From a7187623ad7bc322e8f990d55b7ccc605224ee9e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 1 Jul 2025 08:03:50 +0000 Subject: [PATCH] Auto-Update: 2025-07-01T08:00:15.864836+00:00 --- CVE-2025/CVE-2025-69xx/CVE-2025-6934.json | 68 +++++++++++++++++++++++ README.md | 11 ++-- _state.csv | 5 +- 3 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 CVE-2025/CVE-2025-69xx/CVE-2025-6934.json diff --git a/CVE-2025/CVE-2025-69xx/CVE-2025-6934.json b/CVE-2025/CVE-2025-69xx/CVE-2025-6934.json new file mode 100644 index 00000000000..c5e715331b8 --- /dev/null +++ b/CVE-2025/CVE-2025-69xx/CVE-2025-6934.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-6934", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-01T07:15:27.340", + "lastModified": "2025-07-01T07:15:27.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L228", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L235", + "source": "security@wordfence.com" + }, + { + "url": "https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 35f76303a79..e88a9d1d87c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-01T06:00:12.408563+00:00 +2025-07-01T08:00:15.864836+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-01T04:15:45.530000+00:00 +2025-07-01T07:15:27.340000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -299940 +299941 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `1` -- [CVE-2025-5967](CVE-2025/CVE-2025-59xx/CVE-2025-5967.json) (`2025-07-01T04:15:34.137`) -- [CVE-2025-6081](CVE-2025/CVE-2025-60xx/CVE-2025-6081.json) (`2025-07-01T04:15:45.530`) +- [CVE-2025-6934](CVE-2025/CVE-2025-69xx/CVE-2025-6934.json) (`2025-07-01T07:15:27.340`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 9536722a3a4..77a3984ef6c 100644 --- a/_state.csv +++ b/_state.csv @@ -299331,7 +299331,7 @@ CVE-2025-5959,0,0,a39e129e58512bcee45e4710589bda0209f85db251e85a57b71fd6de1e6610 CVE-2025-5963,0,0,fa08382550ea0c3ee30b8fad922b8d6a6c917f388130b237bfade6a185c04053,2025-06-23T20:16:40.143000 CVE-2025-5964,0,0,fdc2a55a5a19378f1914fbf75b6cbe370c921fe75e327e1cb5f217f1b15bf1ea,2025-06-16T12:32:18.840000 CVE-2025-5966,0,0,5fef1f8d71467ec9a2d7c03ed5fd15a9a07208246d1389eb3712cac93ecf32f4,2025-06-26T18:57:43.670000 -CVE-2025-5967,1,1,b48fb0d1cee195659328914d216f980ed0f0a03401e78af9480757f730bd27d0,2025-07-01T04:15:34.137000 +CVE-2025-5967,0,0,b48fb0d1cee195659328914d216f980ed0f0a03401e78af9480757f730bd27d0,2025-07-01T04:15:34.137000 CVE-2025-5969,0,0,c1cc21e3e671c92cd4500d184398151db62163dec64f67d18a86b28ac5130697,2025-06-12T16:06:29.520000 CVE-2025-5970,0,0,c0dffa88245f943ccee6014f6c262b234873584bcf552256828e546681f676da,2025-06-17T20:35:26.663000 CVE-2025-5971,0,0,33a5707def1920d97a91033da89284cb10f24ad1290b87bb2c7f2d9d32708e58,2025-06-16T15:02:21.960000 @@ -299382,7 +299382,7 @@ CVE-2025-6064,0,0,979f98e59c93c3db1b1e3d8ca32b91237e3a41952bd15c0b929b60ca805f9f CVE-2025-6065,0,0,b54a72f9a0b99c16c66aef6c3f604cf5fb2ce5dc53cfc18dad9d67742adfbf62,2025-06-16T12:32:18.840000 CVE-2025-6069,0,0,aaecddc9e641aff8b09932943a0957451f7ad4331a64dcf165cb33af86f66732,2025-06-17T20:50:23.507000 CVE-2025-6070,0,0,c5bf4414dfa4d281aa3a990feec25cc21fddd34f58ddd67c6eaf8ae460160cc5,2025-06-16T12:32:18.840000 -CVE-2025-6081,1,1,5b381e3cf1ff40df1b499fb0734aba310cc192198f73fcd073837de79a43c8c7,2025-07-01T04:15:45.530000 +CVE-2025-6081,0,0,5b381e3cf1ff40df1b499fb0734aba310cc192198f73fcd073837de79a43c8c7,2025-07-01T04:15:45.530000 CVE-2025-6083,0,0,b33f55da80da8b54015e6694bf27d7fb64e15676e9297ecd61b06510d2a00a90,2025-06-16T12:32:18.840000 CVE-2025-6086,0,0,47d81c6a7c77fd918f6e31762cf63f0608615658487674feed6c6566605fdefc,2025-06-18T13:46:52.973000 CVE-2025-6087,0,0,5d3cce316ca5514d26e28bfd08fd7951e8d7ff53f381ea5d6bd8b5eb4dcb4441,2025-06-17T20:50:23.507000 @@ -299933,6 +299933,7 @@ CVE-2025-6929,0,0,9ece799ba6281b8e7980c379023d8b829d9e61abb4e41ab8d03daafaba29b6 CVE-2025-6930,0,0,bee982db182da79a40468adbb11226ff1e623020a4f5164f27db8f4cc413aaf3,2025-06-30T22:15:30.010000 CVE-2025-6931,0,0,df9ddfbde912faafa5e4493b429283a88936738657f10a40de2d7749ea0b032c,2025-06-30T23:15:21.863000 CVE-2025-6932,0,0,6c23dab722d2bfca6e0ab05eb53a46bfd002e1a13ce5c4f6e40d491d0daae338,2025-06-30T23:15:22.103000 +CVE-2025-6934,1,1,a17d233a1432d2df5bb92b39d598a58250ad95fa7709f512169f9ea3cbd589d9,2025-07-01T07:15:27.340000 CVE-2025-6935,0,0,fd4a1ec4b99f2a650759c2bea64cb45ca308091d621bef64e4913956328f51d5,2025-07-01T00:15:26.503000 CVE-2025-6936,0,0,17d978cfdc085edc95015327ec5495108c341661ff194664ad18d0b05d6deb47,2025-07-01T00:15:26.740000 CVE-2025-6937,0,0,b10d8c1265117b053b6599e6b544c7c61d2c978d507bac9b95b840b3f696bfc4,2025-07-01T01:15:28.577000