Auto-Update: 2025-04-12T06:00:20.134852+00:00

2025-05-08 03:27:17 +00:00 · 2025-04-12 06:03:56 +00:00 · 2025-04-12 06:03:56 +00:00 · a21f515ae6
commit a21f515ae6
parent 92e25c5638
3 changed files with 75 additions and 14 deletions
--- a/CVE-2025/CVE-2025-28xx/CVE-2025-2871.json
+++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2871.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-2871",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-04-12T04:15:39.283",
+  "lastModified": "2025-04-12T04:15:39.283",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WordPress Mega Menu \u2013 QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/quadmenu/tags/3.2.0/lib/class-admin.php#L105",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3270825/quadmenu/tags/3.2.1/lib/class-admin.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba7b675-54d6-4f0e-b60f-1c7fa6ff24ea?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-04-12T04:00:19.073555+00:00
+2025-04-12T06:00:20.134852+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-04-12T03:15:14.430000+00:00
+2025-04-12T04:15:39.283000+00:00
 ```

 ### Last Data Feed Release
@ -33,18 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-289709
+289710
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `1`

- [CVE-2025-2841](CVE-2025/CVE-2025-28xx/CVE-2025-2841.json) (`2025-04-12T03:15:13.453`)
- [CVE-2025-2881](CVE-2025/CVE-2025-28xx/CVE-2025-2881.json) (`2025-04-12T03:15:14.430`)
- [CVE-2025-29803](CVE-2025/CVE-2025-298xx/CVE-2025-29803.json) (`2025-04-12T02:15:20.990`)
- [CVE-2025-29834](CVE-2025/CVE-2025-298xx/CVE-2025-29834.json) (`2025-04-12T02:15:22.027`)
- [CVE-2025-32726](CVE-2025/CVE-2025-327xx/CVE-2025-32726.json) (`2025-04-12T02:15:22.180`)
+- [CVE-2025-2871](CVE-2025/CVE-2025-28xx/CVE-2025-2871.json) (`2025-04-12T04:15:39.283`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -287530,7 +287530,7 @@ CVE-2025-28406,0,0,8a8584932ab9b30901f733e1b8a8a21e4c7b2fc672972e9d10fc1d5750215
 CVE-2025-28407,0,0,02ff9b99320c3233f5b0003257d084563bbb73ef199de05918def25b69139a43,2025-04-09T19:00:44.523000
 CVE-2025-28408,0,0,556d1da5e4b09370d02f117a4f9eb27e5e37ca05d1c933d6571d5048adb4a027,2025-04-09T19:00:22.650000
 CVE-2025-28409,0,0,1d13bbbd37d815fb6acbd49cc553af3b39f1a6a7d080c3d5a8369d4d6c155c19,2025-04-09T18:59:55.370000
-CVE-2025-2841,1,1,03bd392d48388c31b31a08040f999fd6d2ae41dc8a3efe5eb742cb709d81c314,2025-04-12T03:15:13.453000
+CVE-2025-2841,0,0,03bd392d48388c31b31a08040f999fd6d2ae41dc8a3efe5eb742cb709d81c314,2025-04-12T03:15:13.453000
 CVE-2025-28410,0,0,390a852160bddcf2c156cf274d0d8bca8a6721ecd4d3570b30e72c83c7674ba1,2025-04-09T18:53:55.197000
 CVE-2025-28411,0,0,e9415e3b22995161cfbee07866f540247a4fae9e1d653d56761cfbbc552cd7ef,2025-04-09T18:45:40.463000
 CVE-2025-28412,0,0,e6e051343f3112a9d08b359070fea94cc6ed8af3cfe5b527f4eba28e476b3165,2025-04-09T18:41:48.533000
@ -287556,12 +287556,13 @@ CVE-2025-2867,0,0,88c0b57b1eb2be7b9f20a6a0d30f4f131c9b8b7b6d84647043831a11c1cbba
 CVE-2025-2868,0,0,85b9dc17660105c1d52e94e9c61b1a822461960fd4e0c0e93de75ddcee964209,2025-03-28T18:11:40.180000
 CVE-2025-2869,0,0,5066d8ca712c82ee845e66f8b1fc3a6c9e0a4e6b74c2b3263804ec9c98b4e586,2025-03-28T18:11:40.180000
 CVE-2025-2870,0,0,532ce24468347275f11c46ecc24e5d6555c309a32268ad9ae9a421f0ae266a95,2025-03-28T18:11:40.180000
+CVE-2025-2871,1,1,c3129e2d10d0a568d107217b47ebe413329b38cf864ca69972ffd3e876f2438e,2025-04-12T04:15:39.283000
 CVE-2025-2873,0,0,edeec97aec2b3292b499f5094d0f168ecd8763c5a36659abef4c11888578eb0e,2025-04-10T08:15:14.857000
 CVE-2025-2874,0,0,6a503ede6640ff91644e2f2d002d5c6c981994fafd27ed943d3456640dee218b,2025-04-07T14:18:34.453000
 CVE-2025-2876,0,0,93ded195bcbb0b5d9f004109e54f45d215e3de9103bc5d8820997a2888ec6270,2025-04-08T18:13:53.347000
 CVE-2025-2877,0,0,84ec84d2bfb12624c83348efbdfe58ac8be43428be65066c732bbd9fdb6142cb,2025-04-07T16:15:25.720000
 CVE-2025-2878,0,0,125728ac281a69ac5ecf14e31ba48aa14b6b6ffc7aef5853980db8dfb30bd674,2025-03-28T18:11:40.180000
-CVE-2025-2881,1,1,5009d8e276d2e6084ade5fe05db20a690557b55bc3550b3012cfb45fa31fb0e1,2025-04-12T03:15:14.430000
+CVE-2025-2881,0,0,5009d8e276d2e6084ade5fe05db20a690557b55bc3550b3012cfb45fa31fb0e1,2025-04-12T03:15:14.430000
 CVE-2025-2882,0,0,c97b3f3ea8d4bf1b525408e9c0aeb5839e6b1dab2a43ddecf7ef1915f34a41ad,2025-04-08T18:13:53.347000
 CVE-2025-2883,0,0,de11120bf19ac8735b713769da981d898702017cd1ccc7eb0f5a880098b288b6,2025-04-08T18:13:53.347000
 CVE-2025-2885,0,0,e2d01fa5043ddafa560e776b063da46f782fa630659191bee2d9e55b0a2acc15,2025-03-28T18:11:40.180000
@ -287846,7 +287847,7 @@ CVE-2025-2980,0,0,e90bea9fa0869a16071d3d0a033a2bb76e259b349a9a0bf9fb845593fb53ed
 CVE-2025-29800,0,0,aa88ac334e3cd604c62f77dfd84972dee93997f0496d3c9899d6b123738b9e7c,2025-04-09T20:03:01.577000
 CVE-2025-29801,0,0,f30e3573fbc30d148919af02cba137f289819a51d5b9eee78416badb077c0363,2025-04-09T20:03:01.577000
 CVE-2025-29802,0,0,46c6a557868779b154ff9aed262faa8bb2e5f5d0c5c9b86e54991fc1f06a6f56,2025-04-09T20:03:01.577000
-CVE-2025-29803,1,1,333994a0483fa51b70cfad3586413b2bfa9dba6567523e1fb4f133b8194fa609,2025-04-12T02:15:20.990000
+CVE-2025-29803,0,0,333994a0483fa51b70cfad3586413b2bfa9dba6567523e1fb4f133b8194fa609,2025-04-12T02:15:20.990000
 CVE-2025-29804,0,0,ca1cad07e08ecaedeb2eafb47c36614038147850e0b096fd73a494ee2f654c18,2025-04-09T20:03:01.577000
 CVE-2025-29805,0,0,7845e0d29cd139c610706039b774486523ec11a7a3670f5f227cb58b14d3c44a,2025-04-09T20:03:01.577000
 CVE-2025-29806,0,0,dde4af49c411f184b167c313d22e18033ab4a12ed1db72bb3f1109ada8823750,2025-04-02T14:16:10.870000
@ -287868,7 +287869,7 @@ CVE-2025-29822,0,0,4de7dc0240419b00e77efcf43425faa5e15e299e871fbc149227db8670e83
 CVE-2025-29823,0,0,7020e8f361c2e1051ff80b6673ee2bc8c14b1552e575c216beb796659e5526c1,2025-04-09T20:03:01.577000
 CVE-2025-29824,0,0,98cb78aee90059a4523542d9603153b103d0d54101029a6433c3089528857b68,2025-04-11T13:52:51.510000
 CVE-2025-2983,0,0,efeaa991885da11a1c8124e07f7de31c07c78c44b0bef43fd1faec4e54149319,2025-04-01T20:26:30.593000
-CVE-2025-29834,1,1,c1edafc5db08600d282b1d504c73c12ff10139e21c4a2899ff9f8e6c1240a7ff,2025-04-12T02:15:22.027000
+CVE-2025-29834,0,0,c1edafc5db08600d282b1d504c73c12ff10139e21c4a2899ff9f8e6c1240a7ff,2025-04-12T02:15:22.027000
 CVE-2025-2984,0,0,3f4e6cd5cc63eeb9ae67002e32115346660333feb5923743bc7019b2dd2d5767,2025-04-01T20:26:30.593000
 CVE-2025-2985,0,0,a3543a73ce62ad86efa1e3373d8316301a2f3bab41174741e4e7d45e59a2160e,2025-04-01T20:26:30.593000
 CVE-2025-29868,0,0,9813b653c5bca2e8acf756b26daf804f197eeda8b9cebaf4dca020346cbb34e2,2025-04-10T15:16:03.860000
@ -289554,7 +289555,7 @@ CVE-2025-32697,0,0,19fee2a61856ee4a7320f7190e69e8ccea7572ac4306df698c960a26103f7
 CVE-2025-32698,0,0,16466f8b695d6edbf317b0af563ba9f209d642f17ecdd1954cc311df468a6223,2025-04-11T15:39:52.920000
 CVE-2025-32699,0,0,23a94d723c50baa82e78f6da8a3b64d0890697435859549aeff94050657616dd,2025-04-11T15:39:52.920000
 CVE-2025-32700,0,0,c0e8c73e6cd2dba0f2638bdb87a5004e45d9151953fe53305663743891fc2cb9,2025-04-11T15:39:52.920000
-CVE-2025-32726,1,1,284993c8dd32005caa6cf2286e093276071e26c6cad1d11e74895a2086a5fa63,2025-04-12T02:15:22.180000
+CVE-2025-32726,0,0,284993c8dd32005caa6cf2286e093276071e26c6cad1d11e74895a2086a5fa63,2025-04-12T02:15:22.180000
 CVE-2025-32728,0,0,3412470eeb78d54bf8cb06076372596e4f91bb03b171bf6dd938a768564aebbf,2025-04-11T15:40:10.277000
 CVE-2025-32743,0,0,22cd88375a4ea091d730f6e11751ffcb7fa9bb31f6c5963a03a37755aa77afd4,2025-04-11T15:39:52.920000
 CVE-2025-32754,0,0,ae122a89fe2ff1f5e82a8c1270ad0ed695d11eff047f3e9907db07d410a6a7ca,2025-04-11T15:39:52.920000