Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 04193b8609ca · 2025-11-04T12:32:22.000Z
GHSA-49pm-cgmh-hw25 GHSA-892r-x96w-jh76 GHSA-gj84-8vfx-q3vm GHSA-h4r4-6hvf-34r8 GHSA-32wm-p53q-684m GHSA-rgx4-r686-q8hp GHSA-w48v-8pqw-vj5q
diff --git a/advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json b/advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-49pm-cgmh-hw25",
-  "modified": "2025-11-03T18:31:51Z",
+  "modified": "2025-11-04T12:30:18Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62229"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19489"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19623"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62229"
diff --git a/advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json b/advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-892r-x96w-jh76",
-  "modified": "2025-11-03T18:31:51Z",
+  "modified": "2025-11-04T12:30:19Z",
   "published": "2025-10-30T06:30:54Z",
   "aliases": [
     "CVE-2025-62230"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19489"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19623"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62230"
diff --git a/advisories/unreviewed/2025/10/GHSA-gj84-8vfx-q3vm/GHSA-gj84-8vfx-q3vm.json b/advisories/unreviewed/2025/10/GHSA-gj84-8vfx-q3vm/GHSA-gj84-8vfx-q3vm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gj84-8vfx-q3vm",
-  "modified": "2025-10-09T15:31:03Z",
+  "modified": "2025-11-04T12:30:18Z",
   "published": "2025-10-09T15:31:03Z",
   "aliases": [
     "CVE-2025-11561"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19610"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-11561"
diff --git a/advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json b/advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h4r4-6hvf-34r8",
-  "modified": "2025-11-03T18:31:51Z",
+  "modified": "2025-11-04T12:30:18Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62231"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19489"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19623"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62231"
diff --git a/advisories/unreviewed/2025/11/GHSA-32wm-p53q-684m/GHSA-32wm-p53q-684m.json b/advisories/unreviewed/2025/11/GHSA-32wm-p53q-684m/GHSA-32wm-p53q-684m.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32wm-p53q-684m",
+  "modified": "2025-11-04T12:30:19Z",
+  "published": "2025-11-04T12:30:19Z",
+  "aliases": [
+    "CVE-2025-11690"
+  ],
+  "details": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors, model numbers, and fuel statistics belonging to other users, instead of being limited to their own vehicle data. This is a server-side authorization fix.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11690"
+    },
+    {
+      "type": "WEB",
+      "url": "https://advisories.ncsc.nl/2025/ncsc-2025-0350.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-04T11:15:37Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-rgx4-r686-q8hp/GHSA-rgx4-r686-q8hp.json b/advisories/unreviewed/2025/11/GHSA-rgx4-r686-q8hp/GHSA-rgx4-r686-q8hp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rgx4-r686-q8hp",
+  "modified": "2025-11-04T12:30:19Z",
+  "published": "2025-11-04T12:30:19Z",
+  "aliases": [
+    "CVE-2025-12493"
+  ],
+  "details": "The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L213"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L241"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/includes/addons/product-grid/base/class.product-grid-base.php#L378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3388234"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12bb4bb9-e908-43ad-8fb1-59418580f5e1?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-04T12:15:36Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-w48v-8pqw-vj5q/GHSA-w48v-8pqw-vj5q.json b/advisories/unreviewed/2025/11/GHSA-w48v-8pqw-vj5q/GHSA-w48v-8pqw-vj5q.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w48v-8pqw-vj5q",
+  "modified": "2025-11-04T12:30:19Z",
+  "published": "2025-11-04T12:30:19Z",
+  "aliases": [
+    "CVE-2025-12045"
+  ],
+  "details": "The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12045"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/posts-grid.php#L1878"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/posts-grid.php#L1912"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3388856"
+    },
+    {
+      "type": "WEB",
+      "url": "https://research.cleantalk.org/cve-2025-12045"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/139a264b-082b-45db-ac9e-4974bf86c56f?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-04T12:15:35Z"
+  }
+}
