Auto-Update: 2025-04-19T10:00:19.885624+00:00

2025-06-21 17:41:05 +00:00 · 2025-04-19 10:03:52 +00:00 · 2025-04-19 10:03:52 +00:00 · 76f2d640b2
commit 76f2d640b2
parent e98a59aed2
4 changed files with 136 additions and 12 deletions
--- a/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
+++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2021-4455",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-04-19T08:15:13.220",
  "lastModified": "2025-04-19T08:15:13.220",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.exploit-db.com/exploits/50533",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de9183c-95b9-4500-85e2-08dcee956360?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-34xx/CVE-2025-3404.json
+++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3404.json
@ -0,0 +1,64 @@
 {
  "id": "CVE-2025-3404",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-04-19T08:15:13.780",
  "lastModified": "2025-04-19T08:15:13.780",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2025-04-19T08:00:19.922788+00:00
+2025-04-19T10:00:19.885624+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2025-04-19T07:15:13.250000+00:00
+2025-04-19T08:15:13.780000+00:00
 ```
 ### Last Data Feed Release
@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-290900
+290902
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `4`
+Recently added CVEs: `2`
- [CVE-2024-13926](CVE-2024/CVE-2024-139xx/CVE-2024-13926.json) (`2025-04-19T06:15:18.347`)
+- [CVE-2021-4455](CVE-2021/CVE-2021-44xx/CVE-2021-4455.json) (`2025-04-19T08:15:13.220`)
- [CVE-2025-2111](CVE-2025/CVE-2025-21xx/CVE-2025-2111.json) (`2025-04-19T06:15:19.657`)
+- [CVE-2025-3404](CVE-2025/CVE-2025-34xx/CVE-2025-3404.json) (`2025-04-19T08:15:13.780`)
 - [CVE-2025-3797](CVE-2025/CVE-2025-37xx/CVE-2025-3797.json) (`2025-04-19T07:15:13.250`)
 - [CVE-2025-3809](CVE-2025/CVE-2025-38xx/CVE-2025-3809.json) (`2025-04-19T06:15:19.960`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -185737,6 +185737,7 @@ CVE-2021-44545,0,0,7028fb142f00073c7946b672f2300046564e5efec3c7e574f45814b31d120
 CVE-2021-44547,0,0,e1b35c68e3f8401880b07e59afed19077e4b56bdf48baaf8c949e189dc39ea7d,2024-11-21T06:31:12.333000
 CVE-2021-44548,0,0,2d48fe28684af15895e9773f250bbc741ea4fa16501618e309cd4c435b91ba16,2024-11-21T06:31:12.457000
 CVE-2021-44549,0,0,6831fced5594a6b4a5cbff2541e9ce1a0eee5f7b4b4f48df146da51cfd776065,2024-11-21T06:31:12.580000
 CVE-2021-4455,1,1,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000
 CVE-2021-44550,0,0,5af7bba0e92faa96a09f9ee5deb8cb2046d16ed1b302b816e3cf61ed174716e4,2024-11-21T06:31:12.700000
 CVE-2021-44554,0,0,7b13dd9b102d97854d9adf8fa6293bdf2ea7c2db3b1b708995b7e3f84448bbc1,2024-11-21T06:31:12.863000
 CVE-2021-44556,0,0,454fb7c4653e03c3f25c76ed117d4fae318942e2f143daa705119ac6b412f0d0,2024-11-21T06:31:13.033000
@ -248415,7 +248416,7 @@ CVE-2024-13922,0,0,6cd484021b2a9356da4dab3938017878db2ce098f796a1ee0313bd1e4dc9d
 CVE-2024-13923,0,0,a528ee5b51622639984378ce5c82c5f3996bc4ee38135a9723b678cb2485bd4f,2025-03-26T18:18:32.280000
 CVE-2024-13924,0,0,6771f2a575eb9b234ba437c9c60a2d5807f8aded376287df6e1ca4c3782207e4,2025-03-12T16:23:39.567000
 CVE-2024-13925,0,0,d5381786baf413fd2dd4859dd45a92bcf06b65f21ce2fc9312416a8cb44b68e1,2025-04-18T14:15:20.327000
-CVE-2024-13926,1,1,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000
+CVE-2024-13926,0,0,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000
 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000
 CVE-2024-13933,0,0,6c1d1592227807572b59c7607e13d58cd1b568936f1ec0b9bb42956c7610a4b0,2025-03-19T12:15:14.003000
 CVE-2024-13939,0,0,921141b59fb64caa413d175858785c8fecf23c4615e123e5aadc58ca56a65359,2025-04-11T18:10:56.160000
@ -283017,7 +283018,7 @@ CVE-2025-21104,0,0,7bcf930b71004c8c145b902c46fc599699f48561324b95d5aab96c7981b7a
 CVE-2025-21105,0,0,7769ede7d6d67929cda835ad36f1b7f8a4f0b24a4fa55bfbbf6043d06ace29a6,2025-02-20T12:15:11.233000
 CVE-2025-21106,0,0,f21695bcd3dc50ebb62318d228568a1613cd20d1a89ae6dcd1f4af03df1c2f91,2025-02-20T12:15:11.373000
 CVE-2025-21107,0,0,0827735892f4001f988a0739aad719c8ee1fb9144fe1da312da1da34f24b5ce6,2025-02-07T20:01:14.760000
-CVE-2025-2111,1,1,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000
+CVE-2025-2111,0,0,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000
 CVE-2025-21111,0,0,36449c466fabe660f3fc2f10d8992e6a7d9c5e3d2cf72d3dce2cc840c6da552b,2025-01-24T19:11:42.417000
 CVE-2025-21117,0,0,645b1da2e8af06c5f3d21bae0eae50f754102ea2f31528d1d042846d09e2ec44,2025-03-28T13:24:51.620000
 CVE-2025-2112,0,0,12876043094c79f81e904e1d2257170a373b17e7d0d24c6eb1a19e93cc051c0d,2025-03-10T16:15:13.817000
@ -290556,6 +290557,7 @@ CVE-2025-3400,0,0,cf8d2677c113eaba5cb7e83bc217fa3a16d8d96bb1f2d78546954dbd49132a
 CVE-2025-3401,0,0,631e8a4259cdba906c225d1eb0133c66fa3c13f4e78b0d1bc5178acd11ac745f,2025-04-09T14:11:52.510000
 CVE-2025-3402,0,0,fb2eb5b194518a576d30d497d3c07d8afb7daa9ab5c7a3db51d822547dfc3965,2025-04-08T19:15:53.267000
 CVE-2025-3403,0,0,5499ba1d1841e737df5ef1f2a2d32505df727eeda279da8a9f0ff20d660ca6b7,2025-04-08T19:15:53.387000
 CVE-2025-3404,1,1,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000
 CVE-2025-3405,0,0,a31287bf487edd9888ccf3a2cc660111ad412bcd7d306362616791fdc35de9e0,2025-04-08T18:13:53.347000
 CVE-2025-3406,0,0,7ba1ebe9a4174ed6e20c2f4fe1e75a4864d330055141a3dcb596eb92ec7fbc3a,2025-04-08T18:13:53.347000
 CVE-2025-3407,0,0,e5cceac7b7d945db6bab90635fdc2ec04fc23eea7f5eaa5ff6a3dce8910502a2,2025-04-08T18:13:53.347000
@ -290732,9 +290734,9 @@ CVE-2025-3790,0,0,d5ad1f3b13a63f5c54d366ff24749d16ab7fb7d35d8ebd487f5b8f35d3604a
 CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd56557c1,2025-04-18T07:15:43.090000
 CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000
 CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000
-CVE-2025-3797,1,1,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000
+CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000
 CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000
-CVE-2025-3809,1,1,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000
+CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000
 CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000
 CVE-2025-38152,0,0,d2296d820f7f71e71472cf853a8cba12b58f3c84c5429c1618bed2e28567d654,2025-04-18T07:15:43.403000
 CVE-2025-38240,0,0,55c3c53507175385d390f4e5f0701155663d7d45488ce3854f0ce48d67d704f4,2025-04-18T07:15:43.510000