diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json new file mode 100644 index 00000000000..44349621a66 --- /dev/null +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2025-4571", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-19T07:15:27.383", + "lastModified": "2025-06-19T07:15:27.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/Endpoint.php#L26", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/GetLogs.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/DeleteCampaignListTable.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/GetCampaignsListTable.php#L95", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/Endpoint.php#L57", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/ListDonors.php#L31", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/EventTickets/Routes/UpdateEvent.php#L36", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3305112/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json new file mode 100644 index 00000000000..f7a8f9e6b48 --- /dev/null +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4965", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-19T07:15:30.313", + "lastModified": "2025-06-19T07:15:30.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://kb.wpbakery.com/docs/preface/release-notes/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0489172-279c-4397-a937-bca4840a196f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-54xx/CVE-2025-5490.json b/CVE-2025/CVE-2025-54xx/CVE-2025-5490.json new file mode 100644 index 00000000000..b9ea78f3bb7 --- /dev/null +++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5490.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5490", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-19T06:15:19.347", + "lastModified": "2025-06-19T06:15:19.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/football-pool/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16a285b1-7a20-455f-8f74-2e468dd436d3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4cb70dad29d..fce290133c6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-19T06:00:22.339654+00:00 +2025-06-19T08:00:19.331751+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-19T05:15:23.570000+00:00 +2025-06-19T07:15:30.313000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298691 +298694 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -- [CVE-2025-4367](CVE-2025/CVE-2025-43xx/CVE-2025-4367.json) (`2025-06-19T04:15:36.313`) -- [CVE-2025-4479](CVE-2025/CVE-2025-44xx/CVE-2025-4479.json) (`2025-06-19T04:15:49.147`) -- [CVE-2025-50201](CVE-2025/CVE-2025-502xx/CVE-2025-50201.json) (`2025-06-19T04:15:49.340`) -- [CVE-2025-52474](CVE-2025/CVE-2025-524xx/CVE-2025-52474.json) (`2025-06-19T04:15:53.793`) -- [CVE-2025-5524](CVE-2025/CVE-2025-55xx/CVE-2025-5524.json) (`2025-06-19T05:15:23.570`) +- [CVE-2025-4571](CVE-2025/CVE-2025-45xx/CVE-2025-4571.json) (`2025-06-19T07:15:27.383`) +- [CVE-2025-4965](CVE-2025/CVE-2025-49xx/CVE-2025-4965.json) (`2025-06-19T07:15:30.313`) +- [CVE-2025-5490](CVE-2025/CVE-2025-54xx/CVE-2025-5490.json) (`2025-06-19T06:15:19.347`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a72e03b468f..4192d7822dd 100644 --- a/_state.csv +++ b/_state.csv @@ -295325,7 +295325,7 @@ CVE-2025-4363,0,0,cfc7942feeb9a0f9f6312b42fa943d50981f3a9d84068f01e49e58a260df8f CVE-2025-4364,0,0,7abc96b4496bfef1269854d9d4450b426753c52eb291c976d683ed2fcf48245a,2025-05-21T20:24:58.133000 CVE-2025-4365,0,0,2b05fbd3ee331b9b166c50a4e212d6a31f636e625995a053b35cc1f726bc5b70,2025-06-17T20:50:23.507000 CVE-2025-4366,0,0,bcded185529e0d98925e3339147ae571994f757d2bfcccaea5b250946b72f4b2,2025-06-18T14:15:45.480000 -CVE-2025-4367,1,1,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000 +CVE-2025-4367,0,0,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000 CVE-2025-4368,0,0,5060346bbf213853af51c9b1f1ab82f240c6c047743a52b24483fa7453a5d04f,2025-05-13T20:19:54.440000 CVE-2025-43697,0,0,f1043efe55ac8e178b55f78e087508d0bf6544d27eb7c45213c2e77f7aa48499,2025-06-12T16:06:39.330000 CVE-2025-43698,0,0,3dac27db9c135e523f1efa9639e13a539499d2573b10a362aa6a362c36a987d2,2025-06-12T16:06:39.330000 @@ -295530,7 +295530,7 @@ CVE-2025-4475,0,0,14fd175cd338c800e457595a2058771799c1f3a8f146feda826cf08c0646f5 CVE-2025-4476,0,0,e32ef10e7ee74bf8997b5a3acc66e8eaf2de48d03c2aa0ec9fb3efc72c6b8898,2025-05-19T13:35:20.460000 CVE-2025-4477,0,0,5d325fd488fe711c70532dd4f52799a0eeba1df6528fa57f803916528a54f20e,2025-05-19T13:35:20.460000 CVE-2025-4478,0,0,061fb97490acc324c9dd904796e3db3e84b55414212748ef73f1bc208255ac1d,2025-05-23T05:15:26.520000 -CVE-2025-4479,1,1,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000 +CVE-2025-4479,0,0,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000 CVE-2025-4480,0,0,be672d537a11a289b7d1b98f279ab333277916180d26385e3402215687d48a25,2025-05-16T15:34:40.510000 CVE-2025-4481,0,0,0fe1448ef925f4ba16b8e05736b526de574a9ed7259d4944c0e5684d261dd60d,2025-05-16T15:34:18.840000 CVE-2025-4482,0,0,37defc00475ef05b44644d8bb5a008e1f6920f65b0aefa705ddfdf3f2924a0eb,2025-05-16T15:33:57.440000 @@ -295728,6 +295728,7 @@ CVE-2025-4565,0,0,4256f50161ec95000de287e54ecfa2b8b56d3a683613b559af85e1b918e03f CVE-2025-45661,0,0,d4f42c25435e84688f4ce3b76e88805fd211efabda5b2495d0e5c2dcb924ab9f,2025-06-18T15:15:26.513000 CVE-2025-4567,0,0,121a90467be941d9ad01a97d3e24fb32b96a7e829013a214205341e8c0284209,2025-06-05T14:09:17.020000 CVE-2025-4568,0,0,a7dc4015dc0dc8a1d051ca0a0c8659f2aa00a001767db9893b5b3f88ebbd1af5,2025-06-05T20:12:23.777000 +CVE-2025-4571,1,1,7accd45190d1299f14fe607dc3152a892706b401fe1348520eb09c8c3d3026a1,2025-06-19T07:15:27.383000 CVE-2025-4573,0,0,0d573fb0cacdd281e28bc5c9943a8fc5e68cc59a1800ffb046dd0a624e090a9c,2025-06-12T16:06:20.180000 CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000 CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000 @@ -297756,6 +297757,7 @@ CVE-2025-49599,0,0,cd0748db942732a0e968c564ce05d560bd51611e52e8cb06dc26ca9e65d8d CVE-2025-49619,0,0,34a674efa79bca2e7a9fcbbfc8a71e4ddf39896b0ede59561baed790959985f3,2025-06-17T21:15:40.087000 CVE-2025-4963,0,0,bcea30a5657c56e720740d0c1da3f6ecccc2ea27495c62c19f4e987237e46939,2025-05-28T15:01:30.720000 CVE-2025-4964,0,0,9a4175fc819c8903aae087508d79cb283240d351bb7e4f3f9bd0bc9b58a9f683,2025-06-06T14:07:28.330000 +CVE-2025-4965,1,1,4d171354decca482da50ed115f552cbf6642491c7ea8fdf024d3b153c93df3ff,2025-06-19T07:15:30.313000 CVE-2025-49651,0,0,ecd6db239799c80e73dfe281bfa935795ea245e34751118be82d7d5f0d28a7ba,2025-06-12T16:06:47.857000 CVE-2025-49652,0,0,5a76dd260d6029491ef52092d08bbfa84d61278dc46b50bc18d56c90cc0b5e95,2025-06-12T16:06:47.857000 CVE-2025-49653,0,0,36772486eb86bf027545ccf93e5df122b7fe00938396229f36e9e79e3e8b0f30,2025-06-12T16:06:47.857000 @@ -297865,7 +297867,7 @@ CVE-2025-50182,0,0,93456784c188b1b8503b694ba28732c6770780f754e8588d4b113b9fa2491 CVE-2025-50183,0,0,577421c902a6680948fa734ac4a401e6dec872b90f6732d2f36c75be4e0482da,2025-06-19T03:15:25.717000 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000 CVE-2025-5020,0,0,a009d51287904279a69fbc7b7d45e7044fc45e21284eb97bd084f038009245ee,2025-06-13T18:55:32.903000 -CVE-2025-50201,1,1,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000 +CVE-2025-50201,0,0,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000 CVE-2025-50202,0,0,c82284387579a4d5287081c79bce5f56bb74234016b730f3d53b62b5739eec46,2025-06-18T13:46:52.973000 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000 @@ -298047,7 +298049,7 @@ CVE-2025-5245,0,0,76dfb770c29fdb4cddbdbfbfa1fee59cf2a7272fa687dfaa6e702792fcfc63 CVE-2025-5246,0,0,58006bd67e3ca573529b2f3e87b16b1c40180151481747e10351ab9236833e82,2025-05-28T20:38:00.033000 CVE-2025-52467,0,0,1d44b4ec1f24c8fb925117e58cded1f52726868651b6f32ac341ea831aaa464f,2025-06-19T03:15:25.870000 CVE-2025-5247,0,0,54e3a381cfd9dfdb05827b9f71ff8bbd85014209bf716148a0d5df41e284d42b,2025-05-28T15:01:30.720000 -CVE-2025-52474,1,1,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000 +CVE-2025-52474,0,0,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000 CVE-2025-5248,0,0,cb74e13c3a661382a173d2171f53e905ac7962a17d411318369a81c1a4c9d649,2025-06-10T15:12:22.573000 CVE-2025-5249,0,0,fc0947e1350e4210bd6e677b41423c19ba4df5864aa9264c3ec9f64636ca0b76,2025-05-28T15:01:30.720000 CVE-2025-5250,0,0,2a4bdc606e390fc951ba8f4ded6d97e8a69fbc9ec9574eb66322c159fbee23de,2025-06-10T15:12:33.010000 @@ -298197,6 +298199,7 @@ CVE-2025-5484,0,0,ff712dd03f32af2310b571323993d06900491354a9de82d92a7ba8f6cd5858 CVE-2025-5485,0,0,2e860e2d57c553742a7a4058b06e9ead83d36be7b50569039a067969f103feac,2025-06-16T12:32:18.840000 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000 CVE-2025-5487,0,0,a2325d70b19f1faa0bb78067f87ae57fb5952acc710d0b21151f32c03c4f828a,2025-06-16T12:32:18.840000 +CVE-2025-5490,1,1,60afe24ce4c04ab0168ed942cc2412bcbec3b9ecbbe3f08c7adcae563e43bf28,2025-06-19T06:15:19.347000 CVE-2025-5491,0,0,bde4a3997792f29e78b23bdff62128712428eb2913e7a1e844f896d042cfe900,2025-06-16T12:32:18.840000 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000 @@ -298223,7 +298226,7 @@ CVE-2025-5520,0,0,7c2bfb8c3dd08c8ae5c41fb6d0fc4af2a63667c7ffd8fc396ac26c2ae4f641 CVE-2025-5521,0,0,861bdba4f95b593c30504175f3f432e532688bdc97486d0d49a1402fdac3c1b9,2025-06-09T15:12:57.100000 CVE-2025-5522,0,0,a6f0feb7c3dd1459fe736f4f5982460ecbcab99d78d309661631c0ee8cbfc4d4,2025-06-04T14:54:33.783000 CVE-2025-5523,0,0,5efa29e7b7bd4b4641984376098bb78d90287d527ffeb481b2aac415b7a4bb5c,2025-06-09T15:12:42.317000 -CVE-2025-5524,1,1,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000 +CVE-2025-5524,0,0,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000 CVE-2025-5525,0,0,8a6fda70c73f8d7caf337b44e8088af73f34b5d808b601ef429b01e524913c40,2025-06-06T17:27:21.350000 CVE-2025-5527,0,0,23d619a74aea1abe1b9173eba88fa2a07d22ff2b8b371596fe573cc187fab574,2025-06-09T15:11:48.217000 CVE-2025-5528,0,0,9ff6f51c97698d79ccf64d3644dee7c04924a371e5162b7f2b385dd7df42f941,2025-06-09T12:15:47.880000