From 6de6b40bd68566a526f91f57b0670fc5a5975e3d Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sat, 25 Jan 2025 07:03:46 +0000
Subject: [PATCH] Auto-Update: 2025-01-25T07:00:19.378680+00:00

---
 CVE-2024/CVE-2024-137xx/CVE-2024-13721.json | 60 +++++++++++++++++++++
 CVE-2025/CVE-2025-04xx/CVE-2025-0411.json   | 60 +++++++++++++++++++++
 CVE-2025/CVE-2025-06xx/CVE-2025-0682.json   | 60 +++++++++++++++++++++
 README.md                                   | 12 +++--
 _state.csv                                  |  5 +-
 5 files changed, 191 insertions(+), 6 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13721.json
 create mode 100644 CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
 create mode 100644 CVE-2025/CVE-2025-06xx/CVE-2025-0682.json

diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json
new file mode 100644
index 00000000000..737dedf7c6b
--- /dev/null
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13721",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-25T06:15:27.860",
+  "lastModified": "2025-01-25T06:15:27.860",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-85"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/plethora-tabs-accordions/trunk/plethoraplugins-tabs.php#L423",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9755e5d4-dbf6-4778-84d6-cc967e8afb48?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0411.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
new file mode 100644
index 00000000000..82fe3c18405
--- /dev/null
+++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-0411",
+  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
+  "published": "2025-01-25T05:15:09.533",
+  "lastModified": "2025-01-25T05:15:09.533",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "zdi-disclosures@trendmicro.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "zdi-disclosures@trendmicro.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-693"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/",
+      "source": "zdi-disclosures@trendmicro.com"
+    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2025/01/24/6",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json
new file mode 100644
index 00000000000..1b56cc6e229
--- /dev/null
+++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-0682",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-25T06:15:28.740",
+  "lastModified": "2025-01-25T06:15:28.740",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-98"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15a9718f-f877-4e33-8f7a-950791c4ca85?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 2a5e03e390c..f2951c845e0 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-25T05:00:19.644483+00:00
+2025-01-25T07:00:19.378680+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-25T04:15:07.670000+00:00
+2025-01-25T06:15:28.740000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-278932
+278935
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-13709](CVE-2024/CVE-2024-137xx/CVE-2024-13709.json) (`2025-01-25T04:15:07.670`)
+- [CVE-2024-13721](CVE-2024/CVE-2024-137xx/CVE-2024-13721.json) (`2025-01-25T06:15:27.860`)
+- [CVE-2025-0411](CVE-2025/CVE-2025-04xx/CVE-2025-0411.json) (`2025-01-25T05:15:09.533`)
+- [CVE-2025-0682](CVE-2025/CVE-2025-06xx/CVE-2025-0682.json) (`2025-01-25T06:15:28.740`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index 3fd436ef270..beb742d0be1 100644
--- a/_state.csv
+++ b/_state.csv
@@ -246176,9 +246176,10 @@ CVE-2024-13683,0,0,fb57f44e8b2d58d524faa1dd2ea3874f278594c1d56e7f409ae90b680d7e7
 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000
 CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000
 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
-CVE-2024-13709,1,1,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
+CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
 CVE-2024-1371,0,0,700f360c37065b466d7daf295c0b566055365a6732e2b4756cd7fe3bd3dfd8e6,2024-11-21T08:50:26.150000
 CVE-2024-1372,0,0,ba2b445471fec156b955b505675756eb0a79c6540c94f30d84a8242b3e912ff8,2024-11-21T08:50:26.277000
+CVE-2024-13721,1,1,1ec94cb9c62b02c9472486b901c3addbef65df476872a8f8db6b902dfdcff790,2025-01-25T06:15:27.860000
 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000
 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@@ -277566,6 +277567,7 @@ CVE-2025-0407,0,0,8d1bea41d96dceb0e8000e5eb9f589c13396bad4054ce09f0d87bbcc36005a
 CVE-2025-0408,0,0,2729cf9415a38755adad695073dad161acc79ef38638b787879efcd1f5040e8e,2025-01-13T14:15:10.073000
 CVE-2025-0409,0,0,9622ef176974a666883ccef87aa9961f8329f556e68cbb6ca3f25010c47796f0,2025-01-13T18:15:21.430000
 CVE-2025-0410,0,0,77fcc9d20cbc72a10bd98fd8a0d76eb1f68bad51f3fb695c8bb4e738dc713659,2025-01-13T18:15:21.730000
+CVE-2025-0411,1,1,506084f290a8ea5ea4a0efc27b50984e7338b12946697eca474a50bc0a957a87,2025-01-25T05:15:09.533000
 CVE-2025-0412,0,0,c39a3dcab0c6d49c3211d3247bc68e95a0d8b1c80f2a5bafe11ee5bd72adb69a,2025-01-13T04:15:06.477000
 CVE-2025-0428,0,0,53ca33b8751cace74b1767e06da6e1ef57d9382b6c96eab72106c311721ef6db,2025-01-24T20:56:49.767000
 CVE-2025-0429,0,0,78859fcdeaa45b49773faf4a287c5acdb235628b0cbfb95e3aa51c974c22a44b,2025-01-24T20:51:18.657000
@@ -277671,6 +277673,7 @@ CVE-2025-0638,0,0,ac9cca0d245198ff4674963eab0600993bc0b56692f14b75cf07327388ff27
 CVE-2025-0648,0,0,f9d79465ad3803b75ff57d725f789e40aa0e726161afba05440d8db3881a4794,2025-01-23T11:15:11.030000
 CVE-2025-0650,0,0,c255caf8716f9fc68172a701cd0571e8e2d98976a4a7a688b3c43cb943fe86cc,2025-01-23T18:15:33.110000
 CVE-2025-0651,0,0,8c67aa0f80c9f1e30412c542495f9f971e1fa118a8f80db65a60da0b955bdf05,2025-01-22T18:15:20.363000
+CVE-2025-0682,1,1,92fd5473746c4976c6352d82859f2d6dd42876faa3743bd2fa1f5cfd951d9a04,2025-01-25T06:15:28.740000
 CVE-2025-0693,0,0,2dbd0ee2fa3f9bda7df2c547c0b425cdbbb9ef75c33ee753ae3804f02fa74725,2025-01-23T22:15:15.397000
 CVE-2025-0697,0,0,2b300d6fe20cc05389e1f1da76da10c584853d80e73da80ea6280f5fc93d0276,2025-01-24T15:15:12.130000
 CVE-2025-0698,0,0,41b2c00dd6b2e11497e6ad0d5935ff7e418c7e8ce23cb7590bf86289758b8bd6,2025-01-24T16:15:37.717000