Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5c659b053cde · 2025-11-07T06:32:14.000Z
GHSA-822f-xqj8-8w45 GHSA-8ff8-c7j7-c996 GHSA-999f-q85h-g4q7 GHSA-g482-6rxp-qvg7 GHSA-w5cv-jqj9-8f97 GHSA-w86f-f8mj-wm7p
diff --git a/advisories/unreviewed/2025/11/GHSA-822f-xqj8-8w45/GHSA-822f-xqj8-8w45.json b/advisories/unreviewed/2025/11/GHSA-822f-xqj8-8w45/GHSA-822f-xqj8-8w45.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-822f-xqj8-8w45",
+  "modified": "2025-11-07T06:30:28Z",
+  "published": "2025-11-07T06:30:28Z",
+  "aliases": [
+    "CVE-2025-4519"
+  ],
+  "details": "The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4519"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/idonate/tags/2.1.9/src/Helpers/DonorFunctions.php#L410"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3334424/idonate/tags/2.1.10/src/Helpers/DonorFunctions.php?old=3279142&old_path=idonate%2Ftags%2F2.1.9%2Fsrc%2FHelpers%2FDonorFunctions.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/idonate/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/596aef67-582a-4506-bae9-c7be1899e47a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T05:16:04Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-8ff8-c7j7-c996/GHSA-8ff8-c7j7-c996.json b/advisories/unreviewed/2025/11/GHSA-8ff8-c7j7-c996/GHSA-8ff8-c7j7-c996.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8ff8-c7j7-c996",
+  "modified": "2025-11-07T06:30:28Z",
+  "published": "2025-11-07T06:30:28Z",
+  "aliases": [
+    "CVE-2025-12352"
+  ],
+  "details": "The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pronamic/gravityforms/blob/06de1b7e169e4f073e9d0d491e17b89365b48c20/forms_model.php#L5451C26-L5451C41"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pronamic/gravityforms/blob/06de1b7e169e4f073e9d0d491e17b89365b48c20/includes/fields/class-gf-field-fileupload.php#L306"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42525101-6196-40b9-90e7-c7f1886ef247?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T05:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-999f-q85h-g4q7/GHSA-999f-q85h-g4q7.json b/advisories/unreviewed/2025/11/GHSA-999f-q85h-g4q7/GHSA-999f-q85h-g4q7.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-999f-q85h-g4q7",
+  "modified": "2025-11-07T06:30:29Z",
+  "published": "2025-11-07T06:30:29Z",
+  "aliases": [
+    "CVE-2025-12520"
+  ],
+  "details": "The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12520"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cyberresearchhub.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cyberresearchhub.com/cve-2025-12520"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-airbnb-review-slider/tags/4.2&new_path=/wp-airbnb-review-slider/tags/4.3&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6082f25f-b060-431b-a18c-65899851bf3b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T06:15:33Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-g482-6rxp-qvg7/GHSA-g482-6rxp-qvg7.json b/advisories/unreviewed/2025/11/GHSA-g482-6rxp-qvg7/GHSA-g482-6rxp-qvg7.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g482-6rxp-qvg7",
+  "modified": "2025-11-07T06:30:28Z",
+  "published": "2025-11-07T06:30:28Z",
+  "aliases": [
+    "CVE-2025-4522"
+  ],
+  "details": "The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4522"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/idonate/tags/2.1.9/src/Admin/Admin.php#L75"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/idonate/tags/2.1.9/src/Helpers/DonorFunctions.php#L658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3334424/idonate/tags/2.1.10/src/Helpers/DonorFunctions.php?old=3279142&old_path=idonate%2Ftags%2F2.1.9%2Fsrc%2FHelpers%2FDonorFunctions.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/idonate/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0625ec-5ac9-4896-ac11-87fc9287f68a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T05:16:04Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-w5cv-jqj9-8f97/GHSA-w5cv-jqj9-8f97.json b/advisories/unreviewed/2025/11/GHSA-w5cv-jqj9-8f97/GHSA-w5cv-jqj9-8f97.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w5cv-jqj9-8f97",
+  "modified": "2025-11-07T06:30:27Z",
+  "published": "2025-11-07T06:30:27Z",
+  "aliases": [
+    "CVE-2025-5483"
+  ],
+  "details": "The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5483"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3366906"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42dcc302-b543-42c7-99fa-605f017beb1a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T04:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-w86f-f8mj-wm7p/GHSA-w86f-f8mj-wm7p.json b/advisories/unreviewed/2025/11/GHSA-w86f-f8mj-wm7p/GHSA-w86f-f8mj-wm7p.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w86f-f8mj-wm7p",
+  "modified": "2025-11-07T06:30:29Z",
+  "published": "2025-11-07T06:30:29Z",
+  "aliases": [
+    "CVE-2025-12527"
+  ],
+  "details": "The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12527"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/page-post-notes/trunk/include/insert-to-db.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/page-post-notes/trunk/index.php#L85"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3389236%40page-post-notes&new=3389236%40page-post-notes&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93dadc33-cabf-4701-97ca-861ad90597fb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T06:15:33Z"
+  }
+}
