admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-14T10:00:20.336442+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-14 10:03:59 +00:00
parent ee234573e2
commit 79744b9a48
16 changed files with 898 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2025/CVE-2025-41xx/CVE-2025-4187.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4187",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:22.050",
"lastModified": "2025-06-14T09:15:22.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-42xx/CVE-2025-4200.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4200",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:22.990",
"lastModified": "2025-06-14T09:15:22.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/zagg-electronics-accessories-woocommerce-wordpress-theme/54636595",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-42xx/CVE-2025-4216.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4216",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.160",
"lastModified": "2025-06-14T09:15:23.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-45xx/CVE-2025-4592.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4592",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.333",
"lastModified": "2025-06-14T09:15:23.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AI Image Lab \u2013 Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ai-image-generator-lab/trunk/includes/admin/admin-page.php#L3",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2025/CVE-2025-53xx/CVE-2025-5336.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2025-5336",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.527",
"lastModified": "2025-06-14T09:15:23.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-no_number\u2019 parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L126",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L818",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3309693/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/click-to-chat-for-whatsapp/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2025/CVE-2025-55xx/CVE-2025-5589.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-5589",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.710",
"lastModified": "2025-06-14T09:15:23.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018status-classic-offline-text\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php#L50",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3309930/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/streamweasels-kick-integration/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6040.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6040",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.873",
"lastModified": "2025-06-14T09:15:23.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'ef_settings_submenu' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/easy-flashcards/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6055.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6055",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:24.050",
"lastModified": "2025-06-14T09:15:24.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/zen-social-sticky/trunk/zen-sticky-social.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6061.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6061",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:24.307",
"lastModified": "2025-06-14T09:15:24.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/kk-youtube-video/trunk/kk-youtube-video.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd581604-e2f6-42c4-81ef-10873683526b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6062.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6062",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:24.520",
"lastModified": "2025-06-14T09:15:24.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/yougler-blogger-profile-page/trunk/yougler-plugin.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6063.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6063",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:24.693",
"lastModified": "2025-06-14T09:15:24.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/xisearch-bar/trunk/xisearch.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6064.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6064",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:24.853",
"lastModified": "2025-06-14T09:15:24.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'url_shortener_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-url-shortener/trunk/index.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/154b3a1a-7246-42de-a555-2c655778d59e?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-60xx/CVE-2025-6065.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-6065",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:25.020",
"lastModified": "2025-06-14T09:15:25.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/image-resizer-on-the-fly/trunk/image-resizer-on-the-fly.php#L25",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/image-resizer-on-the-fly/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-60xx/CVE-2025-6070.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-6070",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:25.180",
"lastModified": "2025-06-14T09:15:25.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve",
"source": "security@wordfence.com"
}
]
}

24
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-14T08:00:19.859549+00:00
2025-06-14T10:00:20.336442+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-14T07:15:17.870000+00:00
2025-06-14T09:15:25.180000+00:00
```
### Last Data Feed Release
@ -33,15 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
297937
297951
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `14`
- [CVE-2025-3234](CVE-2025/CVE-2025-32xx/CVE-2025-3234.json) (`2025-06-14T06:15:18.117`)
- [CVE-2025-5487](CVE-2025/CVE-2025-54xx/CVE-2025-5487.json) (`2025-06-14T07:15:17.870`)
- [CVE-2025-4187](CVE-2025/CVE-2025-41xx/CVE-2025-4187.json) (`2025-06-14T09:15:22.050`)
- [CVE-2025-4200](CVE-2025/CVE-2025-42xx/CVE-2025-4200.json) (`2025-06-14T09:15:22.990`)
- [CVE-2025-4216](CVE-2025/CVE-2025-42xx/CVE-2025-4216.json) (`2025-06-14T09:15:23.160`)
- [CVE-2025-4592](CVE-2025/CVE-2025-45xx/CVE-2025-4592.json) (`2025-06-14T09:15:23.333`)
- [CVE-2025-5336](CVE-2025/CVE-2025-53xx/CVE-2025-5336.json) (`2025-06-14T09:15:23.527`)
- [CVE-2025-5589](CVE-2025/CVE-2025-55xx/CVE-2025-5589.json) (`2025-06-14T09:15:23.710`)
- [CVE-2025-6040](CVE-2025/CVE-2025-60xx/CVE-2025-6040.json) (`2025-06-14T09:15:23.873`)
- [CVE-2025-6055](CVE-2025/CVE-2025-60xx/CVE-2025-6055.json) (`2025-06-14T09:15:24.050`)
- [CVE-2025-6061](CVE-2025/CVE-2025-60xx/CVE-2025-6061.json) (`2025-06-14T09:15:24.307`)
- [CVE-2025-6062](CVE-2025/CVE-2025-60xx/CVE-2025-6062.json) (`2025-06-14T09:15:24.520`)
- [CVE-2025-6063](CVE-2025/CVE-2025-60xx/CVE-2025-6063.json) (`2025-06-14T09:15:24.693`)
- [CVE-2025-6064](CVE-2025/CVE-2025-60xx/CVE-2025-6064.json) (`2025-06-14T09:15:24.853`)
- [CVE-2025-6065](CVE-2025/CVE-2025-60xx/CVE-2025-6065.json) (`2025-06-14T09:15:25.020`)
- [CVE-2025-6070](CVE-2025/CVE-2025-60xx/CVE-2025-6070.json) (`2025-06-14T09:15:25.180`)
### CVEs modified in the last Commit

18
_state.csv
View File

@ -292530,7 +292530,7 @@ CVE-2025-32308,0,0,2b7bec71af2d8aeb794f4d157dfc61ad4810b98ac960b587b7920f453cf78
CVE-2025-32309,0,0,72e524edceb2da5dc017c83bf8ab60e46c6fe45eb184ab0349a1ba415921a900,2025-05-23T15:54:42.643000
CVE-2025-3231,0,0,7fe259e10bdefff2f7d2cc360ec09abf1ea1f8d9711a4276861c2a354dc3b16e,2025-06-05T05:15:23.977000
CVE-2025-32310,0,0,c3b2568a49d7a011e3cbc9748557e58f0519995b3a6735845f843c0d6b6482d9,2025-05-19T13:35:50.497000
CVE-2025-3234,1,1,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000
CVE-2025-3234,0,0,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000
CVE-2025-3235,0,0,bf02e56a9b2acdd9197c016e355d3cdfc496d77110cbd9f5fcadcef4a0003d66,2025-05-16T15:43:09.640000
CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000
CVE-2025-32354,0,0,85128147f47ebee98ae2a1737b9ec1a8829a4b5a6a4c94ca962a085780718ca4,2025-06-11T21:20:21.863000
@ -294612,6 +294612,7 @@ CVE-2025-4183,0,0,5e71026142945439a9594d0439f27ca7101a23d30fb9cd157d68469b5c04af
CVE-2025-4184,0,0,231752f9dd81f3c878686a35cd086680fc85706af1d3abe68105ebbbb14f6dc9,2025-05-16T15:04:17.993000
CVE-2025-4185,0,0,8aa6367e503165449fe24feb0fb59a420bcc6751f196b6bccc99b251140bb4f4,2025-05-02T13:52:51.693000
CVE-2025-4186,0,0,dab70a09e90dae7c54c24591d73076ac14325c30ca1a211bf9896872e7af04dd,2025-05-02T13:52:51.693000
CVE-2025-4187,1,1,ce037a46c10aba3526ee6daf50f83f56cb9244a49cc0b22533e0b440995f23dd,2025-06-14T09:15:22.050000
CVE-2025-4188,0,0,dae4661d96faab4b86b2442932d3ed4a7d5e86b7964e0bf5b5ad937c7ef62825,2025-05-05T20:54:19.760000
CVE-2025-4189,0,0,a0e2a19d22d932ca0e26b1ac038e49b5f17b80b816561f13c2c6e3219b687b6c,2025-05-19T13:35:20.460000
CVE-2025-4190,0,0,53943bc80284ba750997ed519958820d606a7c8de596edfb3fb17f09fd02f946,2025-06-12T16:29:51.860000
@ -294624,6 +294625,7 @@ CVE-2025-4196,0,0,b26d9e2fad715e7681143157d22f4891b95826ce8e53977c9ecced30c124cc
CVE-2025-4197,0,0,ed8ec740b973b92253a741cf6d5d0ac209bbd44763ac57f0fdc0af84aaf28e3c,2025-05-28T16:02:23.317000
CVE-2025-4198,0,0,e5602874b7c5cc6f9012651f4a60dc8d2e789373501ddfec072de22c80a74167,2025-05-05T20:54:19.760000
CVE-2025-4199,0,0,553c17b65a2b6efd623dda6e1567d529495701f64dcb6b078b725c7f2893112f,2025-05-05T20:54:19.760000
CVE-2025-4200,1,1,d1eb458066ff194c551bd28cb423b888c6b3da3a20b5073a64d5d3c2e910a54e,2025-06-14T09:15:22.990000
CVE-2025-4204,0,0,2e611705c020858b2144a419577c11b9e07bf754b3f98b6b3360986c5bc7b1b4,2025-06-04T22:39:20.750000
CVE-2025-4205,0,0,e5c422efa7296a5f9776daa32028189294bed6a05affab60f37bd65665314bf9,2025-06-04T14:54:33.783000
CVE-2025-4206,0,0,bb3cb9f07bfc9d08a2c0843d010f353ba8ba2d3caafa1bbc30e33b9667f14930,2025-05-12T17:32:32.760000
@ -294635,6 +294637,7 @@ CVE-2025-4211,0,0,404e0b904354aed3b5baa7e207d5cfca573f55dcef658a41b4b3c736c556ad
CVE-2025-4213,0,0,ebe18be5ee5e37fbd0ec843f8652f96ea5e7e69c1b8a34e3e1bad241a91a7771,2025-05-28T20:56:16.840000
CVE-2025-4214,0,0,1d60003a6cdf25de6477c856dc27cfd829a89b1b822b87cc832b4debc042c00e,2025-05-28T21:09:07.673000
CVE-2025-4215,0,0,77be2382f902e198d303780e19aa94df13f88e4e0b8ba79572846b911ad2ad55,2025-06-12T01:15:26.443000
CVE-2025-4216,1,1,14d5b84f03ced42de418c7125238b4220bfdf07d15ec7876ca59d9e333846a1f,2025-06-14T09:15:23.160000
CVE-2025-4217,0,0,62c15aedce5780b22253f9cbd9800a9e9b8ad351bc24efee5e47483ed5db566c,2025-05-21T20:24:58.133000
CVE-2025-4218,0,0,2c49204cc3b286450f9a71e19a17dbb76984ced9134a20a4535356e38fc3ed60,2025-05-05T20:54:19.760000
CVE-2025-4219,0,0,1dbb3268c116fdb31206945d2c84e6a62b85afd7dbbb78abb2fd21bb825a5ad4,2025-05-21T20:24:58.133000
@ -295296,6 +295299,7 @@ CVE-2025-45887,0,0,fb1a15240343f864311f44360980a2f79927e76ee0105844e8c76acb00550
CVE-2025-4589,0,0,bb26d22fcf596d77e370296c8ae93489013c99f636d3a8cff9546409ae0197a5,2025-05-16T14:43:26.160000
CVE-2025-4590,0,0,1338bc68ec3d6917d4ad238b5739bcbca3832b2475d3a347918656638fb549e4,2025-06-02T17:32:17.397000
CVE-2025-4591,0,0,09b633064167908f2267d3dc13a3052b782cbd19249bba4734b3313b4950008b,2025-05-16T14:43:26.160000
CVE-2025-4592,1,1,5c44f633f2012fc99846b6d9b62b801788e1f40df004901317364e90d81d1144,2025-06-14T09:15:23.333000
CVE-2025-4594,0,0,c0d148a004f59cf53abe31af001741cb43bc8a881d1fbd6674a881b7467848f2,2025-05-23T15:54:42.643000
CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000
CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000
@ -297467,6 +297471,7 @@ CVE-2025-5331,0,0,6d6e63e0f8a1a491f6a38b24f4a10f691f644991827baf7d50b9fb0e398065
CVE-2025-5332,0,0,e1def175621c4e1d1942302bd613c0906cf0d988637a95edef4cbf91efd49e74,2025-06-04T15:37:02.583000
CVE-2025-5334,0,0,3b25ffa10fa68a37bf0e18657dc7cc96e971a33e8fade936cdd130170872987d,2025-06-10T19:15:35.243000
CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad95934637,2025-06-12T16:06:39.330000
CVE-2025-5336,1,1,66f58ed710d27f4b2bf2e01a754073917852be9e5d922753d5aff62957bbdb9f,2025-06-14T09:15:23.527000
CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2ceb,2025-06-04T14:54:33.783000
CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000
CVE-2025-5353,0,0,a9d9e9f405a59eeaccd7ee5466c700cdd9eae2ba20f2bc9c98c5c42953abdf75,2025-06-12T16:06:39.330000
@ -297556,7 +297561,7 @@ CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0
CVE-2025-5484,0,0,400ed56fb4f7c44bceca06b8432cd3e34b6d71f8c67dfd72400144a319fe73ec,2025-06-12T20:15:22.113000
CVE-2025-5485,0,0,d3479a1adb4ba2fbfa64aaac1b5d6b7fe8b9403b5e13a2ac94a1e71146019ece,2025-06-12T20:15:22.283000
CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000
CVE-2025-5487,1,1,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000
CVE-2025-5487,0,0,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000
CVE-2025-5491,0,0,e2f506b3fba36a13dc12fb8dc2e089cb7773a4d51511233e748a5ab6f51b1a98,2025-06-13T03:15:52.300000
CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000
CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000
@ -297633,6 +297638,7 @@ CVE-2025-5582,0,0,d2f1baa22f55fc38a8f865d0e99938121f7ce9bfb4e6584060e61c164943f9
CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991ad,2025-06-04T17:44:26.393000
CVE-2025-5584,0,0,554122312ccf631b36ad0ef789707a593ded0bc038e2cac6c090436b66fd53f2,2025-06-10T15:10:06.207000
CVE-2025-5586,0,0,b91049de82efb55ef679cf10931aa4f56290c24a8f2fbf45be0281fcede07341,2025-06-06T14:07:28.330000
CVE-2025-5589,1,1,3b8c0f350b849c9492ae78e46abb4302d508a80f7be3f44c57d2d1faa061bdf2,2025-06-14T09:15:23.710000
CVE-2025-5592,0,0,36c388f33c323490a93ebd79d5f124d5f4fdc10d946cc1144d6e587fb6694158,2025-06-09T15:02:45.030000
CVE-2025-5593,0,0,6df395e5fe3476beb67761792da6574eda83b6d9a337db7d77d384194417b8ee,2025-06-13T01:00:11.693000
CVE-2025-5594,0,0,83e7fdcfac2ba201d4fe551d7608819296af218dfeb5718bd91a2cdb5f7cbdd0,2025-06-13T00:58:21.617000
@ -297933,6 +297939,14 @@ CVE-2025-6029,0,0,0a7d097872a3743dce758382e23d64ef6427ff251b4a0e0984b49fe00ded11
CVE-2025-6030,0,0,971340cab3989d6f103f455b80ce687f5365decc2b747d306ee807e98b81854a,2025-06-13T15:15:21.600000
CVE-2025-6031,0,0,f55877d9a515055d82923e15e107b73e885b2a97ca1430544a245162a02b6450,2025-06-12T20:15:22.450000
CVE-2025-6035,0,0,07dd0ef801ecdc5affcaf0e86947bc44410ec1004ed310d74f8d9a296fc9d5aa,2025-06-13T16:15:28.067000
CVE-2025-6040,1,1,3e01209e0303d051f1d1ac7bf3016bbda2a497b4c19af1290cf47f36f272881a,2025-06-14T09:15:23.873000
CVE-2025-6052,0,0,d6d0e5e14eb20ceb0c3bc2cb2793ad0094d53a851be1a17d6cfc808d70a5cddb,2025-06-13T16:15:28.230000
CVE-2025-6055,1,1,f3fa6b9e87d2dacc2038c8e0306009891e39673a790a3aa4577884492d4b176d,2025-06-14T09:15:24.050000
CVE-2025-6059,0,0,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000
CVE-2025-6061,1,1,d7aa6a582ef8e8ae5a52cd7597e1f64b25983064d39378305235e3628c71f079,2025-06-14T09:15:24.307000
CVE-2025-6062,1,1,64774487c618df7aca145bbd7ec40a38e830c1a69a4992fb4491551c85ac1fc7,2025-06-14T09:15:24.520000
CVE-2025-6063,1,1,2890954e9b2098ac36d836d65cede9d0cf687a8267ef00899cfa3d31327b6f55,2025-06-14T09:15:24.693000
CVE-2025-6064,1,1,f1b42f8abbe1dc42385b1b319a813fce6feba5bf2333128ae8bf40e0d2cea421,2025-06-14T09:15:24.853000
CVE-2025-6065,1,1,5e976b8fac171cc7b59ad041eb4f60fb6d8881197db355ec035f6d3d2b656140,2025-06-14T09:15:25.020000
CVE-2025-6070,1,1,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad612,2025-06-14T09:15:25.180000
CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000

Can't render this file because it is too large.