Auto-Update: 2025-03-26T05:00:19.976184+00:00

2025-06-21 17:41:05 +00:00 · 2025-03-26 05:03:50 +00:00 · 2025-03-26 05:03:50 +00:00 · dda3615695
commit dda3615695
parent 434e21ca13
7 changed files with 309 additions and 7 deletions
--- a/CVE-2025/CVE-2025-14xx/CVE-2025-1490.json
+++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1490.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-1490",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-26T03:15:12.257",
+  "lastModified": "2025-03-26T03:15:12.257",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018setstatus\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/smart-maintenance-mode/trunk/smart-maintenance-mode.php#L562",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/smart-maintenance-mode/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea9ca8ac-e735-4e84-af0f-45d22a8e2124?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-21xx/CVE-2025-2165.json
+++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2165.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-2165",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-26T03:15:12.853",
+  "lastModified": "2025-03-26T03:15:12.853",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/sh-email-alert/tags/1.0/manage.php#L156",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/sh-email-alert/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc20180b-4665-4ade-b512-b0f0148200e7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-25xx/CVE-2025-2573.json
+++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2573.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-2573",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-26T03:15:13.033",
+  "lastModified": "2025-03-26T03:15:13.033",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/amazing-service-box-visual-composer-addons/trunk/asb_addon.php#L114",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/amazing-service-box-visual-composer-addons/trunk/asb_addon.php#L45",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/amazing-service-box-visual-composer-addons/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f6ce4d-6ca5-4a62-ae84-9dd190fc0392?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-25xx/CVE-2025-2576.json
+++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2576.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-2576",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-26T03:15:13.213",
+  "lastModified": "2025-03-26T03:15:13.213",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ayyash-studio/tags/1.0.3/includes/Importer/Wxr/StudioImporter.php#L351",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ayyash-studio/tags/1.0.3/includes/Importer/Wxr/StudioImporter.php#L37",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/ayyash-studio/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634fa1ed-ad6b-4875-b6f9-f20add39dc80?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-307xx/CVE-2025-30742.json
+++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30742.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2025-30742",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-03-26T04:15:23.403",
+  "lastModified": "2025-03-26T04:15:23.403",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\\0' character."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/pizhenwei/atophttpd/blob/74c9f14796b15dc9de5839a5749202f933937a9c/httpd.c#L376-L399",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pizhenwei/atophttpd/blob/74c9f14796b15dc9de5839a5749202f933937a9c/httpd.c#L492-L496",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pizhenwei/atophttpd/blob/74c9f14796b15dc9de5839a5749202f933937a9c/httpd.c#L71-L72",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-26T03:00:19.850648+00:00
+2025-03-26T05:00:19.976184+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-26T02:15:25.633000+00:00
+2025-03-26T04:15:23.403000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-286568
+286573
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `5`

+- [CVE-2025-1490](CVE-2025/CVE-2025-14xx/CVE-2025-1490.json) (`2025-03-26T03:15:12.257`)
+- [CVE-2025-2165](CVE-2025/CVE-2025-21xx/CVE-2025-2165.json) (`2025-03-26T03:15:12.853`)
+- [CVE-2025-2573](CVE-2025/CVE-2025-25xx/CVE-2025-2573.json) (`2025-03-26T03:15:13.033`)
+- [CVE-2025-2576](CVE-2025/CVE-2025-25xx/CVE-2025-2576.json) (`2025-03-26T03:15:13.213`)
+- [CVE-2025-30742](CVE-2025/CVE-2025-307xx/CVE-2025-30742.json) (`2025-03-26T04:15:23.403`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2025-1828](CVE-2025/CVE-2025-18xx/CVE-2025-1828.json) (`2025-03-26T02:15:25.633`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -281834,6 +281834,7 @@ CVE-2025-1486,0,0,a85cea9be2475178530e87928bf3624b11a53f46d4074abad230f2e740ad42
 CVE-2025-1487,0,0,8f772af05106acb51f792dc9fd2468ed15c6e79faf910ab3115c5b2004861341,2025-03-14T16:15:40.263000
 CVE-2025-1488,0,0,8fbfc0f85ec6e8179ff63233271a6a6f56042420a685f641084719c4ae8076e9,2025-03-25T15:32:56.433000
 CVE-2025-1489,0,0,3008549e3d2861f78796256b763f59eec371226dd4b84353f864c64443cf0ecb,2025-02-24T19:45:21.653000
+CVE-2025-1490,1,1,7aff13ba0cf6167c4f44d1a93b4f6f09fdf518d04ba9c05a1bfda108f45e69c2,2025-03-26T03:15:12.257000
 CVE-2025-1491,0,0,2c68d92a6f55bf529fa37ef19f65078661a466e3bd99edb0dd7d2a7b0419f292,2025-03-01T13:15:10.750000
 CVE-2025-1492,0,0,b9223b4db500ae771be5ddc029bc738cd0c9e1261ad47ff66314ecd9bf92d1b3,2025-02-20T02:15:38.553000
 CVE-2025-1496,0,0,00b701fe7bc2e4f39ec7ac2812437dabb31dde7416d14a43308b75ca4d34e495,2025-03-20T14:15:22.920000
@ -282037,7 +282038,7 @@ CVE-2025-1818,0,0,37447926f9841734f2812c1740f60067b78922f1e49cdd900fb1888b830ace
 CVE-2025-1819,0,0,30aaf321bf598a632d335efe867dfbf1c954d81c19dbf59077d00052427f6e82,2025-03-02T17:15:11.483000
 CVE-2025-1820,0,0,de7c6baac78093b7f0e7c2343af2d32bf8e1894ea47cf7930dd387f103a53ed8,2025-03-03T19:15:33.900000
 CVE-2025-1821,0,0,b3349008b31943d36983f65c5b6d573a651ca8d675ec056cb33951299f02ed59,2025-03-03T19:15:34.030000
-CVE-2025-1828,0,1,6336494f159e2aab4f8ff5b8f853f474cebe8651934831188a6cb50a3e4d076e,2025-03-26T02:15:25.633000
+CVE-2025-1828,0,0,6336494f159e2aab4f8ff5b8f853f474cebe8651934831188a6cb50a3e4d076e,2025-03-26T02:15:25.633000
 CVE-2025-1829,0,0,cdfa3e67c0c277a6177da9bd34f08d7ed678dd9267ec9b77fb630e0d887cc4f0,2025-03-03T18:15:31.937000
 CVE-2025-1830,0,0,b7d520c7dab1ad06ab8077ecd612df524f731c0cd8662ed0f43d61b14b168f12,2025-03-03T22:15:37.637000
 CVE-2025-1831,0,0,df633658ed50bfe4aae872b54c5326e5accc4a7746409c9cf665f4b4ab647254,2025-03-03T18:15:32.520000
@ -282841,6 +282842,7 @@ CVE-2025-21646,0,0,751e9512a6f4482d5f98e27fee57d878d181b41c78a8c4c8fe41304d573c6
 CVE-2025-21647,0,0,364d8fe2a4a4581fc19523cce621fd21d39be059ff2f15125f2c929a3bec10fd,2025-03-13T13:15:47.797000
 CVE-2025-21648,0,0,1e28b61383e7660836dbbb26d762b1871cd28f2a60ea4ccb673beb93821501a9,2025-02-02T11:15:15.433000
 CVE-2025-21649,0,0,83a08c42f448e1e2fb20d671a214f30c7bf25568b8e5958ef29572790d694059,2025-01-31T15:56:17.907000
+CVE-2025-2165,1,1,ca51b0e659fccf2df74ab0d83d12d56d071c971012f0e70d2aa1edd020d1b63a,2025-03-26T03:15:12.853000
 CVE-2025-21650,0,0,979a638a4fc2874261a1028ffe64fc716d1395d9b241ea774792153993d8eac2,2025-02-27T22:00:13.243000
 CVE-2025-21651,0,0,d057ff764ce31c4ac7e93c37cb4ba424635250ef668040e2530ccd52f14e89f7,2025-01-19T11:15:10.733000
 CVE-2025-21652,0,0,20d739461f3527398cd43bd52a6f89c66a16cc1ddb96e5765be31fe2e5b35e8e,2025-02-10T18:15:34.883000
@ -285313,6 +285315,7 @@ CVE-2025-25726,0,0,1241b8ce4f2f3e5a9582d1cb34e021df8b6f066d37fe203461681ffda7c05
 CVE-2025-25727,0,0,0d1a14c99242a40bd0c002eb63b1280a7e4062b40e6f0343d27881c4635e114e,2025-03-19T21:15:38.690000
 CVE-2025-25728,0,0,8bf984e1467b4d8142842e319e1c0a79db3cce3b3976d2a54ebea90ce191a5f5,2025-03-19T21:15:38.837000
 CVE-2025-25729,0,0,37dccbd23e8b05f5aabcfb584977649888f3f534d26d5e574ce2d7e88687c4b1,2025-02-28T16:15:39.707000
+CVE-2025-2573,1,1,5407182d688c1e5ddce6677978592083468bfcf4169e97fe7cf1eac512e1bd0d,2025-03-26T03:15:13.033000
 CVE-2025-25730,0,0,2d4e8c99634c9753085f1bf0f3dc2ae2d2ae9a31f8634761394f303c2de1e717,2025-02-28T20:15:46.803000
 CVE-2025-2574,0,0,653869cfb363acb2f0468669bbe8350777d1f02ebecb92b7935efe95ed02ca0d,2025-03-20T21:15:23.880000
 CVE-2025-25740,0,0,cd2bc7638ab565462203ba75cf0c1903fed130191464a51442647e9686692755,2025-03-17T19:15:25.963000
@ -285327,6 +285330,7 @@ CVE-2025-25748,0,0,96ee59038cfc6610b701bf16c7385a6f931893dac6088fabf2cfc738c5088
 CVE-2025-25749,0,0,48ffe6e71546757806d82af2032197f3e8ebd995091be3438b8e1ca1e43f9b3d,2025-03-24T18:15:23.347000
 CVE-2025-25758,0,0,84e8fc30738cca0c52ccb9ec84454af6fabcb6aff2886596da2dcdf618a748ca,2025-03-24T16:15:56.283000
 CVE-2025-25759,0,0,293b850ebe0a274765acc91f23faade1c53b146b12bb218a57ca1cee0ac51835,2025-03-04T15:15:28.353000
+CVE-2025-2576,1,1,b8909c64ebc06a75c7bda661d6b9d3de8d8be6be0808c75dc46a3751c27fb649,2025-03-26T03:15:13.213000
 CVE-2025-25760,0,0,963e7e75521960c9620a7affa1021c0ca484b511b623074b9cde550324014cef,2025-03-04T15:15:28.590000
 CVE-2025-25761,0,0,f248f6741f63a9a7aedabfe16b412988575b28956c4c9e9dd6d7c9dcf3c9c70f,2025-02-27T15:15:41.777000
 CVE-2025-25763,0,0,929a22c6e16286b1fdbe20f1a31e0445b855c096791fb0d6f77563158b5a789d,2025-03-07T20:15:38.180000
@ -286567,3 +286571,4 @@ CVE-2025-30620,0,0,8cb20ec3a9d4fd9c59608e97a0d5ae368b50e3d06eb12b3515695a603531a
 CVE-2025-30621,0,0,5d4cdbcdb4b4fcd90b5f2b2106f218b95148d82610e047fabd8c26e50f6e3ad9,2025-03-24T14:15:34.660000
 CVE-2025-30623,0,0,1d1d541570cee9e8bd680cf66c388813ad97d6b9db28e22b406d83cc5fc8feed,2025-03-24T14:15:34.797000
 CVE-2025-30741,0,0,7e28be04c44c5eca306e67e9d56487026b2aeeec1bb89000fe389b1b3e3b5fba,2025-03-25T21:15:43.527000
+CVE-2025-30742,1,1,734dd810ea1c40492ac4238ec29540a79138d45b6287776b9ce415b95263469e,2025-03-26T04:15:23.403000