Skip to content

Commit 592e0a5

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2cmc-mfch-j64j GHSA-423v-7q98-2mj3 GHSA-48rp-wrgx-mxm9 GHSA-4j3j-ch34-pxgm GHSA-9vfr-7f57-9g97 GHSA-gv64-29q8-3qqp GHSA-j48r-jqg6-pxx8 GHSA-qg9g-r7ff-3v94 GHSA-qhgc-j5wg-47c5 GHSA-r3xm-9mhv-w229 GHSA-rphv-339g-76cw
1 parent bffb6d2 commit 592e0a5

File tree

11 files changed

+484
-0
lines changed

11 files changed

+484
-0
lines changed

advisories/unreviewed/2025/11/GHSA-2cmc-mfch-j64j/GHSA-2cmc-mfch-j64j.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2cmc-mfch-j64j",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-12394"
8+
],
9+
"details": "The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12394"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/e61293d0-2e1b-4dac-96c5-97fa17e38b16"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-11-24T06:15:45Z"
28+
}
29+
}

advisories/unreviewed/2025/11/GHSA-423v-7q98-2mj3/GHSA-423v-7q98-2mj3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-423v-7q98-2mj3",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-13585"
8+
],
9+
"details": "A vulnerability was detected in code-projects COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13585"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/beamyou/CVE/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.333349"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.333349"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.699840"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-24T06:15:46Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-48rp-wrgx-mxm9/GHSA-48rp-wrgx-mxm9.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-48rp-wrgx-mxm9",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-12569"
8+
],
9+
"details": "The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12569"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/37586572-33f9-4365-bfce-7db277a8df72"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-11-24T06:15:46Z"
28+
}
29+
}

advisories/unreviewed/2025/11/GHSA-4j3j-ch34-pxgm/GHSA-4j3j-ch34-pxgm.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4j3j-ch34-pxgm",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-13584"
8+
],
9+
"details": "A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.1 is able to resolve this issue. The identifier of the patch is 7dec94c9d1f3e513e0ee38ba68caaba628e08582. Upgrading the affected component is advised.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13584"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Eigenfocus/eigenfocus/pull/358"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Eigenfocus/eigenfocus/commit/7dec94c9d1f3e513e0ee38ba68caaba628e08582"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/Eigenfocus/eigenfocus/releases/tag/v1.4.1-free"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/Stolichnayer/eigenfocus-stored-xss"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.333348"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.333348"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.699689"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-79"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2025-11-24T05:16:04Z"
63+
}
64+
}

advisories/unreviewed/2025/11/GHSA-9vfr-7f57-9g97/GHSA-9vfr-7f57-9g97.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9vfr-7f57-9g97",
4+
"modified": "2025-11-24T06:31:24Z",
5+
"published": "2025-11-24T06:31:24Z",
6+
"aliases": [
7+
"CVE-2025-13581"
8+
],
9+
"details": "A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the argument schedule_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13581"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/ltranquility/CVE/issues/14"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.333345"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.333345"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.699516"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-24T04:15:57Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-gv64-29q8-3qqp/GHSA-gv64-29q8-3qqp.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gv64-29q8-3qqp",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-12629"
8+
],
9+
"details": "The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12629"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/528e9775-3a2d-4e52-92f7-f123ad787e7d"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-11-24T06:15:46Z"
28+
}
29+
}

advisories/unreviewed/2025/11/GHSA-j48r-jqg6-pxx8/GHSA-j48r-jqg6-pxx8.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j48r-jqg6-pxx8",
4+
"modified": "2025-11-24T06:31:24Z",
5+
"published": "2025-11-24T06:31:24Z",
6+
"aliases": [
7+
"CVE-2025-13582"
8+
],
9+
"details": "A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13582"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/rassec2/dbcve/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.333346"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.333346"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.699554"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-24T04:15:57Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-qg9g-r7ff-3v94/GHSA-qg9g-r7ff-3v94.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qg9g-r7ff-3v94",
4+
"modified": "2025-11-24T06:31:25Z",
5+
"published": "2025-11-24T06:31:25Z",
6+
"aliases": [
7+
"CVE-2025-13583"
8+
],
9+
"details": "A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13583"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/rassec2/dbcve/issues/6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.333347"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.333347"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.699591"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-24T05:15:58Z"
55+
}
56+
}

0 commit comments

Comments
 (0)