Auto-Update: 2025-01-25T07:00:19.378680+00:00

2025-07-11 16:13:34 +00:00 · 2025-01-25 07:03:46 +00:00 · 2025-01-25 07:03:46 +00:00 · 6de6b40bd6
commit 6de6b40bd6
parent 475aee6968
5 changed files with 191 additions and 6 deletions
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-13721",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-01-25T06:15:27.860",
  "lastModified": "2025-01-25T06:15:27.860",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-85"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/plethora-tabs-accordions/trunk/plethoraplugins-tabs.php#L423",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9755e5d4-dbf6-4778-84d6-cc967e8afb48?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
+++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2025-0411",
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "published": "2025-01-25T05:15:09.533",
  "lastModified": "2025-01-25T05:15:09.533",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/",
      "source": "zdi-disclosures@trendmicro.com"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2025/01/24/6",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json
+++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2025-0682",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-01-25T06:15:28.740",
  "lastModified": "2025-01-25T06:15:28.740",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15a9718f-f877-4e33-8f7a-950791c4ca85?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2025-01-25T05:00:19.644483+00:00
+2025-01-25T07:00:19.378680+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2025-01-25T04:15:07.670000+00:00
+2025-01-25T06:15:28.740000+00:00
 ```
 ### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-278932
+278935
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `1`
+Recently added CVEs: `3`
- [CVE-2024-13709](CVE-2024/CVE-2024-137xx/CVE-2024-13709.json) (`2025-01-25T04:15:07.670`)
+- [CVE-2024-13721](CVE-2024/CVE-2024-137xx/CVE-2024-13721.json) (`2025-01-25T06:15:27.860`)
 - [CVE-2025-0411](CVE-2025/CVE-2025-04xx/CVE-2025-0411.json) (`2025-01-25T05:15:09.533`)
 - [CVE-2025-0682](CVE-2025/CVE-2025-06xx/CVE-2025-0682.json) (`2025-01-25T06:15:28.740`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -246176,9 +246176,10 @@ CVE-2024-13683,0,0,fb57f44e8b2d58d524faa1dd2ea3874f278594c1d56e7f409ae90b680d7e7
 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000
 CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000
 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
-CVE-2024-13709,1,1,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
+CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
 CVE-2024-1371,0,0,700f360c37065b466d7daf295c0b566055365a6732e2b4756cd7fe3bd3dfd8e6,2024-11-21T08:50:26.150000
 CVE-2024-1372,0,0,ba2b445471fec156b955b505675756eb0a79c6540c94f30d84a8242b3e912ff8,2024-11-21T08:50:26.277000
 CVE-2024-13721,1,1,1ec94cb9c62b02c9472486b901c3addbef65df476872a8f8db6b902dfdcff790,2025-01-25T06:15:27.860000
 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000
 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@ -277566,6 +277567,7 @@ CVE-2025-0407,0,0,8d1bea41d96dceb0e8000e5eb9f589c13396bad4054ce09f0d87bbcc36005a
 CVE-2025-0408,0,0,2729cf9415a38755adad695073dad161acc79ef38638b787879efcd1f5040e8e,2025-01-13T14:15:10.073000
 CVE-2025-0409,0,0,9622ef176974a666883ccef87aa9961f8329f556e68cbb6ca3f25010c47796f0,2025-01-13T18:15:21.430000
 CVE-2025-0410,0,0,77fcc9d20cbc72a10bd98fd8a0d76eb1f68bad51f3fb695c8bb4e738dc713659,2025-01-13T18:15:21.730000
 CVE-2025-0411,1,1,506084f290a8ea5ea4a0efc27b50984e7338b12946697eca474a50bc0a957a87,2025-01-25T05:15:09.533000
 CVE-2025-0412,0,0,c39a3dcab0c6d49c3211d3247bc68e95a0d8b1c80f2a5bafe11ee5bd72adb69a,2025-01-13T04:15:06.477000
 CVE-2025-0428,0,0,53ca33b8751cace74b1767e06da6e1ef57d9382b6c96eab72106c311721ef6db,2025-01-24T20:56:49.767000
 CVE-2025-0429,0,0,78859fcdeaa45b49773faf4a287c5acdb235628b0cbfb95e3aa51c974c22a44b,2025-01-24T20:51:18.657000
@ -277671,6 +277673,7 @@ CVE-2025-0638,0,0,ac9cca0d245198ff4674963eab0600993bc0b56692f14b75cf07327388ff27
 CVE-2025-0648,0,0,f9d79465ad3803b75ff57d725f789e40aa0e726161afba05440d8db3881a4794,2025-01-23T11:15:11.030000
 CVE-2025-0650,0,0,c255caf8716f9fc68172a701cd0571e8e2d98976a4a7a688b3c43cb943fe86cc,2025-01-23T18:15:33.110000
 CVE-2025-0651,0,0,8c67aa0f80c9f1e30412c542495f9f971e1fa118a8f80db65a60da0b955bdf05,2025-01-22T18:15:20.363000
 CVE-2025-0682,1,1,92fd5473746c4976c6352d82859f2d6dd42876faa3743bd2fa1f5cfd951d9a04,2025-01-25T06:15:28.740000
 CVE-2025-0693,0,0,2dbd0ee2fa3f9bda7df2c547c0b425cdbbb9ef75c33ee753ae3804f02fa74725,2025-01-23T22:15:15.397000
 CVE-2025-0697,0,0,2b300d6fe20cc05389e1f1da76da10c584853d80e73da80ea6280f5fc93d0276,2025-01-24T15:15:12.130000
 CVE-2025-0698,0,0,41b2c00dd6b2e11497e6ad0d5935ff7e418c7e8ce23cb7590bf86289758b8bd6,2025-01-24T16:15:37.717000