Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-98qw-prqm-9f4p/GHSA-98qw-prqm-9f4p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98qw-prqm-9f4p",
-  "modified": "2025-10-23T21:31:35Z",
+  "modified": "2025-10-27T03:30:36Z",
   "published": "2025-06-26T21:31:08Z",
   "aliases": [
     "CVE-2025-5318"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19012"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19098"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5318"

advisories/unreviewed/2025/10/GHSA-23qm-g3r4-35xx/GHSA-23qm-g3r4-35xx.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23qm-g3r4-35xx",
+  "modified": "2025-10-27T03:30:39Z",
+  "published": "2025-10-27T03:30:39Z",
+  "aliases": [
+    "CVE-2025-62964"
+  ],
+  "details": "Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.4.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62964"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-4-broken-access-control-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:56Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-253g-qmmx-2x98/GHSA-253g-qmmx-2x98.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-253g-qmmx-2x98",
+  "modified": "2025-10-27T03:30:38Z",
+  "published": "2025-10-27T03:30:37Z",
+  "aliases": [
+    "CVE-2025-62902"
+  ],
+  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62902"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-popup-builder/vulnerability/wordpress-wp-popup-builder-plugin-1-3-6-sensitive-data-exposure-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-497"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:49Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2r2f-xx92-v4f7/GHSA-2r2f-xx92-v4f7.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2r2f-xx92-v4f7",
+  "modified": "2025-10-27T03:30:38Z",
+  "published": "2025-10-27T03:30:38Z",
+  "aliases": [
+    "CVE-2025-62935"
+  ],
+  "details": "Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62935"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/woc-open-close/vulnerability/wordpress-open-close-woocommerce-store-plugin-4-9-8-broken-access-control-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:53Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2rjw-37q7-prrc/GHSA-2rjw-37q7-prrc.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rjw-37q7-prrc",
+  "modified": "2025-10-27T03:30:39Z",
+  "published": "2025-10-27T03:30:39Z",
+  "aliases": [
+    "CVE-2025-62957"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62957"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wc-reports-lite/vulnerability/wordpress-nikanwp-woocommerce-reporting-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:56Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2w76-84vx-75wq/GHSA-2w76-84vx-75wq.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w76-84vx-75wq",
+  "modified": "2025-10-27T03:30:39Z",
+  "published": "2025-10-27T03:30:39Z",
+  "aliases": [
+    "CVE-2025-12204"
+  ],
+  "details": "A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12204"
+    },
+    {
+      "type": "WEB",
+      "url": "https://shimo.im/docs/loqeMWMyZGtpEYqn"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329874"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329874"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673224"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T03:15:49Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2x26-r374-v69m/GHSA-2x26-r374-v69m.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x26-r374-v69m",
+  "modified": "2025-10-27T03:30:38Z",
+  "published": "2025-10-27T03:30:37Z",
+  "aliases": [
+    "CVE-2025-62905"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through <= 0.3.2.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62905"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/query-posts/vulnerability/wordpress-query-posts-plugin-0-3-2-cross-site-scripting-xss-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:49Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2x76-q69m-x8p7/GHSA-2x76-q69m-x8p7.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x76-q69m-x8p7",
+  "modified": "2025-10-27T03:30:39Z",
+  "published": "2025-10-27T03:30:39Z",
+  "aliases": [
+    "CVE-2025-62953"
+  ],
+  "details": "Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62953"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/usc-e-shop/vulnerability/wordpress-welcart-e-commerce-plugin-2-11-24-broken-access-control-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:55Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-3wcv-7wxv-gvf8/GHSA-3wcv-7wxv-gvf8.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3wcv-7wxv-gvf8",
+  "modified": "2025-10-27T03:30:39Z",
+  "published": "2025-10-27T03:30:39Z",
+  "aliases": [
+    "CVE-2025-62987"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/builderall-cheetah-for-wp/vulnerability/wordpress-builderall-builder-for-wordpress-plugin-3-0-1-cross-site-scripting-xss-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:59Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-43fg-2qr4-qfpx/GHSA-43fg-2qr4-qfpx.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43fg-2qr4-qfpx",
+  "modified": "2025-10-27T03:30:38Z",
+  "published": "2025-10-27T03:30:38Z",
+  "aliases": [
+    "CVE-2025-62910"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through <= 10.5.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/huzzaz-video-gallery/vulnerability/wordpress-video-gallery-by-huzzaz-plugin-10-5-cross-site-scripting-xss-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T02:15:50Z"
+  }
+}