Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-4245-33hh-r4j6/GHSA-4245-33hh-r4j6.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4245-33hh-r4j6",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-64453"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64453"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T04:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-49q4-53vc-m8p9/GHSA-49q4-53vc-m8p9.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49q4-53vc-m8p9",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-11072"
+  ],
+  "details": "The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11072"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/538117c5-b04c-45fc-a953-6f619fdf7eaf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:32Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-57cg-g95j-25q3/GHSA-57cg-g95j-25q3.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-57cg-g95j-25q3",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-21074"
+  ],
+  "details": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21074"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-6p65-2966-2gj7/GHSA-6p65-2966-2gj7.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6p65-2966-2gj7",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-64451"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64451"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T04:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-8652-4qrv-r8hp/GHSA-8652-4qrv-r8hp.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8652-4qrv-r8hp",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-64450"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64450"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T04:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-8jg3-f28x-33h3/GHSA-8jg3-f28x-33h3.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8jg3-f28x-33h3",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-10567"
+  ],
+  "details": "The FunnelKit  WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10567"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/c7536b0c-3bce-449d-937e-b0195990110a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:32Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-93gj-8p48-h7f8/GHSA-93gj-8p48-h7f8.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-93gj-8p48-h7f8",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-11835"
+  ],
+  "details": "The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler::process_payment() function in all versions up to, and including, 2.16.4. This makes it possible for unauthenticated attackers to trigger stored auto-renew charges for arbitrary members.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11835"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3383182/paid-member-subscriptions"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb1948bd-c5b4-4fbe-9aa6-19f24325e6bb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T04:15:32Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-9r3j-gc74-fvx7/GHSA-9r3j-gc74-fvx7.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9r3j-gc74-fvx7",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-21073"
+  ],
+  "details": "Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21073"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-c798-f247-mv6f/GHSA-c798-f247-mv6f.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c798-f247-mv6f",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-21075"
+  ],
+  "details": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21075"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-ch23-x532-vgwg/GHSA-ch23-x532-vgwg.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-ch23-x532-vgwg",
+  "modified": "2025-11-05T06:30:25Z",
+  "published": "2025-11-05T06:30:25Z",
+  "aliases": [
+    "CVE-2025-10873"
+  ],
+  "details": "The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10873"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/2eb133db-e1c5-409e-94f8-b71edca5db16"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T06:15:32Z"
+  }
+}