Publish Advisories

GHSA-25vq-xhx7-64q5
GHSA-4gj5-pmgw-233c
GHSA-4pfx-fh23-xm3w
GHSA-4xxr-8wrg-pjgr
GHSA-69r8-298v-gc69
GHSA-95h8-w3mv-h4hq
GHSA-9cx9-23hh-j484
GHSA-f2cq-gqfx-m35m
GHSA-gx4w-f9jp-mv56
GHSA-hr62-g3v7-mq7g
GHSA-mjg8-w6j8-9hcc
GHSA-qjwx-pxp7-6ccp
GHSA-wf5q-4vh3-9chv
GHSA-x3vr-5276-4vwg

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-25vq-xhx7-64q5/GHSA-25vq-xhx7-64q5.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-25vq-xhx7-64q5",
+  "modified": "2025-11-01T06:30:36Z",
+  "published": "2025-11-01T06:30:36Z",
+  "aliases": [
+    "CVE-2025-12038"
+  ],
+  "details": "The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3384176/folderly/trunk/includes/Rest#file0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81d43850-c6aa-4340-a0e0-41e04e958848?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T06:15:40Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4gj5-pmgw-233c/GHSA-4gj5-pmgw-233c.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4gj5-pmgw-233c",
+  "modified": "2025-11-01T06:30:36Z",
+  "published": "2025-11-01T06:30:36Z",
+  "aliases": [
+    "CVE-2025-5949"
+  ],
+  "details": "The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for authenticated attackers with subscriber access or higher to reset other users' passwords, including those of admins.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5949"
+    },
+    {
+      "type": "WEB",
+      "url": "https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2874a5f-71f4-4bcd-87e8-a20bb19a5847?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T05:16:02Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4pfx-fh23-xm3w/GHSA-4pfx-fh23-xm3w.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4pfx-fh23-xm3w",
+  "modified": "2025-11-01T06:30:36Z",
+  "published": "2025-11-01T06:30:36Z",
+  "aliases": [
+    "CVE-2025-11502"
+  ],
+  "details": "The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswp_tiny_multiple_faq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11502"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.50/modules/tinymce/register-shortcodes.php#L120"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3387089/schema-and-structured-data-for-wp/trunk/modules/tinymce/register-shortcodes.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d664d1f9-39b1-424f-a95e-7a480d809c79?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T06:15:38Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4xxr-8wrg-pjgr/GHSA-4xxr-8wrg-pjgr.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4xxr-8wrg-pjgr",
+  "modified": "2025-11-01T06:30:35Z",
+  "published": "2025-11-01T06:30:35Z",
+  "aliases": [
+    "CVE-2025-12367"
+  ],
+  "details": "The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12367"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.1/main/ajax.php#L340"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3387094/siteseo/trunk/main/ajax.php?contextall=1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54535bef-23c3-4045-bb37-ba28ae5461b1?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T04:16:04Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-69r8-298v-gc69/GHSA-69r8-298v-gc69.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69r8-298v-gc69",
+  "modified": "2025-11-01T06:30:35Z",
+  "published": "2025-11-01T06:30:35Z",
+  "aliases": [
+    "CVE-2025-11927"
+  ],
+  "details": "The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11927"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.svn.wordpress.org/nazy-load/tags/2.4.14/inject-js.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.svn.wordpress.org/nazy-load/tags/2.4.14/settings/index.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.svn.wordpress.org/nazy-load/tags/2.4.14/settings/lazyload.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3386814/nazy-load"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c41b6c52-4da8-427b-8f5d-6a3339dad3cd?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T05:16:02Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-95h8-w3mv-h4hq/GHSA-95h8-w3mv-h4hq.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-95h8-w3mv-h4hq",
+  "modified": "2025-11-01T06:30:36Z",
+  "published": "2025-11-01T06:30:36Z",
+  "aliases": [
+    "CVE-2025-11983"
+  ],
+  "details": "The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11983"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L218"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/plugin-utilities.php#L486"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384149%40wp-discourse&new=3384149%40wp-discourse&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1524f3-1c59-49a1-bbe3-94dcfd232b1d?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T06:15:39Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-9cx9-23hh-j484/GHSA-9cx9-23hh-j484.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9cx9-23hh-j484",
+  "modified": "2025-11-01T06:30:35Z",
+  "published": "2025-11-01T06:30:35Z",
+  "aliases": [
+    "CVE-2025-11995"
+  ],
+  "details": "The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11995"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/community-events/trunk/community-events.php?rev=3115223"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384504%40community-events&new=3384504%40community-events&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c12bcf6-6297-457a-a807-28f5dbacb0eb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T05:16:02Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-f2cq-gqfx-m35m/GHSA-f2cq-gqfx-m35m.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f2cq-gqfx-m35m",
+  "modified": "2025-11-01T06:30:35Z",
+  "published": "2025-11-01T06:30:35Z",
+  "aliases": [
+    "CVE-2025-11928"
+  ],
+  "details": "The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3385887%40css-javascript-toolbox&new=3385887%40css-javascript-toolbox&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a26c71d6-9840-450e-90cd-c20de53f5cb5?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-01T04:16:02Z"
+  }
+}