Auto-Update: 2025-06-14T08:00:19.859549+00:00

CVE-2025/CVE-2025-32xx/CVE-2025-3234.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-3234",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T06:15:18.117",
+  "lastModified": "2025-06-14T06:15:18.117",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3310066%40filester%2Ftrunk&old=3294389%40filester%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00df02cd-b4d3-477a-86ee-aa2f9b5216e8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-54xx/CVE-2025-5487.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-5487",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T07:15:17.870",
+  "lastModified": "2025-06-14T07:15:17.870",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/automatorwp/tags/5.2.3/integrations/automatorwp/triggers/all-posts.php#L256",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3307465%40automatorwp%2Ftrunk&old=3302138%40automatorwp%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1a84c6-e28b-42fe-a16a-aeb227cfe956?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-06-14T04:00:19.414962+00:00
+2025-06-14T08:00:19.859549+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-06-14T03:15:22.283000+00:00
+2025-06-14T07:15:17.870000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,23 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-297935
+297937
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `10`
+Recently added CVEs: `2`
 
-- [CVE-2025-50142](CVE-2025/CVE-2025-501xx/CVE-2025-50142.json) (`2025-06-14T03:15:21.693`)
-- [CVE-2025-50143](CVE-2025/CVE-2025-501xx/CVE-2025-50143.json) (`2025-06-14T03:15:21.793`)
-- [CVE-2025-50144](CVE-2025/CVE-2025-501xx/CVE-2025-50144.json) (`2025-06-14T03:15:21.860`)
-- [CVE-2025-50145](CVE-2025/CVE-2025-501xx/CVE-2025-50145.json) (`2025-06-14T03:15:21.910`)
-- [CVE-2025-50146](CVE-2025/CVE-2025-501xx/CVE-2025-50146.json) (`2025-06-14T03:15:21.977`)
-- [CVE-2025-50147](CVE-2025/CVE-2025-501xx/CVE-2025-50147.json) (`2025-06-14T03:15:22.033`)
-- [CVE-2025-50148](CVE-2025/CVE-2025-501xx/CVE-2025-50148.json) (`2025-06-14T03:15:22.097`)
-- [CVE-2025-50149](CVE-2025/CVE-2025-501xx/CVE-2025-50149.json) (`2025-06-14T03:15:22.157`)
-- [CVE-2025-50150](CVE-2025/CVE-2025-501xx/CVE-2025-50150.json) (`2025-06-14T03:15:22.220`)
-- [CVE-2025-6059](CVE-2025/CVE-2025-60xx/CVE-2025-6059.json) (`2025-06-14T03:15:22.283`)
+- [CVE-2025-3234](CVE-2025/CVE-2025-32xx/CVE-2025-3234.json) (`2025-06-14T06:15:18.117`)
+- [CVE-2025-5487](CVE-2025/CVE-2025-54xx/CVE-2025-5487.json) (`2025-06-14T07:15:17.870`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -292530,6 +292530,7 @@ CVE-2025-32308,0,0,2b7bec71af2d8aeb794f4d157dfc61ad4810b98ac960b587b7920f453cf78
 CVE-2025-32309,0,0,72e524edceb2da5dc017c83bf8ab60e46c6fe45eb184ab0349a1ba415921a900,2025-05-23T15:54:42.643000
 CVE-2025-3231,0,0,7fe259e10bdefff2f7d2cc360ec09abf1ea1f8d9711a4276861c2a354dc3b16e,2025-06-05T05:15:23.977000
 CVE-2025-32310,0,0,c3b2568a49d7a011e3cbc9748557e58f0519995b3a6735845f843c0d6b6482d9,2025-05-19T13:35:50.497000
+CVE-2025-3234,1,1,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000
 CVE-2025-3235,0,0,bf02e56a9b2acdd9197c016e355d3cdfc496d77110cbd9f5fcadcef4a0003d66,2025-05-16T15:43:09.640000
 CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000
 CVE-2025-32354,0,0,85128147f47ebee98ae2a1737b9ec1a8829a4b5a6a4c94ca962a085780718ca4,2025-06-11T21:20:21.863000
@@ -297234,15 +297235,15 @@ CVE-2025-5010,0,0,93497e2b48b334d59fac1bb8ca9073e5f336f986ef89ce0b89f9db876e65e8
 CVE-2025-5011,0,0,d1caeeaa784d143902e41e16fc8809733bc411c4665df188f33764965bcab2ec,2025-05-21T23:15:55.447000
 CVE-2025-5012,0,0,108c4a85dd9ec28dbd0d5302959945049615400f448641a47fbee9222bc53fe4,2025-06-12T16:06:20.180000
 CVE-2025-5013,0,0,9e2206cee3d9a4da13b7d790d61a24286d0c704fc74b7b095d3cf27be2eea613,2025-05-21T23:15:55.563000
-CVE-2025-50142,1,1,96e95955d25317e057785db9a58810528a1898027eb53c5d652f8d851e70c8f5,2025-06-14T03:15:21.693000
-CVE-2025-50143,1,1,efc3fe49e91ba655ae48efde63259826b6655f9ef2d53032c81a7a1aa6c27271,2025-06-14T03:15:21.793000
-CVE-2025-50144,1,1,04c95302e89959e408256fefa1a3e7d8e97b5f9af8b61e29ad6e6bb5ba52428f,2025-06-14T03:15:21.860000
-CVE-2025-50145,1,1,4bdf5b86c705e832b1f5485a5df6bd3a39da1628938d06fed469c45c0273e65c,2025-06-14T03:15:21.910000
-CVE-2025-50146,1,1,a29eb81652fbdbff4eb9784ecc310851d8a5f254fdaa43a44307e4565d66b0e8,2025-06-14T03:15:21.977000
-CVE-2025-50147,1,1,06f423da68cad4a160f97a2e15cdb4717d8e0749fbf30e02ba8f93817ebea777,2025-06-14T03:15:22.033000
-CVE-2025-50148,1,1,a579a7a614133c548ddf669439de5c9a80232a494034f718b4bdf4decd1a049f,2025-06-14T03:15:22.097000
-CVE-2025-50149,1,1,e01be1ba294ecdeaf476ba9bb17e64b1284ce9362fb5da1703e5c224f2a8901e,2025-06-14T03:15:22.157000
-CVE-2025-50150,1,1,79eb21a64f645c369296b1d0b905e35268f567b5a96dfbfc58ef963e4e69507b,2025-06-14T03:15:22.220000
+CVE-2025-50142,0,0,96e95955d25317e057785db9a58810528a1898027eb53c5d652f8d851e70c8f5,2025-06-14T03:15:21.693000
+CVE-2025-50143,0,0,efc3fe49e91ba655ae48efde63259826b6655f9ef2d53032c81a7a1aa6c27271,2025-06-14T03:15:21.793000
+CVE-2025-50144,0,0,04c95302e89959e408256fefa1a3e7d8e97b5f9af8b61e29ad6e6bb5ba52428f,2025-06-14T03:15:21.860000
+CVE-2025-50145,0,0,4bdf5b86c705e832b1f5485a5df6bd3a39da1628938d06fed469c45c0273e65c,2025-06-14T03:15:21.910000
+CVE-2025-50146,0,0,a29eb81652fbdbff4eb9784ecc310851d8a5f254fdaa43a44307e4565d66b0e8,2025-06-14T03:15:21.977000
+CVE-2025-50147,0,0,06f423da68cad4a160f97a2e15cdb4717d8e0749fbf30e02ba8f93817ebea777,2025-06-14T03:15:22.033000
+CVE-2025-50148,0,0,a579a7a614133c548ddf669439de5c9a80232a494034f718b4bdf4decd1a049f,2025-06-14T03:15:22.097000
+CVE-2025-50149,0,0,e01be1ba294ecdeaf476ba9bb17e64b1284ce9362fb5da1703e5c224f2a8901e,2025-06-14T03:15:22.157000
+CVE-2025-50150,0,0,79eb21a64f645c369296b1d0b905e35268f567b5a96dfbfc58ef963e4e69507b,2025-06-14T03:15:22.220000
 CVE-2025-5016,0,0,d907c2ff3d5c65fe44aee01e8b0e3594629d2dcb543e14c1a3c5bbcba44c8083,2025-06-02T17:32:17.397000
 CVE-2025-5018,0,0,e6074d13c744f0bbc4fedce0adf645747389e40f5acdd13f0492e74df313cc90,2025-06-06T14:07:28.330000
 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000
@@ -297555,6 +297556,7 @@ CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0
 CVE-2025-5484,0,0,400ed56fb4f7c44bceca06b8432cd3e34b6d71f8c67dfd72400144a319fe73ec,2025-06-12T20:15:22.113000
 CVE-2025-5485,0,0,d3479a1adb4ba2fbfa64aaac1b5d6b7fe8b9403b5e13a2ac94a1e71146019ece,2025-06-12T20:15:22.283000
 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000
+CVE-2025-5487,1,1,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000
 CVE-2025-5491,0,0,e2f506b3fba36a13dc12fb8dc2e089cb7773a4d51511233e748a5ab6f51b1a98,2025-06-13T03:15:52.300000
 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000
 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000
@@ -297932,5 +297934,5 @@ CVE-2025-6030,0,0,971340cab3989d6f103f455b80ce687f5365decc2b747d306ee807e98b8185
 CVE-2025-6031,0,0,f55877d9a515055d82923e15e107b73e885b2a97ca1430544a245162a02b6450,2025-06-12T20:15:22.450000
 CVE-2025-6035,0,0,07dd0ef801ecdc5affcaf0e86947bc44410ec1004ed310d74f8d9a296fc9d5aa,2025-06-13T16:15:28.067000
 CVE-2025-6052,0,0,d6d0e5e14eb20ceb0c3bc2cb2793ad0094d53a851be1a17d6cfc808d70a5cddb,2025-06-13T16:15:28.230000
-CVE-2025-6059,1,1,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000
+CVE-2025-6059,0,0,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000
 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000