Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pvj-q7qj-89fg",
-  "modified": "2025-12-17T21:30:31Z",
+  "modified": "2025-12-18T09:30:24Z",
   "published": "2025-07-07T15:30:39Z",
   "aliases": [
     "CVE-2025-5987"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23483"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:23484"

advisories/unreviewed/2025/12/GHSA-2265-g92x-3448/GHSA-2265-g92x-3448.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2265-g92x-3448",
+  "modified": "2025-12-18T09:30:27Z",
+  "published": "2025-12-18T09:30:27Z",
+  "aliases": [
+    "CVE-2025-58947"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58947"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/athos/vulnerability/wordpress-athos-theme-1-9-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:16:02Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-233v-c87g-g57r/GHSA-233v-c87g-g57r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-233v-c87g-g57r",
+  "modified": "2025-12-18T09:30:28Z",
+  "published": "2025-12-18T09:30:28Z",
+  "aliases": [
+    "CVE-2025-60055"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fabrica fabrica allows PHP Local File Inclusion.This issue affects Fabrica: from n/a through <= 1.8.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60055"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/fabrica/vulnerability/wordpress-fabrica-theme-1-8-1-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:16:05Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-26hr-x62r-xc25/GHSA-26hr-x62r-xc25.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26hr-x62r-xc25",
+  "modified": "2025-12-18T09:30:26Z",
+  "published": "2025-12-18T09:30:26Z",
+  "aliases": [
+    "CVE-2025-54745"
+  ],
+  "details": "Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54745"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/miniorange-2-factor-authentication/vulnerability/wordpress-miniorange-s-google-authenticator-plugin-6-1-1-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2cq9-p3hh-4x7f/GHSA-2cq9-p3hh-4x7f.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cq9-p3hh-4x7f",
+  "modified": "2025-12-18T09:30:26Z",
+  "published": "2025-12-18T09:30:26Z",
+  "aliases": [
+    "CVE-2025-58710"
+  ],
+  "details": "Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58710"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/hotel-listing/vulnerability/wordpress-hotel-listing-plugin-1-4-0-privilege-escalation-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:15:57Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2ffc-fhcm-rq53/GHSA-2ffc-fhcm-rq53.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2ffc-fhcm-rq53",
+  "modified": "2025-12-18T09:30:26Z",
+  "published": "2025-12-18T09:30:26Z",
+  "aliases": [
+    "CVE-2025-54748"
+  ],
+  "details": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through < 8.6.12.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54748"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/mapsvg/vulnerability/wordpress-mapsvg-plugin-8-6-12-arbitrary-file-download-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2fv4-c5wh-p3p5/GHSA-2fv4-c5wh-p3p5.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fv4-c5wh-p3p5",
+  "modified": "2025-12-18T09:30:25Z",
+  "published": "2025-12-18T09:30:25Z",
+  "aliases": [
+    "CVE-2025-49365"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue affects Jack Well: from n/a through <= 1.0.14.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49365"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/jack-well/vulnerability/wordpress-jack-well-theme-1-0-14-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2g4w-jfv5-fgmr/GHSA-2g4w-jfv5-fgmr.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2g4w-jfv5-fgmr",
+  "modified": "2025-12-18T09:30:29Z",
+  "published": "2025-12-18T09:30:28Z",
+  "aliases": [
+    "CVE-2025-60089"
+  ],
+  "details": "Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60089"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/gf-freshdesk/vulnerability/wordpress-wp-gravity-forms-freshdesk-plugin-plugin-1-3-5-deserialization-of-untrusted-data-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:16:09Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2jm4-pp6h-mpwx/GHSA-2jm4-pp6h-mpwx.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2jm4-pp6h-mpwx",
+  "modified": "2025-12-18T09:30:27Z",
+  "published": "2025-12-18T09:30:27Z",
+  "aliases": [
+    "CVE-2025-58945"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58945"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/ecogrow/vulnerability/wordpress-ecogrow-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:16:02Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2jmv-v5xf-w928/GHSA-2jmv-v5xf-w928.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2jmv-v5xf-w928",
+  "modified": "2025-12-18T09:30:25Z",
+  "published": "2025-12-18T09:30:25Z",
+  "aliases": [
+    "CVE-2025-53446"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Beautique beautique allows PHP Local File Inclusion.This issue affects Beautique: from n/a through <= 1.5.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53446"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/beautique/vulnerability/wordpress-beautique-theme-1-5-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-18T08:15:55Z"
+  }
+}