diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json new file mode 100644 index 00000000000..2bbc805e7f7 --- /dev/null +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-4455", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-19T08:15:13.220", + "lastModified": "2025-04-19T08:15:13.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.exploit-db.com/exploits/50533", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de9183c-95b9-4500-85e2-08dcee956360?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3404.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3404.json new file mode 100644 index 00000000000..b5f2040be8e --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3404.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-3404", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-19T08:15:13.780", + "lastModified": "2025-04-19T08:15:13.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4bf32cf5c45..f4d1b39d2b8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-19T08:00:19.922788+00:00 +2025-04-19T10:00:19.885624+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-19T07:15:13.250000+00:00 +2025-04-19T08:15:13.780000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290900 +290902 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-13926](CVE-2024/CVE-2024-139xx/CVE-2024-13926.json) (`2025-04-19T06:15:18.347`) -- [CVE-2025-2111](CVE-2025/CVE-2025-21xx/CVE-2025-2111.json) (`2025-04-19T06:15:19.657`) -- [CVE-2025-3797](CVE-2025/CVE-2025-37xx/CVE-2025-3797.json) (`2025-04-19T07:15:13.250`) -- [CVE-2025-3809](CVE-2025/CVE-2025-38xx/CVE-2025-3809.json) (`2025-04-19T06:15:19.960`) +- [CVE-2021-4455](CVE-2021/CVE-2021-44xx/CVE-2021-4455.json) (`2025-04-19T08:15:13.220`) +- [CVE-2025-3404](CVE-2025/CVE-2025-34xx/CVE-2025-3404.json) (`2025-04-19T08:15:13.780`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 0fae068cec8..db088b44374 100644 --- a/_state.csv +++ b/_state.csv @@ -185737,6 +185737,7 @@ CVE-2021-44545,0,0,7028fb142f00073c7946b672f2300046564e5efec3c7e574f45814b31d120 CVE-2021-44547,0,0,e1b35c68e3f8401880b07e59afed19077e4b56bdf48baaf8c949e189dc39ea7d,2024-11-21T06:31:12.333000 CVE-2021-44548,0,0,2d48fe28684af15895e9773f250bbc741ea4fa16501618e309cd4c435b91ba16,2024-11-21T06:31:12.457000 CVE-2021-44549,0,0,6831fced5594a6b4a5cbff2541e9ce1a0eee5f7b4b4f48df146da51cfd776065,2024-11-21T06:31:12.580000 +CVE-2021-4455,1,1,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000 CVE-2021-44550,0,0,5af7bba0e92faa96a09f9ee5deb8cb2046d16ed1b302b816e3cf61ed174716e4,2024-11-21T06:31:12.700000 CVE-2021-44554,0,0,7b13dd9b102d97854d9adf8fa6293bdf2ea7c2db3b1b708995b7e3f84448bbc1,2024-11-21T06:31:12.863000 CVE-2021-44556,0,0,454fb7c4653e03c3f25c76ed117d4fae318942e2f143daa705119ac6b412f0d0,2024-11-21T06:31:13.033000 @@ -248415,7 +248416,7 @@ CVE-2024-13922,0,0,6cd484021b2a9356da4dab3938017878db2ce098f796a1ee0313bd1e4dc9d CVE-2024-13923,0,0,a528ee5b51622639984378ce5c82c5f3996bc4ee38135a9723b678cb2485bd4f,2025-03-26T18:18:32.280000 CVE-2024-13924,0,0,6771f2a575eb9b234ba437c9c60a2d5807f8aded376287df6e1ca4c3782207e4,2025-03-12T16:23:39.567000 CVE-2024-13925,0,0,d5381786baf413fd2dd4859dd45a92bcf06b65f21ce2fc9312416a8cb44b68e1,2025-04-18T14:15:20.327000 -CVE-2024-13926,1,1,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000 +CVE-2024-13926,0,0,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000 CVE-2024-13933,0,0,6c1d1592227807572b59c7607e13d58cd1b568936f1ec0b9bb42956c7610a4b0,2025-03-19T12:15:14.003000 CVE-2024-13939,0,0,921141b59fb64caa413d175858785c8fecf23c4615e123e5aadc58ca56a65359,2025-04-11T18:10:56.160000 @@ -283017,7 +283018,7 @@ CVE-2025-21104,0,0,7bcf930b71004c8c145b902c46fc599699f48561324b95d5aab96c7981b7a CVE-2025-21105,0,0,7769ede7d6d67929cda835ad36f1b7f8a4f0b24a4fa55bfbbf6043d06ace29a6,2025-02-20T12:15:11.233000 CVE-2025-21106,0,0,f21695bcd3dc50ebb62318d228568a1613cd20d1a89ae6dcd1f4af03df1c2f91,2025-02-20T12:15:11.373000 CVE-2025-21107,0,0,0827735892f4001f988a0739aad719c8ee1fb9144fe1da312da1da34f24b5ce6,2025-02-07T20:01:14.760000 -CVE-2025-2111,1,1,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000 +CVE-2025-2111,0,0,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000 CVE-2025-21111,0,0,36449c466fabe660f3fc2f10d8992e6a7d9c5e3d2cf72d3dce2cc840c6da552b,2025-01-24T19:11:42.417000 CVE-2025-21117,0,0,645b1da2e8af06c5f3d21bae0eae50f754102ea2f31528d1d042846d09e2ec44,2025-03-28T13:24:51.620000 CVE-2025-2112,0,0,12876043094c79f81e904e1d2257170a373b17e7d0d24c6eb1a19e93cc051c0d,2025-03-10T16:15:13.817000 @@ -290556,6 +290557,7 @@ CVE-2025-3400,0,0,cf8d2677c113eaba5cb7e83bc217fa3a16d8d96bb1f2d78546954dbd49132a CVE-2025-3401,0,0,631e8a4259cdba906c225d1eb0133c66fa3c13f4e78b0d1bc5178acd11ac745f,2025-04-09T14:11:52.510000 CVE-2025-3402,0,0,fb2eb5b194518a576d30d497d3c07d8afb7daa9ab5c7a3db51d822547dfc3965,2025-04-08T19:15:53.267000 CVE-2025-3403,0,0,5499ba1d1841e737df5ef1f2a2d32505df727eeda279da8a9f0ff20d660ca6b7,2025-04-08T19:15:53.387000 +CVE-2025-3404,1,1,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000 CVE-2025-3405,0,0,a31287bf487edd9888ccf3a2cc660111ad412bcd7d306362616791fdc35de9e0,2025-04-08T18:13:53.347000 CVE-2025-3406,0,0,7ba1ebe9a4174ed6e20c2f4fe1e75a4864d330055141a3dcb596eb92ec7fbc3a,2025-04-08T18:13:53.347000 CVE-2025-3407,0,0,e5cceac7b7d945db6bab90635fdc2ec04fc23eea7f5eaa5ff6a3dce8910502a2,2025-04-08T18:13:53.347000 @@ -290732,9 +290734,9 @@ CVE-2025-3790,0,0,d5ad1f3b13a63f5c54d366ff24749d16ab7fb7d35d8ebd487f5b8f35d3604a CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd56557c1,2025-04-18T07:15:43.090000 CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000 CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000 -CVE-2025-3797,1,1,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000 +CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000 CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000 -CVE-2025-3809,1,1,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000 +CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000 CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000 CVE-2025-38152,0,0,d2296d820f7f71e71472cf853a8cba12b58f3c84c5429c1618bed2e28567d654,2025-04-18T07:15:43.403000 CVE-2025-38240,0,0,55c3c53507175385d390f4e5f0701155663d7d45488ce3854f0ce48d67d704f4,2025-04-18T07:15:43.510000