admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-19T08:00:19.331751+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-19 08:04:00 +00:00
parent 94d5e1abb6
commit 810992dd51
5 changed files with 223 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2025/CVE-2025-45xx/CVE-2025-4571.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2025-4571",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-19T07:15:27.383",
"lastModified": "2025-06-19T07:15:27.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/Endpoint.php#L26",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/GetLogs.php#L40",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/DeleteCampaignListTable.php#L40",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/GetCampaignsListTable.php#L95",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/Endpoint.php#L57",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/ListDonors.php#L31",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/EventTickets/Routes/UpdateEvent.php#L36",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3305112/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-49xx/CVE-2025-4965.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4965",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-19T07:15:30.313",
"lastModified": "2025-06-19T07:15:30.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://kb.wpbakery.com/docs/preface/release-notes/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0489172-279c-4397-a937-bca4840a196f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-54xx/CVE-2025-5490.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-5490",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-19T06:15:19.347",
"lastModified": "2025-06-19T06:15:19.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/football-pool/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16a285b1-7a20-455f-8f74-2e468dd436d3?source=cve",
"source": "security@wordfence.com"
}
]
}

16
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-19T06:00:22.339654+00:00
2025-06-19T08:00:19.331751+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-19T05:15:23.570000+00:00
2025-06-19T07:15:30.313000+00:00
```
### Last Data Feed Release
@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
298691
298694
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
- [CVE-2025-4367](CVE-2025/CVE-2025-43xx/CVE-2025-4367.json) (`2025-06-19T04:15:36.313`)
- [CVE-2025-4479](CVE-2025/CVE-2025-44xx/CVE-2025-4479.json) (`2025-06-19T04:15:49.147`)
- [CVE-2025-50201](CVE-2025/CVE-2025-502xx/CVE-2025-50201.json) (`2025-06-19T04:15:49.340`)
- [CVE-2025-52474](CVE-2025/CVE-2025-524xx/CVE-2025-52474.json) (`2025-06-19T04:15:53.793`)
- [CVE-2025-5524](CVE-2025/CVE-2025-55xx/CVE-2025-5524.json) (`2025-06-19T05:15:23.570`)
- [CVE-2025-4571](CVE-2025/CVE-2025-45xx/CVE-2025-4571.json) (`2025-06-19T07:15:27.383`)
- [CVE-2025-4965](CVE-2025/CVE-2025-49xx/CVE-2025-4965.json) (`2025-06-19T07:15:30.313`)
- [CVE-2025-5490](CVE-2025/CVE-2025-54xx/CVE-2025-5490.json) (`2025-06-19T06:15:19.347`)
### CVEs modified in the last Commit

13
_state.csv
View File

@ -295325,7 +295325,7 @@ CVE-2025-4363,0,0,cfc7942feeb9a0f9f6312b42fa943d50981f3a9d84068f01e49e58a260df8f
CVE-2025-4364,0,0,7abc96b4496bfef1269854d9d4450b426753c52eb291c976d683ed2fcf48245a,2025-05-21T20:24:58.133000
CVE-2025-4365,0,0,2b05fbd3ee331b9b166c50a4e212d6a31f636e625995a053b35cc1f726bc5b70,2025-06-17T20:50:23.507000
CVE-2025-4366,0,0,bcded185529e0d98925e3339147ae571994f757d2bfcccaea5b250946b72f4b2,2025-06-18T14:15:45.480000
CVE-2025-4367,1,1,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000
CVE-2025-4367,0,0,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000
CVE-2025-4368,0,0,5060346bbf213853af51c9b1f1ab82f240c6c047743a52b24483fa7453a5d04f,2025-05-13T20:19:54.440000
CVE-2025-43697,0,0,f1043efe55ac8e178b55f78e087508d0bf6544d27eb7c45213c2e77f7aa48499,2025-06-12T16:06:39.330000
CVE-2025-43698,0,0,3dac27db9c135e523f1efa9639e13a539499d2573b10a362aa6a362c36a987d2,2025-06-12T16:06:39.330000
@ -295530,7 +295530,7 @@ CVE-2025-4475,0,0,14fd175cd338c800e457595a2058771799c1f3a8f146feda826cf08c0646f5
CVE-2025-4476,0,0,e32ef10e7ee74bf8997b5a3acc66e8eaf2de48d03c2aa0ec9fb3efc72c6b8898,2025-05-19T13:35:20.460000
CVE-2025-4477,0,0,5d325fd488fe711c70532dd4f52799a0eeba1df6528fa57f803916528a54f20e,2025-05-19T13:35:20.460000
CVE-2025-4478,0,0,061fb97490acc324c9dd904796e3db3e84b55414212748ef73f1bc208255ac1d,2025-05-23T05:15:26.520000
CVE-2025-4479,1,1,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000
CVE-2025-4479,0,0,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000
CVE-2025-4480,0,0,be672d537a11a289b7d1b98f279ab333277916180d26385e3402215687d48a25,2025-05-16T15:34:40.510000
CVE-2025-4481,0,0,0fe1448ef925f4ba16b8e05736b526de574a9ed7259d4944c0e5684d261dd60d,2025-05-16T15:34:18.840000
CVE-2025-4482,0,0,37defc00475ef05b44644d8bb5a008e1f6920f65b0aefa705ddfdf3f2924a0eb,2025-05-16T15:33:57.440000
@ -295728,6 +295728,7 @@ CVE-2025-4565,0,0,4256f50161ec95000de287e54ecfa2b8b56d3a683613b559af85e1b918e03f
CVE-2025-45661,0,0,d4f42c25435e84688f4ce3b76e88805fd211efabda5b2495d0e5c2dcb924ab9f,2025-06-18T15:15:26.513000
CVE-2025-4567,0,0,121a90467be941d9ad01a97d3e24fb32b96a7e829013a214205341e8c0284209,2025-06-05T14:09:17.020000
CVE-2025-4568,0,0,a7dc4015dc0dc8a1d051ca0a0c8659f2aa00a001767db9893b5b3f88ebbd1af5,2025-06-05T20:12:23.777000
CVE-2025-4571,1,1,7accd45190d1299f14fe607dc3152a892706b401fe1348520eb09c8c3d3026a1,2025-06-19T07:15:27.383000
CVE-2025-4573,0,0,0d573fb0cacdd281e28bc5c9943a8fc5e68cc59a1800ffb046dd0a624e090a9c,2025-06-12T16:06:20.180000
CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000
CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000
@ -297756,6 +297757,7 @@ CVE-2025-49599,0,0,cd0748db942732a0e968c564ce05d560bd51611e52e8cb06dc26ca9e65d8d
CVE-2025-49619,0,0,34a674efa79bca2e7a9fcbbfc8a71e4ddf39896b0ede59561baed790959985f3,2025-06-17T21:15:40.087000
CVE-2025-4963,0,0,bcea30a5657c56e720740d0c1da3f6ecccc2ea27495c62c19f4e987237e46939,2025-05-28T15:01:30.720000
CVE-2025-4964,0,0,9a4175fc819c8903aae087508d79cb283240d351bb7e4f3f9bd0bc9b58a9f683,2025-06-06T14:07:28.330000
CVE-2025-4965,1,1,4d171354decca482da50ed115f552cbf6642491c7ea8fdf024d3b153c93df3ff,2025-06-19T07:15:30.313000
CVE-2025-49651,0,0,ecd6db239799c80e73dfe281bfa935795ea245e34751118be82d7d5f0d28a7ba,2025-06-12T16:06:47.857000
CVE-2025-49652,0,0,5a76dd260d6029491ef52092d08bbfa84d61278dc46b50bc18d56c90cc0b5e95,2025-06-12T16:06:47.857000
CVE-2025-49653,0,0,36772486eb86bf027545ccf93e5df122b7fe00938396229f36e9e79e3e8b0f30,2025-06-12T16:06:47.857000
@ -297865,7 +297867,7 @@ CVE-2025-50182,0,0,93456784c188b1b8503b694ba28732c6770780f754e8588d4b113b9fa2491
CVE-2025-50183,0,0,577421c902a6680948fa734ac4a401e6dec872b90f6732d2f36c75be4e0482da,2025-06-19T03:15:25.717000
CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000
CVE-2025-5020,0,0,a009d51287904279a69fbc7b7d45e7044fc45e21284eb97bd084f038009245ee,2025-06-13T18:55:32.903000
CVE-2025-50201,1,1,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000
CVE-2025-50201,0,0,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000
CVE-2025-50202,0,0,c82284387579a4d5287081c79bce5f56bb74234016b730f3d53b62b5739eec46,2025-06-18T13:46:52.973000
CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000
CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000
@ -298047,7 +298049,7 @@ CVE-2025-5245,0,0,76dfb770c29fdb4cddbdbfbfa1fee59cf2a7272fa687dfaa6e702792fcfc63
CVE-2025-5246,0,0,58006bd67e3ca573529b2f3e87b16b1c40180151481747e10351ab9236833e82,2025-05-28T20:38:00.033000
CVE-2025-52467,0,0,1d44b4ec1f24c8fb925117e58cded1f52726868651b6f32ac341ea831aaa464f,2025-06-19T03:15:25.870000
CVE-2025-5247,0,0,54e3a381cfd9dfdb05827b9f71ff8bbd85014209bf716148a0d5df41e284d42b,2025-05-28T15:01:30.720000
CVE-2025-52474,1,1,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000
CVE-2025-52474,0,0,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000
CVE-2025-5248,0,0,cb74e13c3a661382a173d2171f53e905ac7962a17d411318369a81c1a4c9d649,2025-06-10T15:12:22.573000
CVE-2025-5249,0,0,fc0947e1350e4210bd6e677b41423c19ba4df5864aa9264c3ec9f64636ca0b76,2025-05-28T15:01:30.720000
CVE-2025-5250,0,0,2a4bdc606e390fc951ba8f4ded6d97e8a69fbc9ec9574eb66322c159fbee23de,2025-06-10T15:12:33.010000
@ -298197,6 +298199,7 @@ CVE-2025-5484,0,0,ff712dd03f32af2310b571323993d06900491354a9de82d92a7ba8f6cd5858
CVE-2025-5485,0,0,2e860e2d57c553742a7a4058b06e9ead83d36be7b50569039a067969f103feac,2025-06-16T12:32:18.840000
CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000
CVE-2025-5487,0,0,a2325d70b19f1faa0bb78067f87ae57fb5952acc710d0b21151f32c03c4f828a,2025-06-16T12:32:18.840000
CVE-2025-5490,1,1,60afe24ce4c04ab0168ed942cc2412bcbec3b9ecbbe3f08c7adcae563e43bf28,2025-06-19T06:15:19.347000
CVE-2025-5491,0,0,bde4a3997792f29e78b23bdff62128712428eb2913e7a1e844f896d042cfe900,2025-06-16T12:32:18.840000
CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000
CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000
@ -298223,7 +298226,7 @@ CVE-2025-5520,0,0,7c2bfb8c3dd08c8ae5c41fb6d0fc4af2a63667c7ffd8fc396ac26c2ae4f641
CVE-2025-5521,0,0,861bdba4f95b593c30504175f3f432e532688bdc97486d0d49a1402fdac3c1b9,2025-06-09T15:12:57.100000
CVE-2025-5522,0,0,a6f0feb7c3dd1459fe736f4f5982460ecbcab99d78d309661631c0ee8cbfc4d4,2025-06-04T14:54:33.783000
CVE-2025-5523,0,0,5efa29e7b7bd4b4641984376098bb78d90287d527ffeb481b2aac415b7a4bb5c,2025-06-09T15:12:42.317000
CVE-2025-5524,1,1,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000
CVE-2025-5524,0,0,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000
CVE-2025-5525,0,0,8a6fda70c73f8d7caf337b44e8088af73f34b5d808b601ef429b01e524913c40,2025-06-06T17:27:21.350000
CVE-2025-5527,0,0,23d619a74aea1abe1b9173eba88fa2a07d22ff2b8b371596fe573cc187fab574,2025-06-09T15:11:48.217000
CVE-2025-5528,0,0,9ff6f51c97698d79ccf64d3644dee7c04924a371e5162b7f2b385dd7df42f941,2025-06-09T12:15:47.880000

Can't render this file because it is too large.