Auto-Update: 2025-06-19T08:00:19.331751+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-19 08:04:00 +00:00 · 2025-06-19 08:04:00 +00:00 · 810992dd51
commit 810992dd51
parent 94d5e1abb6
5 changed files with 223 additions and 14 deletions
--- a/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json
+++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json
@ -0,0 +1,88 @@
 {
  "id": "CVE-2025-4571",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-06-19T07:15:27.383",
  "lastModified": "2025-06-19T07:15:27.383",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/Endpoint.php#L26",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/GetLogs.php#L40",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/DeleteCampaignListTable.php#L40",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/GetCampaignsListTable.php#L95",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/Endpoint.php#L57",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/ListDonors.php#L31",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/EventTickets/Routes/UpdateEvent.php#L36",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3305112/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json
+++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2025-4965",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-06-19T07:15:30.313",
  "lastModified": "2025-06-19T07:15:30.313",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://kb.wpbakery.com/docs/preface/release-notes/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0489172-279c-4397-a937-bca4840a196f?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-54xx/CVE-2025-5490.json
+++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5490.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2025-5490",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-06-19T06:15:19.347",
  "lastModified": "2025-06-19T06:15:19.347",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wordpress.org/plugins/football-pool/#developers",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16a285b1-7a20-455f-8f74-2e468dd436d3?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2025-06-19T06:00:22.339654+00:00
+2025-06-19T08:00:19.331751+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2025-06-19T05:15:23.570000+00:00
+2025-06-19T07:15:30.313000+00:00
 ```
 ### Last Data Feed Release
@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-298691
+298694
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `5`
+Recently added CVEs: `3`
- [CVE-2025-4367](CVE-2025/CVE-2025-43xx/CVE-2025-4367.json) (`2025-06-19T04:15:36.313`)
+- [CVE-2025-4571](CVE-2025/CVE-2025-45xx/CVE-2025-4571.json) (`2025-06-19T07:15:27.383`)
- [CVE-2025-4479](CVE-2025/CVE-2025-44xx/CVE-2025-4479.json) (`2025-06-19T04:15:49.147`)
+- [CVE-2025-4965](CVE-2025/CVE-2025-49xx/CVE-2025-4965.json) (`2025-06-19T07:15:30.313`)
- [CVE-2025-50201](CVE-2025/CVE-2025-502xx/CVE-2025-50201.json) (`2025-06-19T04:15:49.340`)
+- [CVE-2025-5490](CVE-2025/CVE-2025-54xx/CVE-2025-5490.json) (`2025-06-19T06:15:19.347`)
 - [CVE-2025-52474](CVE-2025/CVE-2025-524xx/CVE-2025-52474.json) (`2025-06-19T04:15:53.793`)
 - [CVE-2025-5524](CVE-2025/CVE-2025-55xx/CVE-2025-5524.json) (`2025-06-19T05:15:23.570`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -295325,7 +295325,7 @@ CVE-2025-4363,0,0,cfc7942feeb9a0f9f6312b42fa943d50981f3a9d84068f01e49e58a260df8f
 CVE-2025-4364,0,0,7abc96b4496bfef1269854d9d4450b426753c52eb291c976d683ed2fcf48245a,2025-05-21T20:24:58.133000
 CVE-2025-4365,0,0,2b05fbd3ee331b9b166c50a4e212d6a31f636e625995a053b35cc1f726bc5b70,2025-06-17T20:50:23.507000
 CVE-2025-4366,0,0,bcded185529e0d98925e3339147ae571994f757d2bfcccaea5b250946b72f4b2,2025-06-18T14:15:45.480000
-CVE-2025-4367,1,1,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000
+CVE-2025-4367,0,0,682c2a144c95955457b3ac556ec7145b50e47485a1e890c970789a5cfd6a6f53,2025-06-19T04:15:36.313000
 CVE-2025-4368,0,0,5060346bbf213853af51c9b1f1ab82f240c6c047743a52b24483fa7453a5d04f,2025-05-13T20:19:54.440000
 CVE-2025-43697,0,0,f1043efe55ac8e178b55f78e087508d0bf6544d27eb7c45213c2e77f7aa48499,2025-06-12T16:06:39.330000
 CVE-2025-43698,0,0,3dac27db9c135e523f1efa9639e13a539499d2573b10a362aa6a362c36a987d2,2025-06-12T16:06:39.330000
@ -295530,7 +295530,7 @@ CVE-2025-4475,0,0,14fd175cd338c800e457595a2058771799c1f3a8f146feda826cf08c0646f5
 CVE-2025-4476,0,0,e32ef10e7ee74bf8997b5a3acc66e8eaf2de48d03c2aa0ec9fb3efc72c6b8898,2025-05-19T13:35:20.460000
 CVE-2025-4477,0,0,5d325fd488fe711c70532dd4f52799a0eeba1df6528fa57f803916528a54f20e,2025-05-19T13:35:20.460000
 CVE-2025-4478,0,0,061fb97490acc324c9dd904796e3db3e84b55414212748ef73f1bc208255ac1d,2025-05-23T05:15:26.520000
-CVE-2025-4479,1,1,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000
+CVE-2025-4479,0,0,77c3b78c5f2785c2220665b558e1b60998dc4a2f1f2c70faa4bf21e165291a9d,2025-06-19T04:15:49.147000
 CVE-2025-4480,0,0,be672d537a11a289b7d1b98f279ab333277916180d26385e3402215687d48a25,2025-05-16T15:34:40.510000
 CVE-2025-4481,0,0,0fe1448ef925f4ba16b8e05736b526de574a9ed7259d4944c0e5684d261dd60d,2025-05-16T15:34:18.840000
 CVE-2025-4482,0,0,37defc00475ef05b44644d8bb5a008e1f6920f65b0aefa705ddfdf3f2924a0eb,2025-05-16T15:33:57.440000
@ -295728,6 +295728,7 @@ CVE-2025-4565,0,0,4256f50161ec95000de287e54ecfa2b8b56d3a683613b559af85e1b918e03f
 CVE-2025-45661,0,0,d4f42c25435e84688f4ce3b76e88805fd211efabda5b2495d0e5c2dcb924ab9f,2025-06-18T15:15:26.513000
 CVE-2025-4567,0,0,121a90467be941d9ad01a97d3e24fb32b96a7e829013a214205341e8c0284209,2025-06-05T14:09:17.020000
 CVE-2025-4568,0,0,a7dc4015dc0dc8a1d051ca0a0c8659f2aa00a001767db9893b5b3f88ebbd1af5,2025-06-05T20:12:23.777000
 CVE-2025-4571,1,1,7accd45190d1299f14fe607dc3152a892706b401fe1348520eb09c8c3d3026a1,2025-06-19T07:15:27.383000
 CVE-2025-4573,0,0,0d573fb0cacdd281e28bc5c9943a8fc5e68cc59a1800ffb046dd0a624e090a9c,2025-06-12T16:06:20.180000
 CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000
 CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000
@ -297756,6 +297757,7 @@ CVE-2025-49599,0,0,cd0748db942732a0e968c564ce05d560bd51611e52e8cb06dc26ca9e65d8d
 CVE-2025-49619,0,0,34a674efa79bca2e7a9fcbbfc8a71e4ddf39896b0ede59561baed790959985f3,2025-06-17T21:15:40.087000
 CVE-2025-4963,0,0,bcea30a5657c56e720740d0c1da3f6ecccc2ea27495c62c19f4e987237e46939,2025-05-28T15:01:30.720000
 CVE-2025-4964,0,0,9a4175fc819c8903aae087508d79cb283240d351bb7e4f3f9bd0bc9b58a9f683,2025-06-06T14:07:28.330000
 CVE-2025-4965,1,1,4d171354decca482da50ed115f552cbf6642491c7ea8fdf024d3b153c93df3ff,2025-06-19T07:15:30.313000
 CVE-2025-49651,0,0,ecd6db239799c80e73dfe281bfa935795ea245e34751118be82d7d5f0d28a7ba,2025-06-12T16:06:47.857000
 CVE-2025-49652,0,0,5a76dd260d6029491ef52092d08bbfa84d61278dc46b50bc18d56c90cc0b5e95,2025-06-12T16:06:47.857000
 CVE-2025-49653,0,0,36772486eb86bf027545ccf93e5df122b7fe00938396229f36e9e79e3e8b0f30,2025-06-12T16:06:47.857000
@ -297865,7 +297867,7 @@ CVE-2025-50182,0,0,93456784c188b1b8503b694ba28732c6770780f754e8588d4b113b9fa2491
 CVE-2025-50183,0,0,577421c902a6680948fa734ac4a401e6dec872b90f6732d2f36c75be4e0482da,2025-06-19T03:15:25.717000
 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000
 CVE-2025-5020,0,0,a009d51287904279a69fbc7b7d45e7044fc45e21284eb97bd084f038009245ee,2025-06-13T18:55:32.903000
-CVE-2025-50201,1,1,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000
+CVE-2025-50201,0,0,6c0ac0a1b3f20c50cd6e6108194b16fda3c838e050a9f8f2f931be0a16f0b604,2025-06-19T04:15:49.340000
 CVE-2025-50202,0,0,c82284387579a4d5287081c79bce5f56bb74234016b730f3d53b62b5739eec46,2025-06-18T13:46:52.973000
 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000
 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000
@ -298047,7 +298049,7 @@ CVE-2025-5245,0,0,76dfb770c29fdb4cddbdbfbfa1fee59cf2a7272fa687dfaa6e702792fcfc63
 CVE-2025-5246,0,0,58006bd67e3ca573529b2f3e87b16b1c40180151481747e10351ab9236833e82,2025-05-28T20:38:00.033000
 CVE-2025-52467,0,0,1d44b4ec1f24c8fb925117e58cded1f52726868651b6f32ac341ea831aaa464f,2025-06-19T03:15:25.870000
 CVE-2025-5247,0,0,54e3a381cfd9dfdb05827b9f71ff8bbd85014209bf716148a0d5df41e284d42b,2025-05-28T15:01:30.720000
-CVE-2025-52474,1,1,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000
+CVE-2025-52474,0,0,90aca3999fbf5ca7dd4557d7388545c99ea4ce981f2f9c8d02593988d225c460,2025-06-19T04:15:53.793000
 CVE-2025-5248,0,0,cb74e13c3a661382a173d2171f53e905ac7962a17d411318369a81c1a4c9d649,2025-06-10T15:12:22.573000
 CVE-2025-5249,0,0,fc0947e1350e4210bd6e677b41423c19ba4df5864aa9264c3ec9f64636ca0b76,2025-05-28T15:01:30.720000
 CVE-2025-5250,0,0,2a4bdc606e390fc951ba8f4ded6d97e8a69fbc9ec9574eb66322c159fbee23de,2025-06-10T15:12:33.010000
@ -298197,6 +298199,7 @@ CVE-2025-5484,0,0,ff712dd03f32af2310b571323993d06900491354a9de82d92a7ba8f6cd5858
 CVE-2025-5485,0,0,2e860e2d57c553742a7a4058b06e9ead83d36be7b50569039a067969f103feac,2025-06-16T12:32:18.840000
 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000
 CVE-2025-5487,0,0,a2325d70b19f1faa0bb78067f87ae57fb5952acc710d0b21151f32c03c4f828a,2025-06-16T12:32:18.840000
 CVE-2025-5490,1,1,60afe24ce4c04ab0168ed942cc2412bcbec3b9ecbbe3f08c7adcae563e43bf28,2025-06-19T06:15:19.347000
 CVE-2025-5491,0,0,bde4a3997792f29e78b23bdff62128712428eb2913e7a1e844f896d042cfe900,2025-06-16T12:32:18.840000
 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000
 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000
@ -298223,7 +298226,7 @@ CVE-2025-5520,0,0,7c2bfb8c3dd08c8ae5c41fb6d0fc4af2a63667c7ffd8fc396ac26c2ae4f641
 CVE-2025-5521,0,0,861bdba4f95b593c30504175f3f432e532688bdc97486d0d49a1402fdac3c1b9,2025-06-09T15:12:57.100000
 CVE-2025-5522,0,0,a6f0feb7c3dd1459fe736f4f5982460ecbcab99d78d309661631c0ee8cbfc4d4,2025-06-04T14:54:33.783000
 CVE-2025-5523,0,0,5efa29e7b7bd4b4641984376098bb78d90287d527ffeb481b2aac415b7a4bb5c,2025-06-09T15:12:42.317000
-CVE-2025-5524,1,1,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000
+CVE-2025-5524,0,0,91ac06db392ed8170225731123862cbfd5adb43e3b8ba1422b5c1c69bce662f2,2025-06-19T05:15:23.570000
 CVE-2025-5525,0,0,8a6fda70c73f8d7caf337b44e8088af73f34b5d808b601ef429b01e524913c40,2025-06-06T17:27:21.350000
 CVE-2025-5527,0,0,23d619a74aea1abe1b9173eba88fa2a07d22ff2b8b371596fe573cc187fab574,2025-06-09T15:11:48.217000
 CVE-2025-5528,0,0,9ff6f51c97698d79ccf64d3644dee7c04924a371e5162b7f2b385dd7df42f941,2025-06-09T12:15:47.880000