Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-267r-xvf4-x7x2/GHSA-267r-xvf4-x7x2.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-267r-xvf4-x7x2",
+  "modified": "2025-11-11T06:30:21Z",
+  "published": "2025-11-11T06:30:21Z",
+  "aliases": [
+    "CVE-2025-11988"
+  ],
+  "details": "The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the crypto_delete_json method with only a publicly-available nonce check. This makes it possible for unauthenticated attackers to delete specific JSON files matching the pattern *_pending.json within the wp-content/uploads/yak/ directory, causing data loss and denial of service for plugin workflows that rely on these artifacts.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11988"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.22/includes/class-crypto_connect_ajax_register.php#L137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.22/includes/class-crypto_connect_ajax_register.php#L9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3281d6eb-9f14-43d4-a4d4-532993039e53?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:44Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-2c4j-ph78-gmjg/GHSA-2c4j-ph78-gmjg.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c4j-ph78-gmjg",
+  "modified": "2025-11-11T06:30:22Z",
+  "published": "2025-11-11T06:30:22Z",
+  "aliases": [
+    "CVE-2025-12668"
+  ],
+  "details": "The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_countdown_timer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12668"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-count-down-timer/tags/1.0.1/wp-count-down-timer.php#L69"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wp-count-down-timer"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcbcad73-ce2a-4eb2-9b7f-91d47a93e16d?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:49Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-2vv4-mhf8-rgmr/GHSA-2vv4-mhf8-rgmr.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vv4-mhf8-rgmr",
+  "modified": "2025-11-11T06:30:20Z",
+  "published": "2025-11-11T06:30:20Z",
+  "aliases": [
+    "CVE-2025-11521"
+  ],
+  "details": "The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11521"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/getastra"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f99a6b5c-e95d-49d0-a4b2-1d7188447da1?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-34q8-j2ch-pp33/GHSA-34q8-j2ch-pp33.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34q8-j2ch-pp33",
+  "modified": "2025-11-11T06:30:20Z",
+  "published": "2025-11-11T06:30:20Z",
+  "aliases": [
+    "CVE-2025-11457"
+  ],
+  "details": "The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11457"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/easycommerce"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ebe84ba-abc1-410c-b315-118746ff235a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3g22-92jx-c9hc/GHSA-3g22-92jx-c9hc.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3g22-92jx-c9hc",
+  "modified": "2025-11-11T06:30:22Z",
+  "published": "2025-11-11T06:30:22Z",
+  "aliases": [
+    "CVE-2025-12665"
+  ],
+  "details": "The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninja_countdown_admin_ajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary countdowns.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12665"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/ninja-countdown"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b0b6433-5651-4a9d-8356-5d02d51830f4?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:49Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-47pq-xrp5-m8rf/GHSA-47pq-xrp5-m8rf.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-47pq-xrp5-m8rf",
+  "modified": "2025-11-11T06:30:22Z",
+  "published": "2025-11-11T06:30:22Z",
+  "aliases": [
+    "CVE-2025-12711"
+  ],
+  "details": "The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the share_to_google shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12711"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/share-to-google-classroom/tags/1.0/share_to_google_classroom.php#L59"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87cc821c-21d5-49b7-9b72-030ca016efd8?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:49Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4h3h-9m6r-wvx3/GHSA-4h3h-9m6r-wvx3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4h3h-9m6r-wvx3",
+  "modified": "2025-11-11T06:30:21Z",
+  "published": "2025-11-11T06:30:21Z",
+  "aliases": [
+    "CVE-2025-11997"
+  ],
+  "details": "The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wp_localize_script without proper access restrictions. This makes it possible for unauthenticated attackers to view sensitive API keys in the page source, which could be leveraged to make unauthorized API calls to the configured Algolia search service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11997"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/document-pro-elementor/tags/1.0.9/inc/Base/DPET_Enqueue.php#L71"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/document-pro-elementor/tags/1.0.9/inc/Base/DPET_Enqueue.php#L85"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac7455a-0c89-4f5b-84eb-b7cc87bce8d4?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4j82-rp2r-63v4/GHSA-4j82-rp2r-63v4.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j82-rp2r-63v4",
+  "modified": "2025-11-11T06:30:20Z",
+  "published": "2025-11-11T06:30:20Z",
+  "aliases": [
+    "CVE-2025-11129"
+  ],
+  "details": "The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/include-fussball-de-widgets/trunk/Frontend/Fubade.php#L231"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/include-fussball-de-widgets/trunk/Frontend/Fubade.php#L232"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0a3df32-aa07-4cc0-97ba-bb4ab64ba6b9?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:40Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4q5h-9535-gvr5/GHSA-4q5h-9535-gvr5.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4q5h-9535-gvr5",
+  "modified": "2025-11-11T06:30:20Z",
+  "published": "2025-11-11T06:30:20Z",
+  "aliases": [
+    "CVE-2025-11828"
+  ],
+  "details": "The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using user-supplied values as HTML tag names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11828"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bnm-blocks/tags/1.2.3/src/blocks/posts/featured-posts-1/view.php#L34"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/bnm-blocks"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa2e98b-5054-46fd-b22e-eac59b581a3c?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T04:15:42Z"
+  }
+}