Auto-Update: 2025-04-30T08:00:20.319195+00:00

2025-07-11 16:13:34 +00:00 · 2025-04-30 08:03:57 +00:00 · 2025-04-30 08:03:57 +00:00 · a984bceec6
commit a984bceec6
parent da066b07b0
4 changed files with 95 additions and 7 deletions
--- a/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json
+++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2025-3471",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2025-04-30T06:15:53.153",
+  "lastModified": "2025-04-30T06:15:53.153",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SureForms  WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json
+++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-3953",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-04-30T06:15:53.300",
+  "lastModified": "2025-04-30T06:15:53.300",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.13.2/src/Service/Admin/AjaxOptionUpdater.php#L33",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3283791/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07f7ef07-0f14-4b74-8d47-d5dece4954b0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-04-30T06:00:20.060750+00:00
+2025-04-30T08:00:20.319195+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-04-30T05:15:46.707000+00:00
+2025-04-30T06:15:53.300000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-291749
+291751
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2025-3471](CVE-2025/CVE-2025-34xx/CVE-2025-3471.json) (`2025-04-30T06:15:53.153`)
+- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2025-0395](CVE-2025/CVE-2025-03xx/CVE-2025-0395.json) (`2025-04-30T05:15:46.707`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -281617,7 +281617,7 @@ CVE-2025-0391,0,0,0467368bada2df94a15908d4f5a949241716a78292a611cf2ebdc384e88dff
 CVE-2025-0392,0,0,6d776f15a1615409f95c7590d77895411eaef103ad79522fbedabde2ae1bcf6e,2025-01-11T11:15:06.657000
 CVE-2025-0393,0,0,74b1491fc9d1d332b7cea13756d765de036ad1e5aabef642cce253224abebfeb,2025-03-03T18:44:25.393000
 CVE-2025-0394,0,0,8af05602da319139a083fa2a7a4d905dc508d9028abbcf98db5f09623dbab6ca,2025-01-14T09:15:21.430000
-CVE-2025-0395,0,1,5b5c71756306ce4d878b249fd650a78c9027fc29e10b3bf5e364f35d4d490dcc,2025-04-30T05:15:46.707000
+CVE-2025-0395,0,0,5b5c71756306ce4d878b249fd650a78c9027fc29e10b3bf5e364f35d4d490dcc,2025-04-30T05:15:46.707000
 CVE-2025-0396,0,0,b1ad63be952ebb25b29036632d23a5d199acb4c2189238a997d4a9d9ed4a3a46,2025-01-12T12:15:17.963000
 CVE-2025-0397,0,0,fc2836035f8f0734fbc89dbf3d5d6ca5a6d8f9324d4d87855a3361cc69455d9f,2025-01-12T13:15:07.333000
 CVE-2025-0398,0,0,7635a06cfc090a7002e0ac0d2d6a644dce64169ca946e1fb581e4d24bb6a960c,2025-01-12T14:15:08.993000
@ -290912,6 +290912,7 @@ CVE-2025-3457,0,0,a523da33f81c9e1e077033bed7863910db875409f58d4964d00736d5604ca8
 CVE-2025-3458,0,0,0415e5078f11ddf0e286ef1d5cad3fb50ad1607a82f18290577a209ff15dc95c,2025-04-23T14:08:13.383000
 CVE-2025-3469,0,0,4bca5426f9919f93dad9a4b1c330f34d47eacab0082cc9b29903729bbc139092,2025-04-11T15:39:52.920000
 CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a39093,2025-04-15T18:39:27.967000
+CVE-2025-3471,1,1,658552204815767a3678db10fa35cf3cae525d71b01764ee1e8887665ab6a26e,2025-04-30T06:15:53.153000
 CVE-2025-3472,0,0,11e3c105779f6d6a496aeced00de3a3c3646952e6f66369a67b33d817aacd1a0,2025-04-23T14:08:13.383000
 CVE-2025-3474,0,0,b6de92ac438f32870a4d6c552a2123f6f68213b92be966aee0e7401ddd248d53,2025-04-09T20:02:41.860000
 CVE-2025-3475,0,0,ff2d6c8584b1bcdb40146c2b5f353ed3942d3a2ca7a36d451238afc4497ce8f1,2025-04-09T20:02:41.860000
@ -291255,6 +291256,7 @@ CVE-2025-39526,0,0,e48eefb58efeec413382bf0a150c6063a3820bdf98f98c55351275c777655
 CVE-2025-39527,0,0,3284145183922bc0e58f1a51fb33927acbe4c2798946bac3fed9855491e320fa,2025-04-17T20:21:05.203000
 CVE-2025-39528,0,0,b664d763e51683b756b32fed17f8ce933e99d37fef048895d1a00e8da105b797,2025-04-16T13:25:37.340000
 CVE-2025-39529,0,0,bcf34c2d62331729e70811811e71dcf889d640ae1b171cefed763836fbc33e68,2025-04-16T13:25:37.340000
+CVE-2025-3953,1,1,435e0a3d1654432d9cdef4d532a6e92e2c2221d4dbe1ad432aee200dbbf41966,2025-04-30T06:15:53.300000
 CVE-2025-39530,0,0,04cd4efd0982bc2e3b3a3fdf151be77700254449378583fee75d72392e767a80,2025-04-16T13:25:37.340000
 CVE-2025-39531,0,0,ff1b3efe015a3987f44dddec7757fb08524f162b253adf68dd482dc34a954500,2025-04-16T13:25:37.340000
 CVE-2025-39532,0,0,c6a1aa250e41f609065af7ae7d78ed7ce37833beb178fb16dc9d01c8b07d0228,2025-04-17T20:21:05.203000