From a984bceec6e8a2f50b3da220843311e7dd0cfbfb Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 30 Apr 2025 08:03:57 +0000 Subject: [PATCH] Auto-Update: 2025-04-30T08:00:20.319195+00:00 --- CVE-2025/CVE-2025-34xx/CVE-2025-3471.json | 21 ++++++++ CVE-2025/CVE-2025-39xx/CVE-2025-3953.json | 64 +++++++++++++++++++++++ README.md | 13 ++--- _state.csv | 4 +- 4 files changed, 95 insertions(+), 7 deletions(-) create mode 100644 CVE-2025/CVE-2025-34xx/CVE-2025-3471.json create mode 100644 CVE-2025/CVE-2025-39xx/CVE-2025-3953.json diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json new file mode 100644 index 00000000000..1fa68010ca1 --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-3471", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-04-30T06:15:53.153", + "lastModified": "2025-04-30T06:15:53.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json new file mode 100644 index 00000000000..027eae095f7 --- /dev/null +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-3953", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-30T06:15:53.300", + "lastModified": "2025-04-30T06:15:53.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.13.2/src/Service/Admin/AjaxOptionUpdater.php#L33", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3283791/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07f7ef07-0f14-4b74-8d47-d5dece4954b0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 68f23636202..b721ea443f9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-30T06:00:20.060750+00:00 +2025-04-30T08:00:20.319195+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-30T05:15:46.707000+00:00 +2025-04-30T06:15:53.300000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -291749 +291751 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `2` +- [CVE-2025-3471](CVE-2025/CVE-2025-34xx/CVE-2025-3471.json) (`2025-04-30T06:15:53.153`) +- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-0395](CVE-2025/CVE-2025-03xx/CVE-2025-0395.json) (`2025-04-30T05:15:46.707`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 45cc2aff063..58dd8509e5e 100644 --- a/_state.csv +++ b/_state.csv @@ -281617,7 +281617,7 @@ CVE-2025-0391,0,0,0467368bada2df94a15908d4f5a949241716a78292a611cf2ebdc384e88dff CVE-2025-0392,0,0,6d776f15a1615409f95c7590d77895411eaef103ad79522fbedabde2ae1bcf6e,2025-01-11T11:15:06.657000 CVE-2025-0393,0,0,74b1491fc9d1d332b7cea13756d765de036ad1e5aabef642cce253224abebfeb,2025-03-03T18:44:25.393000 CVE-2025-0394,0,0,8af05602da319139a083fa2a7a4d905dc508d9028abbcf98db5f09623dbab6ca,2025-01-14T09:15:21.430000 -CVE-2025-0395,0,1,5b5c71756306ce4d878b249fd650a78c9027fc29e10b3bf5e364f35d4d490dcc,2025-04-30T05:15:46.707000 +CVE-2025-0395,0,0,5b5c71756306ce4d878b249fd650a78c9027fc29e10b3bf5e364f35d4d490dcc,2025-04-30T05:15:46.707000 CVE-2025-0396,0,0,b1ad63be952ebb25b29036632d23a5d199acb4c2189238a997d4a9d9ed4a3a46,2025-01-12T12:15:17.963000 CVE-2025-0397,0,0,fc2836035f8f0734fbc89dbf3d5d6ca5a6d8f9324d4d87855a3361cc69455d9f,2025-01-12T13:15:07.333000 CVE-2025-0398,0,0,7635a06cfc090a7002e0ac0d2d6a644dce64169ca946e1fb581e4d24bb6a960c,2025-01-12T14:15:08.993000 @@ -290912,6 +290912,7 @@ CVE-2025-3457,0,0,a523da33f81c9e1e077033bed7863910db875409f58d4964d00736d5604ca8 CVE-2025-3458,0,0,0415e5078f11ddf0e286ef1d5cad3fb50ad1607a82f18290577a209ff15dc95c,2025-04-23T14:08:13.383000 CVE-2025-3469,0,0,4bca5426f9919f93dad9a4b1c330f34d47eacab0082cc9b29903729bbc139092,2025-04-11T15:39:52.920000 CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a39093,2025-04-15T18:39:27.967000 +CVE-2025-3471,1,1,658552204815767a3678db10fa35cf3cae525d71b01764ee1e8887665ab6a26e,2025-04-30T06:15:53.153000 CVE-2025-3472,0,0,11e3c105779f6d6a496aeced00de3a3c3646952e6f66369a67b33d817aacd1a0,2025-04-23T14:08:13.383000 CVE-2025-3474,0,0,b6de92ac438f32870a4d6c552a2123f6f68213b92be966aee0e7401ddd248d53,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,ff2d6c8584b1bcdb40146c2b5f353ed3942d3a2ca7a36d451238afc4497ce8f1,2025-04-09T20:02:41.860000 @@ -291255,6 +291256,7 @@ CVE-2025-39526,0,0,e48eefb58efeec413382bf0a150c6063a3820bdf98f98c55351275c777655 CVE-2025-39527,0,0,3284145183922bc0e58f1a51fb33927acbe4c2798946bac3fed9855491e320fa,2025-04-17T20:21:05.203000 CVE-2025-39528,0,0,b664d763e51683b756b32fed17f8ce933e99d37fef048895d1a00e8da105b797,2025-04-16T13:25:37.340000 CVE-2025-39529,0,0,bcf34c2d62331729e70811811e71dcf889d640ae1b171cefed763836fbc33e68,2025-04-16T13:25:37.340000 +CVE-2025-3953,1,1,435e0a3d1654432d9cdef4d532a6e92e2c2221d4dbe1ad432aee200dbbf41966,2025-04-30T06:15:53.300000 CVE-2025-39530,0,0,04cd4efd0982bc2e3b3a3fdf151be77700254449378583fee75d72392e767a80,2025-04-16T13:25:37.340000 CVE-2025-39531,0,0,ff1b3efe015a3987f44dddec7757fb08524f162b253adf68dd482dc34a954500,2025-04-16T13:25:37.340000 CVE-2025-39532,0,0,c6a1aa250e41f609065af7ae7d78ed7ce37833beb178fb16dc9d01c8b07d0228,2025-04-17T20:21:05.203000