4c49a5c773490d6f642ff430725ef3243f3258048cdef3b6745f52b1fe231,2025-03-27T11:15:47.130000 +CVE-2025-30862,1,1,4a6483f218b423471e187d9bbcc72b2cc8b2195f1f1e57169b8dc6f3a4197d2f,2025-03-27T11:15:47.273000 +CVE-2025-30863,1,1,a84a1e9b018321594fa5f1f967f4a1dff85608d02e49ad2a92ee27e2541b8475,2025-03-27T11:15:47.410000 +CVE-2025-30864,1,1,b93c06c70b34cec62306a2dbadba2c893bd5082f5561887d3ab38c8b3dbbdb9f,2025-03-27T11:15:47.550000 +CVE-2025-30865,1,1,265623669233430b65a2e08d57f700bac46ec3deb026c640b09b5eb3599bd121,2025-03-27T11:15:47.683000 +CVE-2025-30866,1,1,14c74938d25f7e385207d843dda206f02c14eb5cf3e8320f389e77ef5261a99e,2025-03-27T11:15:47.820000 +CVE-2025-30867,1,1,3f20355fbd0d6af51c5a1d1a2fec3207af9df1667086f79802c08bffb9ae8837,2025-03-27T11:15:47.960000 +CVE-2025-30868,1,1,b470d7ad4f1495e0e652356d4d6a91b7a7599b2172530838c046594833872629,2025-03-27T11:15:48.103000 +CVE-2025-30871,1,1,a000bc903549f6f648ca11922df4aa7a62240213e8f16332681ab5e5d1f0ec3b,2025-03-27T11:15:48.243000 +CVE-2025-30872,1,1,d4a3b1f1229c64741c46b75115b7c0f3117aaf9413931ec1c80a4f063d1a04c4,2025-03-27T11:15:48.383000 +CVE-2025-30873,1,1,3343a23703a19405a1e17ec945ca39b02d2d755faa4a169f461ea4d9fd39707b,2025-03-27T11:15:48.523000 +CVE-2025-30874,1,1,74256f926676dad5b3526a770530c4369a715033600b5f785f0be887cc1385f1,2025-03-27T11:15:48.663000 +CVE-2025-30877,1,1,cff41e3e62a5e20d00f46ad9c8a944528bbf5b2d02abceb2ba1092cde4ce759b,2025-03-27T11:15:48.803000 +CVE-2025-30879,1,1,a83c7c7a6d42fd4d83c18079969332736c0fe9fa9a2df56f1678a48c58a9c397,2025-03-27T11:15:48.940000 +CVE-2025-30881,1,1,67b57d57629ac91844ec415e12086962ddefd3a60c62ecb299710cccefe18612,2025-03-27T11:15:49.080000 +CVE-2025-30883,1,1,1c60c3d4a7e672f8ea8691b9b69f93c2cbb7bc84dace1d5599ea2b93c4382ece,2025-03-27T11:15:49.220000 +CVE-2025-30884,1,1,e65b7a898497ad7e84f02e5dfb052d498699095d6a6152d1a66c648f950be870,2025-03-27T11:15:49.357000 +CVE-2025-30885,1,1,0bfa8fd339847729a18ca15293396c85fc24da47d6619009315cd32260d2e37d,2025-03-27T11:15:49.493000 +CVE-2025-30887,1,1,b148d8a638737e12a427a006054c4e9b08b2335f1e54c96c3d18e74d918f8bc1,2025-03-27T11:15:49.633000 +CVE-2025-30888,1,1,66e8b99860de24e2cf4aa9c9c42089a0929eed7fdc7bbbba2934882edbe4a08f,2025-03-27T11:15:49.773000 +CVE-2025-30890,1,1,2d975cc3a277f0c13bf15688f7ba46f08efc6585282d9d38d370e6306e008dfe,2025-03-27T11:15:49.920000 +CVE-2025-30891,1,1,d9910e0ff90b50034f918739a07bf95f0c0ea5ebe919a2bf091a214915f35065,2025-03-27T11:15:50.057000 +CVE-2025-30893,1,1,d0df00b56fb08fd4e7432991476493ff8487ee8dfd551672b2272e62ad9dea85,2025-03-27T11:15:50.190000 +CVE-2025-30894,1,1,9992f549749e75a04fe1fde663ac7e3899986d60a632577f480e7f5123b6bc23,2025-03-27T11:15:50.333000 +CVE-2025-30895,1,1,221fb2b35fbcaf520b626c2eea1946bf77a04d20e2cead0766da1abb6e44172e,2025-03-27T11:15:50.470000 +CVE-2025-30896,1,1,6bf39d5a14c3421b3b96803dfdd68443af03c66e9917de2b5f9fcec9ab0c5f7f,2025-03-27T11:15:50.623000 +CVE-2025-30897,1,1,5615ab5cd724997fcb2e37b9250c265ff319273445454e40f23bdf01df31cb63,2025-03-27T11:15:50.777000 +CVE-2025-30898,1,1,92de8d17dc875d2b49d6eaa0a3d69cc76c4f62b204de0f0766029f2aa342e7e4,2025-03-27T11:15:50.920000 +CVE-2025-30899,1,1,0a59543e52624b8e6fd4e12a57b16fe2d93dcbdba52c77955bd38b58c92a8ce8,2025-03-27T11:15:51.060000 +CVE-2025-30900,1,1,965f257b3455b84aa1c93185f51246331412486fdc718af0f67269805f6481f2,2025-03-27T11:15:51.200000 +CVE-2025-30903,1,1,fbe8be9b4e6bb1a3b2c1e0501ae84a051687c58b3ca7a1f31c9d0aa3bad43a6d,2025-03-27T11:15:51.340000 +CVE-2025-30904,1,1,25938fb941a0ff457301e96075e8e316c829840772bc37d572ab72efb17679dd,2025-03-27T11:15:51.480000 +CVE-2025-30907,1,1,fdd8f86ad41f1534cf809751b599b8b45335180012e2b1042b8d82f73153727a,2025-03-27T11:15:51.620000 +CVE-2025-30909,1,1,fedb80421d217c51e2e0de76ccd6bd59ba3039f765a8186a631bb3f76ca304ec,2025-03-27T11:15:51.773000 +CVE-2025-30912,1,1,c65927b99fdfaaabf42fda163453e7210cd544c5dc64e71badce1a59596a3f59,2025-03-27T11:15:51.953000 +CVE-2025-30914,1,1,d160cc632b7dbcbcc2e20c0809db0edf9e7b7294fcd79560d24b6de0f12306f8,2025-03-27T11:15:52.130000 +CVE-2025-30918,1,1,01673aa312f93c054b433c23d1e33d84667a262d0f67920d87437e103f0e6ce9,2025-03-27T11:15:52.277000 +CVE-2025-30919,1,1,4ecb47f57307a5408b631cb72d46243df14795cd134028c9069888a3ae8e9c35,2025-03-27T11:15:52.477000 +CVE-2025-30920,1,1,95871c9841129a7d42e3e336ec7919df9d1434c695c7aa3c31cca2604c8a3257,2025-03-27T11:15:52.633000 +CVE-2025-30921,1,1,796642d7df0cf90449c11303fc529302c82244ba38f566d3663b7f90c0397cc1,2025-03-27T11:15:52.770000 +CVE-2025-30922,1,1,0706a84c6b97b52e7d99f8864f89e319fa7524bb673e46e4430d069d18077903,2025-03-27T11:15:52.917000 +CVE-2025-30923,1,1,f912ed1cec9b0e2ad0207f4007546f63e690bf8c7e1ab07b57757fadf10029cc,2025-03-27T11:15:53.053000 +CVE-2025-30925,1,1,8401ada8a3f0e9dba3d2fb6b3c3d5971c963ebb700ddd4d01eceb96130d581ae,2025-03-27T11:15:53.207000 CVE-2025-31105,0,0,3ea420eb0f78514b1d8574d41cb07f9b0316bbcde24f1aa0f802339e7a9adf19,2025-03-27T04:15:27.447000 CVE-2025-31106,0,0,9cd943c74a3d3aeb9d7fce7b86609160c2b3b46f9adb8d4161fa966b85a9a529,2025-03-27T04:15:28.007000 CVE-2025-31107,0,0,8505daa1494574bd4bf6fc3a5ca5fa621c0917e37c7c10d9dd14774eec62a678,2025-03-27T04:15:28.073000 @@ -286761,5 +286877,8 @@ CVE-2025-31110,0,0,9c1e095e916574b5bad3dc98545645eb35bcfc3a15748b26a91c424286375 CVE-2025-31111,0,0,708ed17ed7ca590b80cc7bf7efff771b88139eb264b9a4c93912c661b895b119,2025-03-27T04:15:29.310000 CVE-2025-31112,0,0,19710893cdeca6b79e6ed61173b8773b8204171d0fa597c5282b3a5c8595c248,2025-03-27T04:15:29.427000 CVE-2025-31113,0,0,e197f9731c7d6bd9e53ba8f025a3a8ac307f507846eecfd137f3c958a7e0d19f,2025-03-27T04:15:29.493000 +CVE-2025-31139,1,1,6d176b4943ceb8a04b873352e6b210806674e6371da57c621002a9eaf9fbf016,2025-03-27T12:15:14.660000 +CVE-2025-31140,1,1,96d3eabfb625861a03a74525ef34a239c0affa780be84f292e6d027b848c3194,2025-03-27T12:15:14.860000 +CVE-2025-31141,1,1,f0bd16fa2a75a046f35d53dd8b82904cdd55b2a94c77dba49afa6d6b37a9e7c9,2025-03-27T12:15:15.050000 CVE-2025-31160,0,0,c4d26cd39b22c1eb60b511d116139849ae72eca61a146878ebb8742a164c4465,2025-03-27T03:15:14.270000 CVE-2025-31165,0,0,a3590b636506a483e689b549fb117036abcb2f3b83a41aaf2fd828f17eb41c91,2025-03-27T04:15:29.567000