admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-12T08:00:20.428469+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-12 08:03:57 +00:00
parent a21f515ae6
commit fe983520a3
8 changed files with 385 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2024/CVE-2024-133xx/CVE-2024-13337.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13337",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:26.307",
"lastModified": "2025-04-12T07:15:26.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.dev/WordPressPluginDirectory/clearfy",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3268278/clearfy/trunk/libs/factory/templates/pages/setup-parts/class-step-form.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f21dbe-f300-4336-9980-a69d40395f39?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-133xx/CVE-2024-13338.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13338",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:26.707",
"lastModified": "2025-04-12T07:15:26.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3268278/clearfy/trunk/components/cache/includes/cache.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a37ce4-9860-415e-bb88-545c30c95fc1?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-32xx/CVE-2025-3276.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-3276",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:26.860",
"lastModified": "2025-04-12T07:15:26.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SKT Blocks \u2013 Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3267889%40skt-blocks&new=3267889%40skt-blocks&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9345eaa-c8c0-4830-a9af-48305a2f80fd?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-32xx/CVE-2025-3282.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-3282",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:27.003",
"lastModified": "2025-04-12T07:15:27.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3268617/user-registration/trunk/modules/membership/includes/AJAX.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c525b41c-dca5-442a-927e-4583cb303ed1?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-32xx/CVE-2025-3292.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-3292",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:27.143",
"lastModified": "2025-04-12T07:15:27.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.1.3/includes/class-ur-ajax.php#L323",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3268617/user-registration/trunk/includes/class-ur-ajax.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-34xx/CVE-2025-3418.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-3418",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-12T07:15:27.277",
"lastModified": "2025-04-12T07:15:27.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3269302/wpc-admin-columns/trunk/includes/class-backend.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6145e2d7-c917-4814-a13e-6d34088cb784?source=cve",
"source": "security@wordfence.com"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-12T06:00:20.134852+00:00
2025-04-12T08:00:20.428469+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-12T04:15:39.283000+00:00
2025-04-12T07:15:27.277000+00:00
```
### Last Data Feed Release
@ -33,14 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
289710
289716
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `6`
- [CVE-2025-2871](CVE-2025/CVE-2025-28xx/CVE-2025-2871.json) (`2025-04-12T04:15:39.283`)
- [CVE-2024-13337](CVE-2024/CVE-2024-133xx/CVE-2024-13337.json) (`2025-04-12T07:15:26.307`)
- [CVE-2024-13338](CVE-2024/CVE-2024-133xx/CVE-2024-13338.json) (`2025-04-12T07:15:26.707`)
- [CVE-2025-3276](CVE-2025/CVE-2025-32xx/CVE-2025-3276.json) (`2025-04-12T07:15:26.860`)
- [CVE-2025-3282](CVE-2025/CVE-2025-32xx/CVE-2025-3282.json) (`2025-04-12T07:15:27.003`)
- [CVE-2025-3292](CVE-2025/CVE-2025-32xx/CVE-2025-3292.json) (`2025-04-12T07:15:27.143`)
- [CVE-2025-3418](CVE-2025/CVE-2025-34xx/CVE-2025-3418.json) (`2025-04-12T07:15:27.277`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -247803,6 +247803,8 @@ CVE-2024-13333,0,0,413ea7e4b64b8aef5dd8714980de1abedc1d4af046b4d782740c89a880443
CVE-2024-13334,0,0,892c3ce546b2f6a66e9e4dfd761dd08aaefb851a17185548e40c2e88d5655747,2025-01-15T04:15:19.720000
CVE-2024-13335,0,0,20c8c7696547a710a7247fc1375c3fab2f06247460845b286129a3d00d1d053e,2025-02-05T01:37:46.517000
CVE-2024-13336,0,0,0617973929b7ee171ae51423b79a35eb33e0e7b251f4a98140a45686002fe4e1,2025-03-06T15:11:50.350000
CVE-2024-13337,1,1,6b8fd25b14c15392b6f19d2564503543a93ec427d751e213b4cbefd2d259ee8a,2025-04-12T07:15:26.307000
CVE-2024-13338,1,1,057ff63f886720c6d91462207df6cde029d2429bacac8035b122abb424b11100,2025-04-12T07:15:26.707000
CVE-2024-13339,0,0,340eea0e2bd475f42d733c8b21f5a4ae0c4c2c22f00aa8474acaaa1473a3f477,2025-02-26T13:36:56.200000
CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000
CVE-2024-13340,0,0,410a07bb948a432c6c68e7813dd264dbb94d6d7c0c36b44969bc437f75da1ae8,2025-01-31T16:02:16.553000
@ -287556,7 +287558,7 @@ CVE-2025-2867,0,0,88c0b57b1eb2be7b9f20a6a0d30f4f131c9b8b7b6d84647043831a11c1cbba
CVE-2025-2868,0,0,85b9dc17660105c1d52e94e9c61b1a822461960fd4e0c0e93de75ddcee964209,2025-03-28T18:11:40.180000
CVE-2025-2869,0,0,5066d8ca712c82ee845e66f8b1fc3a6c9e0a4e6b74c2b3263804ec9c98b4e586,2025-03-28T18:11:40.180000
CVE-2025-2870,0,0,532ce24468347275f11c46ecc24e5d6555c309a32268ad9ae9a421f0ae266a95,2025-03-28T18:11:40.180000
CVE-2025-2871,1,1,c3129e2d10d0a568d107217b47ebe413329b38cf864ca69972ffd3e876f2438e,2025-04-12T04:15:39.283000
CVE-2025-2871,0,0,c3129e2d10d0a568d107217b47ebe413329b38cf864ca69972ffd3e876f2438e,2025-04-12T04:15:39.283000
CVE-2025-2873,0,0,edeec97aec2b3292b499f5094d0f168ecd8763c5a36659abef4c11888578eb0e,2025-04-10T08:15:14.857000
CVE-2025-2874,0,0,6a503ede6640ff91644e2f2d002d5c6c981994fafd27ed943d3456640dee218b,2025-04-07T14:18:34.453000
CVE-2025-2876,0,0,93ded195bcbb0b5d9f004109e54f45d215e3de9103bc5d8820997a2888ec6270,2025-04-08T18:13:53.347000
@ -289563,6 +289565,7 @@ CVE-2025-32755,0,0,0e4b2d997ad26f458b04806dc5bea537010e4bad018db4379186ce4e7652b
CVE-2025-32757,0,0,c640364748c5c666fd6dc8aec9d84948af9deb15cd9711efe75ce6833fb0d8c1,2025-04-11T03:15:13.903000
CVE-2025-32758,0,0,d3608f6f13a9a5b49230d2ebeae393f102196b87b92e834ebddf934752919dc3,2025-04-11T03:15:14.427000
CVE-2025-32759,0,0,4ec2028500fce9598ebd65d94b8913a1d569360cd32f22b47c68102fcbfca47a,2025-04-11T03:15:14.477000
CVE-2025-3276,1,1,931a88b98a6130c8a5f5d27a462ee5d2373e4318ffca0c6199cc29863b65a752,2025-04-12T07:15:26.860000
CVE-2025-32760,0,0,b49616aee650d484034da17cd41c523e46d17a1af9bca82d77fef3f534ef6eb7,2025-04-11T03:15:14.530000
CVE-2025-32761,0,0,177a1c1146899dbe2adee28b3395241103cc5f3e843fc2a57149473c7e8b0150,2025-04-11T03:15:14.583000
CVE-2025-32762,0,0,d0d8b9a3f3412c3e1ec3920ce0a53310113d5e2867a9b430bee3e240824aae2c,2025-04-11T03:15:14.637000
@ -289582,11 +289585,13 @@ CVE-2025-32807,0,0,791ea9650394de4a3c6a4bce28448af084ce5e8fb834d69b1769b35b955fd
CVE-2025-32808,0,0,4460b802a312298836218e51f145ee69f847802ae0b680f0631fd4c9d767af72,2025-04-11T16:15:20.673000
CVE-2025-32809,0,0,ca90ff3ced06efa4e939486b48b76783f1482c86186847921ab08cd5bd99e3d5,2025-04-11T16:15:20.807000
CVE-2025-32816,0,0,7146ab229fea4de6245a9faadeb60513e017f27b734755baaf195d3f55011510,2025-04-11T15:39:52.920000
CVE-2025-3282,1,1,6163a59fd68c6efb444994c0160024cc299c7afde3bbcc464fb769baba72cd14,2025-04-12T07:15:27.003000
CVE-2025-3285,0,0,e28a4e88da7ffb77ad01de08bcfd2b4a71d41180820a080f587b6350c35f9e48,2025-04-08T18:13:53.347000
CVE-2025-3286,0,0,c247e4e94cc04e66afe391d63c6254a128435a66f18dde665fe78a6cdb0ab317,2025-04-08T18:13:53.347000
CVE-2025-3287,0,0,bff258a343cd08a61757791ae0246a98daa5f12cd52be7d2e4f1314c24254af2,2025-04-08T18:13:53.347000
CVE-2025-3288,0,0,6c3436c1bb9a5ae79382862f9efeedd904207179bae65402a0755339708c80d4,2025-04-08T18:13:53.347000
CVE-2025-3289,0,0,827f59b01ecb1240cc36827fa98bfacb84591c8b915a26513129f42996d37d73,2025-04-08T18:13:53.347000
CVE-2025-3292,1,1,2e1db750cfd1563a06db7ac495c3f640edc42fb0c4158d03489de1beb7a4ae8f,2025-04-12T07:15:27.143000
CVE-2025-3296,0,0,604544c60030717a0b7298a4216c2cee6c0b09dc746101c73c6d715c2da17326,2025-04-08T16:49:21.037000
CVE-2025-3297,0,0,450f027df383ac012c0d670b8246ab459ec83da0d22f33695d8eb8051ee5200e,2025-04-08T16:49:12.910000
CVE-2025-3298,0,0,289613560130dabe199eea55128a1bdfe9eecd882e62238f3674c43e858ef0bc,2025-04-08T16:49:00.290000
@ -289687,6 +289692,7 @@ CVE-2025-3412,0,0,25a3c2ab8fa0aef3dfffc2c9723b43f279f3600f9f3d1f7632095f66cdc52e
CVE-2025-3413,0,0,e9ae6f9ee954dc0b39e2e9a8b6ad41f6cbd8628b2d84dff62138fbf7e2823b11,2025-04-08T18:13:53.347000
CVE-2025-3416,0,0,52d35af283afef5bb6d8cccc38fa0eb8d4ad3029b21142a4de9837a0c397cd70,2025-04-09T20:02:41.860000
CVE-2025-3417,0,0,e393b15114feb46d95f488ee34d16b125c38ee49e2798d5b216b189c39465cf9,2025-04-11T15:39:52.920000
CVE-2025-3418,1,1,63bba6daa19cec7b3a858974cdad5389fd6e1545a0fd25df63a0f1a7ab755f94,2025-04-12T07:15:27.277000
CVE-2025-3421,0,0,f0b0f2fac32f095e78653a3f079907a85827a89faac1aa3c204f37fe09b5c50e,2025-04-11T15:39:52.920000
CVE-2025-3422,0,0,67da956b7a6b8167e42afa6b34d074d1413252f8ae249df1ac8fab6d91861e99,2025-04-11T15:39:52.920000
CVE-2025-3424,0,0,f161b96f7ead82573f94b591ee29deb4e0df9f8f7eb925f2312c3762b9a3484d,2025-04-10T16:15:29.207000

Can't render this file because it is too large.