From ee234573e28d241fe68173ffe3b228301af04d27 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 14 Jun 2025 08:03:55 +0000 Subject: [PATCH] Auto-Update: 2025-06-14T08:00:19.859549+00:00 --- CVE-2025/CVE-2025-32xx/CVE-2025-3234.json | 60 +++++++++++++++++++++ CVE-2025/CVE-2025-54xx/CVE-2025-5487.json | 64 +++++++++++++++++++++++ README.md | 20 +++---- _state.csv | 22 ++++---- 4 files changed, 142 insertions(+), 24 deletions(-) create mode 100644 CVE-2025/CVE-2025-32xx/CVE-2025-3234.json create mode 100644 CVE-2025/CVE-2025-54xx/CVE-2025-5487.json diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3234.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3234.json new file mode 100644 index 00000000000..1ab48ef8aa5 --- /dev/null +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3234.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3234", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T06:15:18.117", + "lastModified": "2025-06-14T06:15:18.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3310066%40filester%2Ftrunk&old=3294389%40filester%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00df02cd-b4d3-477a-86ee-aa2f9b5216e8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-54xx/CVE-2025-5487.json b/CVE-2025/CVE-2025-54xx/CVE-2025-5487.json new file mode 100644 index 00000000000..1deec24c19c --- /dev/null +++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5487.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5487", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T07:15:17.870", + "lastModified": "2025-06-14T07:15:17.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/automatorwp/tags/5.2.3/integrations/automatorwp/triggers/all-posts.php#L256", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3307465%40automatorwp%2Ftrunk&old=3302138%40automatorwp%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1a84c6-e28b-42fe-a16a-aeb227cfe956?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0351320ecd9..e674acf2ceb 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-14T04:00:19.414962+00:00 +2025-06-14T08:00:19.859549+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-14T03:15:22.283000+00:00 +2025-06-14T07:15:17.870000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297935 +297937 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `2` -- [CVE-2025-50142](CVE-2025/CVE-2025-501xx/CVE-2025-50142.json) (`2025-06-14T03:15:21.693`) -- [CVE-2025-50143](CVE-2025/CVE-2025-501xx/CVE-2025-50143.json) (`2025-06-14T03:15:21.793`) -- [CVE-2025-50144](CVE-2025/CVE-2025-501xx/CVE-2025-50144.json) (`2025-06-14T03:15:21.860`) -- [CVE-2025-50145](CVE-2025/CVE-2025-501xx/CVE-2025-50145.json) (`2025-06-14T03:15:21.910`) -- [CVE-2025-50146](CVE-2025/CVE-2025-501xx/CVE-2025-50146.json) (`2025-06-14T03:15:21.977`) -- [CVE-2025-50147](CVE-2025/CVE-2025-501xx/CVE-2025-50147.json) (`2025-06-14T03:15:22.033`) -- [CVE-2025-50148](CVE-2025/CVE-2025-501xx/CVE-2025-50148.json) (`2025-06-14T03:15:22.097`) -- [CVE-2025-50149](CVE-2025/CVE-2025-501xx/CVE-2025-50149.json) (`2025-06-14T03:15:22.157`) -- [CVE-2025-50150](CVE-2025/CVE-2025-501xx/CVE-2025-50150.json) (`2025-06-14T03:15:22.220`) -- [CVE-2025-6059](CVE-2025/CVE-2025-60xx/CVE-2025-6059.json) (`2025-06-14T03:15:22.283`) +- [CVE-2025-3234](CVE-2025/CVE-2025-32xx/CVE-2025-3234.json) (`2025-06-14T06:15:18.117`) +- [CVE-2025-5487](CVE-2025/CVE-2025-54xx/CVE-2025-5487.json) (`2025-06-14T07:15:17.870`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index d66056fcdeb..7d77e41c9ae 100644 --- a/_state.csv +++ b/_state.csv @@ -292530,6 +292530,7 @@ CVE-2025-32308,0,0,2b7bec71af2d8aeb794f4d157dfc61ad4810b98ac960b587b7920f453cf78 CVE-2025-32309,0,0,72e524edceb2da5dc017c83bf8ab60e46c6fe45eb184ab0349a1ba415921a900,2025-05-23T15:54:42.643000 CVE-2025-3231,0,0,7fe259e10bdefff2f7d2cc360ec09abf1ea1f8d9711a4276861c2a354dc3b16e,2025-06-05T05:15:23.977000 CVE-2025-32310,0,0,c3b2568a49d7a011e3cbc9748557e58f0519995b3a6735845f843c0d6b6482d9,2025-05-19T13:35:50.497000 +CVE-2025-3234,1,1,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000 CVE-2025-3235,0,0,bf02e56a9b2acdd9197c016e355d3cdfc496d77110cbd9f5fcadcef4a0003d66,2025-05-16T15:43:09.640000 CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000 CVE-2025-32354,0,0,85128147f47ebee98ae2a1737b9ec1a8829a4b5a6a4c94ca962a085780718ca4,2025-06-11T21:20:21.863000 @@ -297234,15 +297235,15 @@ CVE-2025-5010,0,0,93497e2b48b334d59fac1bb8ca9073e5f336f986ef89ce0b89f9db876e65e8 CVE-2025-5011,0,0,d1caeeaa784d143902e41e16fc8809733bc411c4665df188f33764965bcab2ec,2025-05-21T23:15:55.447000 CVE-2025-5012,0,0,108c4a85dd9ec28dbd0d5302959945049615400f448641a47fbee9222bc53fe4,2025-06-12T16:06:20.180000 CVE-2025-5013,0,0,9e2206cee3d9a4da13b7d790d61a24286d0c704fc74b7b095d3cf27be2eea613,2025-05-21T23:15:55.563000 -CVE-2025-50142,1,1,96e95955d25317e057785db9a58810528a1898027eb53c5d652f8d851e70c8f5,2025-06-14T03:15:21.693000 -CVE-2025-50143,1,1,efc3fe49e91ba655ae48efde63259826b6655f9ef2d53032c81a7a1aa6c27271,2025-06-14T03:15:21.793000 -CVE-2025-50144,1,1,04c95302e89959e408256fefa1a3e7d8e97b5f9af8b61e29ad6e6bb5ba52428f,2025-06-14T03:15:21.860000 -CVE-2025-50145,1,1,4bdf5b86c705e832b1f5485a5df6bd3a39da1628938d06fed469c45c0273e65c,2025-06-14T03:15:21.910000 -CVE-2025-50146,1,1,a29eb81652fbdbff4eb9784ecc310851d8a5f254fdaa43a44307e4565d66b0e8,2025-06-14T03:15:21.977000 -CVE-2025-50147,1,1,06f423da68cad4a160f97a2e15cdb4717d8e0749fbf30e02ba8f93817ebea777,2025-06-14T03:15:22.033000 -CVE-2025-50148,1,1,a579a7a614133c548ddf669439de5c9a80232a494034f718b4bdf4decd1a049f,2025-06-14T03:15:22.097000 -CVE-2025-50149,1,1,e01be1ba294ecdeaf476ba9bb17e64b1284ce9362fb5da1703e5c224f2a8901e,2025-06-14T03:15:22.157000 -CVE-2025-50150,1,1,79eb21a64f645c369296b1d0b905e35268f567b5a96dfbfc58ef963e4e69507b,2025-06-14T03:15:22.220000 +CVE-2025-50142,0,0,96e95955d25317e057785db9a58810528a1898027eb53c5d652f8d851e70c8f5,2025-06-14T03:15:21.693000 +CVE-2025-50143,0,0,efc3fe49e91ba655ae48efde63259826b6655f9ef2d53032c81a7a1aa6c27271,2025-06-14T03:15:21.793000 +CVE-2025-50144,0,0,04c95302e89959e408256fefa1a3e7d8e97b5f9af8b61e29ad6e6bb5ba52428f,2025-06-14T03:15:21.860000 +CVE-2025-50145,0,0,4bdf5b86c705e832b1f5485a5df6bd3a39da1628938d06fed469c45c0273e65c,2025-06-14T03:15:21.910000 +CVE-2025-50146,0,0,a29eb81652fbdbff4eb9784ecc310851d8a5f254fdaa43a44307e4565d66b0e8,2025-06-14T03:15:21.977000 +CVE-2025-50147,0,0,06f423da68cad4a160f97a2e15cdb4717d8e0749fbf30e02ba8f93817ebea777,2025-06-14T03:15:22.033000 +CVE-2025-50148,0,0,a579a7a614133c548ddf669439de5c9a80232a494034f718b4bdf4decd1a049f,2025-06-14T03:15:22.097000 +CVE-2025-50149,0,0,e01be1ba294ecdeaf476ba9bb17e64b1284ce9362fb5da1703e5c224f2a8901e,2025-06-14T03:15:22.157000 +CVE-2025-50150,0,0,79eb21a64f645c369296b1d0b905e35268f567b5a96dfbfc58ef963e4e69507b,2025-06-14T03:15:22.220000 CVE-2025-5016,0,0,d907c2ff3d5c65fe44aee01e8b0e3594629d2dcb543e14c1a3c5bbcba44c8083,2025-06-02T17:32:17.397000 CVE-2025-5018,0,0,e6074d13c744f0bbc4fedce0adf645747389e40f5acdd13f0492e74df313cc90,2025-06-06T14:07:28.330000 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000 @@ -297555,6 +297556,7 @@ CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0 CVE-2025-5484,0,0,400ed56fb4f7c44bceca06b8432cd3e34b6d71f8c67dfd72400144a319fe73ec,2025-06-12T20:15:22.113000 CVE-2025-5485,0,0,d3479a1adb4ba2fbfa64aaac1b5d6b7fe8b9403b5e13a2ac94a1e71146019ece,2025-06-12T20:15:22.283000 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000 +CVE-2025-5487,1,1,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000 CVE-2025-5491,0,0,e2f506b3fba36a13dc12fb8dc2e089cb7773a4d51511233e748a5ab6f51b1a98,2025-06-13T03:15:52.300000 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000 @@ -297932,5 +297934,5 @@ CVE-2025-6030,0,0,971340cab3989d6f103f455b80ce687f5365decc2b747d306ee807e98b8185 CVE-2025-6031,0,0,f55877d9a515055d82923e15e107b73e885b2a97ca1430544a245162a02b6450,2025-06-12T20:15:22.450000 CVE-2025-6035,0,0,07dd0ef801ecdc5affcaf0e86947bc44410ec1004ed310d74f8d9a296fc9d5aa,2025-06-13T16:15:28.067000 CVE-2025-6052,0,0,d6d0e5e14eb20ceb0c3bc2cb2793ad0094d53a851be1a17d6cfc808d70a5cddb,2025-06-13T16:15:28.230000 -CVE-2025-6059,1,1,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000 +CVE-2025-6059,0,0,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000