From f29338709683494d4b5a94c11c7b559ac54e3cb3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 18 Jun 2025 04:03:57 +0000 Subject: [PATCH] Auto-Update: 2025-06-18T04:00:19.139961+00:00 --- CVE-2025/CVE-2025-44xx/CVE-2025-4413.json | 60 +++++++++++++++++++++++ README.md | 12 ++--- _state.csv | 7 +-- 3 files changed, 69 insertions(+), 10 deletions(-) create mode 100644 CVE-2025/CVE-2025-44xx/CVE-2025-4413.json diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json new file mode 100644 index 00000000000..0e2628664e4 --- /dev/null +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4413", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-18T03:15:25.560", + "lastModified": "2025-06-18T03:15:25.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/pixabay-images/trunk/pixabay-images.php#L177", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44e71dea-d736-49c2-a630-f42905ac6b4d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 43c7d304c4b..7496a677036 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-18T02:00:19.064641+00:00 +2025-06-18T04:00:19.139961+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-18T01:15:28.803000+00:00 +2025-06-18T03:15:25.560000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298254 +298255 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2025-23252](CVE-2025/CVE-2025-232xx/CVE-2025-23252.json) (`2025-06-18T01:15:28.320`) +- [CVE-2025-4413](CVE-2025/CVE-2025-44xx/CVE-2025-4413.json) (`2025-06-18T03:15:25.560`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2023-0386](CVE-2023/CVE-2023-03xx/CVE-2023-0386.json) (`2025-06-18T01:00:02.240`) -- [CVE-2025-49091](CVE-2025/CVE-2025-490xx/CVE-2025-49091.json) (`2025-06-18T01:15:28.803`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8954475b8aa..79f23436fbc 100644 --- a/_state.csv +++ b/_state.csv @@ -214776,7 +214776,7 @@ CVE-2023-0382,0,0,74df95cd11c65f3e32e101ac93474214ed7fd751aafe1a489acb854b3ad088 CVE-2023-0383,0,0,2dd17f8e3f21172fd0d947223df8988fa47c58739face7170e70183ef112e5d2,2024-11-21T07:37:05.243000 CVE-2023-0384,0,0,317073837dfa5a62a0b542d55228582d6dcfc135bf2a6505767847825e5542c0,2024-11-21T07:37:05.360000 CVE-2023-0385,0,0,e3b8c0c970ec6db46d6ced2c52117d599eca2a0a0c360218a78a2bdb50cc68a7,2024-11-21T07:37:05.477000 -CVE-2023-0386,0,1,e7c2853d3ec33bb1f094580e71df53bb3089f0adda746bd55dfbe13ef392b586,2025-06-18T01:00:02.240000 +CVE-2023-0386,0,0,e7c2853d3ec33bb1f094580e71df53bb3089f0adda746bd55dfbe13ef392b586,2025-06-18T01:00:02.240000 CVE-2023-0387,0,0,b3007d9eab56742948bf0860ee2c15051e7609baee877e6d419745c7c5e67467,2023-11-07T04:00:22.913000 CVE-2023-0388,0,0,5f1a60fe199f4d73e08beaa633f10d20147801316a80c66ee5f23ab208abc539,2025-02-04T19:15:26.970000 CVE-2023-0389,0,0,dcc361a1fa13c891df82a993b134ba609b5225462e57b4ba65ddbf956e9d0ced,2025-06-11T17:15:31.037000 @@ -286493,7 +286493,7 @@ CVE-2025-23249,0,0,59a3b8571ca390e26609a72a629b87261c069c8e1d3baf28bc328f587ea60 CVE-2025-2325,0,0,a1c3de12528dbf5a65aaa14f3483a3c6066344fd24d21f90a63ab60e2ee305ce,2025-03-25T20:07:03.383000 CVE-2025-23250,0,0,91f3b3980fce95b9fabf05e033aa35cbace52375f748056506d58aa63be351fa,2025-04-23T14:08:13.383000 CVE-2025-23251,0,0,767c024318627121b523c219b911f0fcc7569b8e3a786965fb257e88e30232e8,2025-04-23T14:08:13.383000 -CVE-2025-23252,1,1,6d2755260d6191f0a138efd5f7c3afb289820d5bdb9b4e67f0cf7367d8ab72f6,2025-06-18T01:15:28.320000 +CVE-2025-23252,0,0,6d2755260d6191f0a138efd5f7c3afb289820d5bdb9b4e67f0cf7367d8ab72f6,2025-06-18T01:15:28.320000 CVE-2025-23253,0,0,f9de68ed984cf5e5c99edc68b635f242d07cc929f5185cb27e2c9dcd5ffcaea9,2025-04-23T14:08:13.383000 CVE-2025-23254,0,0,8be2e21d58ec3fd7d92ec8e896dd51db7ae8bc6c069a21e838d199f9a2844aa9,2025-05-02T13:53:20.943000 CVE-2025-2326,0,0,0ec0c28e6b995dc182a44a080592df606d562ca954869d7753960c79a6ff321c,2025-03-24T15:15:16.830000 @@ -295052,6 +295052,7 @@ CVE-2025-44108,0,0,7f74cb8563a8e2b89a17733e62268b2a8dcb711594c4c578db48bdedf50f4 CVE-2025-44110,0,0,40655c12d535de96e9af0530c97aab6193addb0ec4d9bc7565ff96634b123dda,2025-06-12T13:56:06.197000 CVE-2025-44115,0,0,f4048a768a9c3bfb169ae566f384c1b85dd60f51eddb9136d8a89bd9c2a57faa,2025-06-13T17:21:25.870000 CVE-2025-4412,0,0,8c8c59397117a84a167d36fb79f68c5cd99b79261327a1fb082cf24faee6cc19,2025-05-28T15:01:30.720000 +CVE-2025-4413,1,1,24647813affdd75d29c39ccffacc32088a199512f81a5133a92bf8d8a28f0d79,2025-06-18T03:15:25.560000 CVE-2025-44134,0,0,45b85d904dd860695476948041d246707a0696d9dc7fe9b405a5e27a85d44980,2025-05-14T13:05:17.200000 CVE-2025-44135,0,0,e8d32c865e9ccdb8b63503c21fad4c48843876d5709a3df063410109f034ccc9,2025-05-14T13:04:58.830000 CVE-2025-44148,0,0,440749a71814d76edeed70dd30fc58f3e0b75eaee931968ee8c88b7d1e24e11d,2025-06-09T18:04:33.580000 @@ -297076,7 +297077,7 @@ CVE-2025-4908,0,0,de60be5e9644ec87fb1afc243f75b0e5b1a22cdd347bf91d496fa5782bf1af CVE-2025-49080,0,0,24473e6cdad70546affe7b5b2d7ae67553c5fee04a8c2ff4994f43bde77dac47,2025-06-17T19:15:32.847000 CVE-2025-49081,0,0,f46741ebf083f87723e4189da0a46cfa0dc212582189b9cc78f69348a5e0933b,2025-06-17T20:32:38.453000 CVE-2025-4909,0,0,2543aa084bfc859fe1a7a0558cc76c793b6ee9b986cb9885265313fc24749d9b,2025-05-28T13:08:14.173000 -CVE-2025-49091,0,1,6801a10a59e1cc04be6899d10437a31277f24115003af5306a3ab76dcd2ff20b,2025-06-18T01:15:28.803000 +CVE-2025-49091,0,0,6801a10a59e1cc04be6899d10437a31277f24115003af5306a3ab76dcd2ff20b,2025-06-18T01:15:28.803000 CVE-2025-4910,0,0,d0c7584b70570a0f60f72259e5222dec42c6f070aafbec7da031c0738cd595d2,2025-05-21T17:40:58.137000 CVE-2025-4911,0,0,8165f0d1dc1e78afded21e50626575112805e2ff63d8f266295fb56c02f3696f,2025-05-21T13:26:25.383000 CVE-2025-49112,0,0,53acc03eb5f34e287cf80e6f2606bfb4760fb16ea2fe509fc70b20f7de56218f,2025-06-02T17:32:17.397000