Skip to content

Commit e730f9a

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2844-9647-m4rw GHSA-29xr-58g9-8qfq GHSA-3wm7-jw5g-v3gq GHSA-4742-mr57-2r9j GHSA-4x3m-m7qg-rjvc GHSA-5884-m867-xg58 GHSA-6w33-8qh2-c7jv GHSA-786g-jpf2-55wg GHSA-863c-m9f2-hgxh GHSA-94f7-w8j3-ppqr GHSA-cjpf-7pxx-hqc7 GHSA-fcr8-c3fr-779m GHSA-fjmr-7667-8v4p GHSA-gg4j-vv7g-h3f6 GHSA-hfg8-jg35-3hqr GHSA-hh4w-cc4q-rp64 GHSA-hxgr-h468-wf97 GHSA-m6vw-2qvg-8xgj GHSA-p3hp-24mv-wr6w GHSA-qmf6-23g2-95xp GHSA-qwx9-mmhx-chg8 GHSA-w5h6-3m3q-q8pm GHSA-ww9v-567h-hcvj
1 parent cc95b06 commit e730f9a

23 files changed

Lines changed: 900 additions & 1 deletion

File tree

advisories/unreviewed/2025/12/GHSA-2844-9647-m4rw/GHSA-2844-9647-m4rw.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2844-9647-m4rw",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:58Z",
6+
"aliases": [
7+
"CVE-2023-32238"
8+
],
9+
"details": "Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32238"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/theme/thegem-elementor/vulnerability/wordpress-thegem-elementor-theme-5-7-2-broken-access-control-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "MODERATE",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2025-12-30T00:15:50Z"
33+
}
34+
}

advisories/unreviewed/2025/12/GHSA-29xr-58g9-8qfq/GHSA-29xr-58g9-8qfq.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-29xr-58g9-8qfq",
4+
"modified": "2025-12-30T00:32:58Z",
5+
"published": "2025-12-30T00:32:58Z",
6+
"aliases": [
7+
"CVE-2025-68502"
8+
],
9+
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68502"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/jet-popup/vulnerability/wordpress-jetpopup-plugin-2-0-20-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-639"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-29T22:15:42Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-3wm7-jw5g-v3gq/GHSA-3wm7-jw5g-v3gq.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3wm7-jw5g-v3gq",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:59Z",
6+
"aliases": [
7+
"CVE-2025-68036"
8+
],
9+
"details": "Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68036"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/cubewp-framework/vulnerability/wordpress-cubewp-plugin-1-1-27-broken-access-control-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-862"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-30T00:15:52Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-4742-mr57-2r9j/GHSA-4742-mr57-2r9j.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4742-mr57-2r9j",
4-
"modified": "2025-12-19T12:31:24Z",
4+
"modified": "2025-12-30T00:32:58Z",
55
"published": "2025-12-19T12:31:24Z",
66
"aliases": [
77
"CVE-2025-14847"
@@ -26,6 +26,14 @@
2626
{
2727
"type": "WEB",
2828
"url": "https://jira.mongodb.org/browse/SERVER-115508"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14847"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "http://www.openwall.com/lists/oss-security/2025/12/29/21"
2937
}
3038
],
3139
"database_specific": {

advisories/unreviewed/2025/12/GHSA-4x3m-m7qg-rjvc/GHSA-4x3m-m7qg-rjvc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4x3m-m7qg-rjvc",
4+
"modified": "2025-12-30T00:32:58Z",
5+
"published": "2025-12-30T00:32:58Z",
6+
"aliases": [
7+
"CVE-2025-15206"
8+
],
9+
"details": "A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15206"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/IMZGforever/CVEs/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.338579"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.338579"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.723951"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.campcodes.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-29T22:15:42Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-5884-m867-xg58/GHSA-5884-m867-xg58.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5884-m867-xg58",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:59Z",
6+
"aliases": [
7+
"CVE-2023-41656"
8+
],
9+
"details": "Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41656"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/better-elementor-addons/vulnerability/wordpress-better-elementor-addons-plugin-1-3-5-broken-access-control-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-862"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-30T00:15:50Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-6w33-8qh2-c7jv/GHSA-6w33-8qh2-c7jv.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6w33-8qh2-c7jv",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:59Z",
6+
"aliases": [
7+
"CVE-2025-23469"
8+
],
9+
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23469"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/sleekplan/vulnerability/wordpress-sleekplan-plugin-0-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-30T00:15:51Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-786g-jpf2-55wg/GHSA-786g-jpf2-55wg.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-786g-jpf2-55wg",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:58Z",
6+
"aliases": [
7+
"CVE-2025-23458"
8+
],
9+
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23458"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/wp-ad-management/vulnerability/wordpress-ads24-lite-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-30T00:15:51Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-863c-m9f2-hgxh/GHSA-863c-m9f2-hgxh.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-863c-m9f2-hgxh",
4+
"modified": "2025-12-30T00:32:59Z",
5+
"published": "2025-12-30T00:32:59Z",
6+
"aliases": [
7+
"CVE-2025-68040"
8+
],
9+
"details": "Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68040"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-29-sensitive-data-exposure-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-201"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-30T00:15:52Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-94f7-w8j3-ppqr/GHSA-94f7-w8j3-ppqr.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-94f7-w8j3-ppqr",
4+
"modified": "2025-12-30T00:32:58Z",
5+
"published": "2025-12-30T00:32:58Z",
6+
"aliases": [
7+
"CVE-2025-68562"
8+
],
9+
"details": "Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68562"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://vdp.patchstack.com/database/wordpress/plugin/mapsvg-lite-interactive-vector-maps/vulnerability/wordpress-mapsvg-plugin-8-7-3-arbitrary-file-upload-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-434"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-29T22:15:43Z"
35+
}
36+
}

0 commit comments

Comments
 (0)