Publish Advisories

GHSA-5ppg-2735-mfmv
GHSA-7r77-r49w-qf55
GHSA-8rfp-386c-p2rw
GHSA-99fv-75qw-h59w
GHSA-f5fh-r4mj-fqj8
GHSA-m35w-xx8c-6xc7
GHSA-w6ph-hrmj-vffx
GHSA-wjrf-gc3h-428q

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-5ppg-2735-mfmv/GHSA-5ppg-2735-mfmv.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5ppg-2735-mfmv",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:19Z",
+  "aliases": [
+    "CVE-2025-12469"
+  ],
+  "details": "The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrative actions in the `bwfan_test_email` AJAX handler. The nonce used for verification is publicly exposed to all visitors (including unauthenticated users) via the frontend JavaScript localization, and the `check_nonce()` function accepts low-privilege authenticated users who possess this nonce. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send arbitrary emails from the site with attacker-controlled subject and body content.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12469"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/trunk/includes/abstracts/class-bwfan-ajax-controller.php#L296"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/trunk/includes/class-bwfan-common.php#L1896"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/trunk/includes/class-bwfan-public.php#L70"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3388822/wp-marketing-automations/trunk/includes/abstracts/class-bwfan-ajax-controller.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72198b74-90f6-49c6-b261-6f9c1cdc9692?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:35Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7r77-r49w-qf55/GHSA-7r77-r49w-qf55.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7r77-r49w-qf55",
+  "modified": "2025-11-05T12:30:18Z",
+  "published": "2025-11-05T12:30:18Z",
+  "aliases": [
+    "CVE-2025-12192"
+  ],
+  "details": "The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the full system report whenever \"Yes, automatically share my system information with The Events Calendar support team\" setting is enabled.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12192"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3386042/the-events-calendar"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5f3feb7-547e-4c01-8453-a1fc207ee009?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-697"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:35Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-8rfp-386c-p2rw/GHSA-8rfp-386c-p2rw.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8rfp-386c-p2rw",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:18Z",
+  "aliases": [
+    "CVE-2025-11820"
+  ],
+  "details": "The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability affects multiple chart widgets including Area Chart, Line Chart, Column Chart, Donut Chart, Heatmap Chart, Radar Chart, Polar Chart, Pie Chart, Radial Chart, and Advance Data Table widgets.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11820"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/webber-naut/3c26ce96cc18d3b8387edb8482653bc3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/tags/3.1.7/assets/elementor/js/apex-chart/GraphinaApexChartBase.js#L303"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/assets/elementor/js/apex-chart/AdvanceDataTable.js"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/assets/elementor/js/apex-chart/AreaChart.js"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/assets/elementor/js/apex-chart/LineChart.js"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a576c71-615c-4333-8cd3-93343ce64f7b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:34Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-99fv-75qw-h59w/GHSA-99fv-75qw-h59w.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-99fv-75qw-h59w",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:19Z",
+  "aliases": [
+    "CVE-2025-12497"
+  ],
+  "details": "The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3388727/auxin-portfolio"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/518abad2-d3cc-4d15-83d2-8fd99d30500c?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T12:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-f5fh-r4mj-fqj8/GHSA-f5fh-r4mj-fqj8.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f5fh-r4mj-fqj8",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:19Z",
+  "aliases": [
+    "CVE-2025-11745"
+  ],
+  "details": "The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11745"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.7/ad-inserter.php#L9333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.7/ad-inserter.php#L9870"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e7831c5-2262-42c9-9655-a43ef2dac54f?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-80"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T12:15:32Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-m35w-xx8c-6xc7/GHSA-m35w-xx8c-6xc7.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m35w-xx8c-6xc7",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:19Z",
+  "aliases": [
+    "CVE-2025-58337"
+  ],
+  "details": "An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.\n\n\nImpact:\n\nBypasses read-only mode; attackers with read-only access may perform unauthorized modifications.\n\n\n\n\nRecommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58337"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40h"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/11/04/5"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:36Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-w6ph-hrmj-vffx/GHSA-w6ph-hrmj-vffx.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w6ph-hrmj-vffx",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:19Z",
+  "aliases": [
+    "CVE-2025-12468"
+  ],
+  "details": "The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a public API (`public_api = true`), which results in the endpoint being registered with `permission_callback => '__return_true'`, bypassing all authentication and capability checks. This makes it possible for unauthenticated attackers to extract sensitive data including all WooCommerce coupon codes, coupon IDs, and expiration status.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12468"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/trunk/includes/api/wc/class-bwfan-api-wc-coupons.php#L19"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/trunk/includes/class-bwfan-api-loader.php#L119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2a2032-3d39-4195-8e6c-ab884164721a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:35Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-wjrf-gc3h-428q/GHSA-wjrf-gc3h-428q.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wjrf-gc3h-428q",
+  "modified": "2025-11-05T12:30:19Z",
+  "published": "2025-11-05T12:30:18Z",
+  "aliases": [
+    "CVE-2025-11987"
+  ],
+  "details": "The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/visual-link-preview/tags/2.2.7/includes/public/class-vlp-link.php#L56"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/visual-link-preview/tags/2.2.7/templates/link/simple/simple.php#L1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3388877/visual-link-preview/trunk/templates/link/simple/simple.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65ae3119-61d1-4ec0-8ba2-352aae5cc834?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-80"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-05T10:15:34Z"
+  }
+}