Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-c9qv-g34c-5xgf/GHSA-c9qv-g34c-5xgf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c9qv-g34c-5xgf",
-  "modified": "2025-08-04T12:30:41Z",
+  "modified": "2025-10-29T09:30:22Z",
   "published": "2025-08-04T12:30:41Z",
   "aliases": [
     "CVE-2025-8515"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8515"
     },
+    {
+      "type": "WEB",
+      "url": "https://backend.intelbras.com/sites/default/files/2025-08/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.60%20e%202.21.61%20PT-IN%20.pdf"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.318641"

advisories/unreviewed/2025/10/GHSA-26xv-gjx4-vj92/GHSA-26xv-gjx4-vj92.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26xv-gjx4-vj92",
+  "modified": "2025-10-29T09:30:22Z",
+  "published": "2025-10-29T09:30:22Z",
+  "aliases": [
+    "CVE-2023-7320"
+  ],
+  "details": "The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7320"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2939652@woocommerce/trunk&old=2933569@woocommerce/trunk&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/d1cec296-b5df-4cea-8c0d-d03a975cb6af"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T07:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-3g8r-fpc3-3p9r/GHSA-3g8r-fpc3-3p9r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3g8r-fpc3-3p9r",
+  "modified": "2025-10-29T09:30:23Z",
+  "published": "2025-10-29T09:30:23Z",
+  "aliases": [
+    "CVE-2025-64201"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/powerpress/vulnerability/wordpress-powerpress-podcasting-plugin-11-13-12-cross-site-request-forgery-csrf-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:40Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-4527-g864-c7mh/GHSA-4527-g864-c7mh.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4527-g864-c7mh",
+  "modified": "2025-10-29T09:30:23Z",
+  "published": "2025-10-29T09:30:23Z",
+  "aliases": [
+    "CVE-2025-64202"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64202"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/sahifa/vulnerability/wordpress-sahifa-theme-5-8-6-cross-site-scripting-xss-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:40Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-4w5q-r88j-fm53/GHSA-4w5q-r88j-fm53.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w5q-r88j-fm53",
+  "modified": "2025-10-29T09:30:23Z",
+  "published": "2025-10-29T09:30:23Z",
+  "aliases": [
+    "CVE-2025-64194"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64194"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/eduma/vulnerability/wordpress-eduma-theme-5-7-6-cross-site-scripting-xss-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5c9w-xpcw-vprf/GHSA-5c9w-xpcw-vprf.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5c9w-xpcw-vprf",
+  "modified": "2025-10-29T09:30:24Z",
+  "published": "2025-10-29T09:30:24Z",
+  "aliases": [
+    "CVE-2025-64290"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64290"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:46Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-698r-29g4-5vv6/GHSA-698r-29g4-5vv6.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-698r-29g4-5vv6",
+  "modified": "2025-10-29T09:30:23Z",
+  "published": "2025-10-29T09:30:23Z",
+  "aliases": [
+    "CVE-2025-64216"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64216"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/smart-mag/vulnerability/wordpress-smartmag-theme-10-3-0-local-file-inclusion-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:42Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8cr2-hpc7-v23m/GHSA-8cr2-hpc7-v23m.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8cr2-hpc7-v23m",
+  "modified": "2025-10-29T09:30:24Z",
+  "published": "2025-10-29T09:30:24Z",
+  "aliases": [
+    "CVE-2025-64283"
+  ],
+  "details": "Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64283"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/rometheme-for-elementor/vulnerability/wordpress-rtmkit-plugin-1-6-7-insecure-direct-object-references-idor-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:44Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8gx7-cf2h-mfwc/GHSA-8gx7-cf2h-mfwc.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8gx7-cf2h-mfwc",
+  "modified": "2025-10-29T09:30:24Z",
+  "published": "2025-10-29T09:30:24Z",
+  "aliases": [
+    "CVE-2025-64228"
+  ],
+  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64228"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/affs/vulnerability/wordpress-sumo-affiliates-pro-plugin-11-0-0-sensitive-data-exposure-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-497"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:44Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8rwj-g494-3qp6/GHSA-8rwj-g494-3qp6.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8rwj-g494-3qp6",
+  "modified": "2025-10-29T09:30:23Z",
+  "published": "2025-10-29T09:30:23Z",
+  "aliases": [
+    "CVE-2025-64212"
+  ],
+  "details": "Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64212"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/masterstudy-lms-learning-management-system-pro/vulnerability/wordpress-masterstudy-lms-pro-plugin-4-7-16-broken-access-control-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T09:15:42Z"
+  }
+}