Publish Advisories

GHSA-3jc8-87g9-6vvg
GHSA-44j2-7x4f-pq34
GHSA-4xmm-w6fx-6vm3
GHSA-54m9-295v-m438
GHSA-5g96-pc88-j7fx
GHSA-7mpm-gf56-q8wv
GHSA-9qj7-x8cr-xhx2
GHSA-c384-m2mr-c4gg
GHSA-f2xj-j426-627f
GHSA-f598-qv9r-92cj
GHSA-fpf4-m274-fqjj
GHSA-gr6v-3pmp-996p
GHSA-gx97-gg4r-qw22
GHSA-h73w-rr6h-gjf4
GHSA-h7r7-gpvx-jr4p
GHSA-jpjg-wf9r-25rj
GHSA-rjh4-3x8p-7jcr
GHSA-v6f7-mh9q-h69v
GHSA-vv63-gqpw-3x4p
GHSA-w49h-rmgr-rwp7
GHSA-x6m8-4qgj-87fj

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-3jc8-87g9-6vvg/GHSA-3jc8-87g9-6vvg.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3jc8-87g9-6vvg",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2025-11857"
+  ],
+  "details": "The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxp_fb2wp_display_embed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'post_id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11857"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/fb2wp-integration-tools/tags/1.9.9/index.php#L302"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379625%40fb2wp-integration-tools&new=3379625%40fb2wp-integration-tools&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbb28e2-a7a1-4e33-93e5-872d6f2e00ec?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T06:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-44j2-7x4f-pq34/GHSA-44j2-7x4f-pq34.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44j2-7x4f-pq34",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2025-11378"
+  ],
+  "details": "The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/short-pixel-optimizer/shortpixel-image-optimiser/commit/74263060acafbaf63b4a34f339a8b0dc35f2cad9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379473%40shortpixel-image-optimiser&new=3379473%40shortpixel-image-optimiser&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://research.cleantalk.org/CVE-2025-11378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f7e9eb5-e222-43fa-a14f-b9cbced6b8f5?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T04:16:05Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-4xmm-w6fx-6vm3/GHSA-4xmm-w6fx-6vm3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4xmm-w6fx-6vm3",
+  "modified": "2025-10-18T06:30:26Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2025-11738"
+  ],
+  "details": "The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379043%40media-library-assistant&new=3379043%40media-library-assistant&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379044%40media-library-assistant&new=3379044%40media-library-assistant&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d1264a-2265-4423-a643-7ef6436d3764?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T06:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-54m9-295v-m438/GHSA-54m9-295v-m438.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-54m9-295v-m438",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2025-62669"
+  ],
+  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d037306d2395e74ad85"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T400892"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T05:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5g96-pc88-j7fx/GHSA-5g96-pc88-j7fx.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5g96-pc88-j7fx",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2017-20208"
+  ],
+  "details": "The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20208"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/1733274/custom-registration-form-builder-with-submission-manager"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b79193-f8fc-4ea2-8973-fe292cfb926b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T04:15:59Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7mpm-gf56-q8wv/GHSA-7mpm-gf56-q8wv.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7mpm-gf56-q8wv",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2017-20206"
+  ],
+  "details": "The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20206"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/1733186/appointments"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8f230e-3f96-4efd-806d-72725b960303?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T04:15:43Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-9qj7-x8cr-xhx2/GHSA-9qj7-x8cr-xhx2.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9qj7-x8cr-xhx2",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2025-62670"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki - FlexDiagrams Extension: master.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FlexDiagrams/+/1179692"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T402149"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T05:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-c384-m2mr-c4gg/GHSA-c384-m2mr-c4gg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c384-m2mr-c4gg",
+  "modified": "2025-10-18T06:30:25Z",
+  "published": "2025-10-18T06:30:25Z",
+  "aliases": [
+    "CVE-2020-36854"
+  ],
+  "details": "The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including,  2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36854"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b133888c-7673-4796-917c-486bff1b6b12?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-18T04:16:04Z"
+  }
+}