Skip to content

Commit ed49f9a

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2qwq-jpp7-c3cx GHSA-3ccp-5v4p-6xpq GHSA-438w-mprg-3r4x GHSA-49f4-r674-5c8g GHSA-5mw3-jxh6-747w GHSA-fqrr-ccrj-cm5x GHSA-gf86-x9mr-j23m GHSA-h49r-758p-2r2p GHSA-j7g5-jmw3-f9g3 GHSA-p3jr-6prw-rhwf GHSA-q9hm-444g-qc4h GHSA-qc6j-p6mg-hfq8 GHSA-qqg9-g7xg-4wp2
1 parent 59712ae commit ed49f9a

File tree

13 files changed

+624
-0
lines changed

13 files changed

+624
-0
lines changed

advisories/unreviewed/2025/12/GHSA-2qwq-jpp7-c3cx/GHSA-2qwq-jpp7-c3cx.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2qwq-jpp7-c3cx",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-14169"
8+
],
9+
"details": "The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14169"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.5/modules/optins/admin/db/class-wffn-db-optin.php#L79"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.13.1.5/modules/optins/merge-tags/class-bwf-optin-tags.php#L126"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3415550%40funnel-builder%2Ftrunk&old=3414128%40funnel-builder%2Ftrunk&sfp_email=&sfph_mail="
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb19f920-0fd0-491e-9e87-62c828cad9b9?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-89"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-12-12T08:15:47Z"
47+
}
48+
}

advisories/unreviewed/2025/12/GHSA-3ccp-5v4p-6xpq/GHSA-3ccp-5v4p-6xpq.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3ccp-5v4p-6xpq",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-40829"
8+
],
9+
"details": "A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40829"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://cert-portal.siemens.com/productcert/html/ssa-512988.html"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-908"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-12T09:15:49Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-438w-mprg-3r4x/GHSA-438w-mprg-3r4x.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-438w-mprg-3r4x",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-14356"
8+
],
9+
"details": "The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the \"PDF Generator\" and the \"Database\" addons are enabled (disabled by default).",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14356"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L316"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L321"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L341"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L53"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/changeset/3417590/ultimate-addons-for-contact-form-7"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af9ece0-1556-4457-87ee-343daec5e74f?source=cve"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-639"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-12T07:15:44Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-49f4-r674-5c8g/GHSA-49f4-r674-5c8g.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-49f4-r674-5c8g",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-14049"
8+
],
9+
"details": "The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14049"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/vikrentitems/tags/1.2.0/site/views/deliverymap/tmpl/default.php#L277"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/vikrentitems/trunk/site/views/deliverymap/tmpl/default.php#L277"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414595%40vikrentitems&new=3414595%40vikrentitems&sfp_email=&sfph_mail="
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51b56dc5-0d2d-4fa9-872c-4193f61c165f?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-79"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-12-12T08:15:47Z"
47+
}
48+
}

advisories/unreviewed/2025/12/GHSA-5mw3-jxh6-747w/GHSA-5mw3-jxh6-747w.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5mw3-jxh6-747w",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-11876"
8+
],
9+
"details": "The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgun_subscription_form' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11876"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/flightless/mailgun-subscriptions/pull/8/commits/a8b597e3a09f3a1b76436d09de434fd9bfe29f64"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/mailgun-subscriptions/tags/1.2.0/Mailgun_Subscriptions/Subscription_Form.php#L101"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3413662%40mailgun-subscriptions&new=3413662%40mailgun-subscriptions&sfp_email=&sfph_mail="
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/149e60cc-9612-4651-b02d-4b68a3533d36?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-79"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-12-12T08:15:47Z"
47+
}
48+
}

advisories/unreviewed/2025/12/GHSA-fqrr-ccrj-cm5x/GHSA-fqrr-ccrj-cm5x.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fqrr-ccrj-cm5x",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-12570"
8+
],
9+
"details": "The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12570"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://codecanyon.net/item/fancy-product-designer-woocommercewordpress/6318393"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2db4eb1d-3a82-4f0f-b4ff-a291b0289b7f?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-79"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-12T07:15:42Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-gf86-x9mr-j23m/GHSA-gf86-x9mr-j23m.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gf86-x9mr-j23m",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-12655"
8+
],
9+
"details": "The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being registered with `permission_callback => '__return_true'`, which allows unauthenticated access. This makes it possible for unauthenticated attackers to write arbitrary JSON content to the server's publicly accessible upload directory via the vulnerable endpoint.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12655"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/hippoo/tags/1.6.1/app/utils.php#L1"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/hippoo/tags/1.6.1/app/web_api.php#L117"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/hippoo/tags/1.6.1/app/web_api.php#L45"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d34701a0-c745-441c-8d6c-7befc877f8d0?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-862"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-12-12T07:15:44Z"
47+
}
48+
}

advisories/unreviewed/2025/12/GHSA-h49r-758p-2r2p/GHSA-h49r-758p-2r2p.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h49r-758p-2r2p",
4+
"modified": "2025-12-12T09:30:20Z",
5+
"published": "2025-12-12T09:30:20Z",
6+
"aliases": [
7+
"CVE-2025-4970"
8+
],
9+
"details": "The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This only affects multi-site installations and installations where unfiltered_html has been disabled.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4970"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3405989%40bsk-pdf-manager&new=3405989%40bsk-pdf-manager&sfp_email=&sfph_mail="
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wordpress.org/plugins/bsk-pdf-manager/#developers"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cf1983b-4cb7-4738-9f19-2c530a9939e0?source=cve"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-79"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-12-12T08:15:48Z"
43+
}
44+
}

0 commit comments

Comments
 (0)