Publish Advisories

GHSA-3rpw-c8rg-p3f5
GHSA-2p9m-8642-6w2j
GHSA-43m2-c25v-9rrv
GHSA-43mm-w7h4-j7r2
GHSA-6vcr-8j88-247v
GHSA-73h2-6r4h-p6jq
GHSA-7r6h-5fj6-2whv
GHSA-cx5c-h993-r4hg
GHSA-fqgh-c6pc-p3m8
GHSA-fr9r-frph-r898
GHSA-g25r-9w3q-pjr8
GHSA-g32w-vwf2-848m
GHSA-hfr9-f8x5-wmfv
GHSA-hvxj-gppg-mpmp
GHSA-jh3g-4qxq-mqgc
GHSA-pg85-hqc5-qmc9
GHSA-rw7f-g8xg-mrx7
GHSA-vf4q-9rpx-w639
GHSA-wcq9-qf8h-vcj9
GHSA-wfpf-w254-hh56
GHSA-x645-h822-qjxf
GHSA-xwgc-fx9q-hg8x

Author: advisory-database[bot]

advisories/unreviewed/2024/10/GHSA-3rpw-c8rg-p3f5/GHSA-3rpw-c8rg-p3f5.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-78"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-2p9m-8642-6w2j/GHSA-2p9m-8642-6w2j.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2p9m-8642-6w2j",
+  "modified": "2025-10-24T09:31:58Z",
+  "published": "2025-10-24T09:31:58Z",
+  "aliases": [
+    "CVE-2025-10749"
+  ],
+  "details": "The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10749"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L152"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L346"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1b80852-a221-4c2c-b76d-8bdcd1e0f1ad?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:41Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-43m2-c25v-9rrv/GHSA-43m2-c25v-9rrv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43m2-c25v-9rrv",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-11504"
+  ],
+  "details": "The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11504"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/quickcreator"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/561f171e-f13e-408b-a63e-bf6a512d4463?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:42Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-43mm-w7h4-j7r2/GHSA-43mm-w7h4-j7r2.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43mm-w7h4-j7r2",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-12028"
+  ],
+  "details": "The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the `login_form_indieauth()` function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for unauthenticated attackers to force authenticated users to approve OAuth authorization requests for attacker-controlled applications via a forged request granted they can trick a user into performing an action such as clicking on a link or visiting a malicious page while logged in. The attacker can then exchange the stolen authorization code for an access token, effectively taking over the victim's account with the granted scopes (create, update, delete).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12028"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/indieauth/tags/4.5.4/includes/class-indieauth-authorization-endpoint.php#L411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/indieauth/tags/4.5.4/includes/class-indieauth-authorization-endpoint.php#L418"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/indieauth/tags/4.5.4/includes/class-indieauth-authorization-endpoint.php#L476"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42b373da-d5a6-4e3b-90f4-059da3641841?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:44Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-6vcr-8j88-247v/GHSA-6vcr-8j88-247v.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6vcr-8j88-247v",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-11889"
+  ],
+  "details": "The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11889"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/all-in-one-forms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc69491-0f40-4bab-9215-b25f72110e26?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:43Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-73h2-6r4h-p6jq/GHSA-73h2-6r4h-p6jq.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-73h2-6r4h-p6jq",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-12017"
+  ],
+  "details": "The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12017"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.svn.wordpress.org/vnpay-for-woocommerce/trunk/src/shortcodes/Thankyou.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b901f593-3691-4ea1-8ab6-1ddd68fa2e36?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:44Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7r6h-5fj6-2whv/GHSA-7r6h-5fj6-2whv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7r6h-5fj6-2whv",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-11257"
+  ],
+  "details": "The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11257"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/llm-hubspot-blog-import"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/682ec57a-f67c-40a9-91cd-2a11159ff695?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:42Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-cx5c-h993-r4hg/GHSA-cx5c-h993-r4hg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cx5c-h993-r4hg",
+  "modified": "2025-10-24T09:31:59Z",
+  "published": "2025-10-24T09:31:59Z",
+  "aliases": [
+    "CVE-2025-12096"
+  ],
+  "details": "The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12096"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/simple-excel-pricelist-for-woocommerce/trunk/classes/sepwWorker.php#L176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5e7fa38f-26ef-4011-af18-c18883159425?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:44Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-fqgh-c6pc-p3m8/GHSA-fqgh-c6pc-p3m8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fqgh-c6pc-p3m8",
+  "modified": "2025-10-24T09:31:58Z",
+  "published": "2025-10-24T09:31:58Z",
+  "aliases": [
+    "CVE-2025-11253"
+  ],
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11253"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0359"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:42Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-fr9r-frph-r898/GHSA-fr9r-frph-r898.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fr9r-frph-r898",
+  "modified": "2025-10-24T09:31:58Z",
+  "published": "2025-10-24T09:31:58Z",
+  "aliases": [
+    "CVE-2025-10901"
+  ],
+  "details": "The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read all data in the wp_originalityai_log database table, which can include post titles, scan scores, credits used, and other data.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10901"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/originality-ai/trunk/OriginalityAILogger.php#L202"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf94803-1ddf-4b9b-9624-497db455aab2?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T09:15:41Z"
+  }
+}