Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit da41fd73d737 · 2025-10-22T12:33:34.000Z
GHSA-342p-f7r9-8cjx GHSA-3rvr-g3cj-8jg3 GHSA-cwmv-37m7-7829
diff --git a/advisories/unreviewed/2025/10/GHSA-342p-f7r9-8cjx/GHSA-342p-f7r9-8cjx.json b/advisories/unreviewed/2025/10/GHSA-342p-f7r9-8cjx/GHSA-342p-f7r9-8cjx.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-342p-f7r9-8cjx",
+  "modified": "2025-10-22T12:31:21Z",
+  "published": "2025-10-22T12:31:21Z",
+  "aliases": [
+    "CVE-2025-6833"
+  ],
+  "details": "The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber access and above, to clock other users in and out.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6833"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3336943%40aio-time-clock-lite&new=3336943%40aio-time-clock-lite&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c48173-ffe3-40f8-a2fa-cee66869e343?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T10:15:33Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-3rvr-g3cj-8jg3/GHSA-3rvr-g3cj-8jg3.json b/advisories/unreviewed/2025/10/GHSA-3rvr-g3cj-8jg3/GHSA-3rvr-g3cj-8jg3.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rvr-g3cj-8jg3",
+  "modified": "2025-10-22T12:31:21Z",
+  "published": "2025-10-22T12:31:21Z",
+  "aliases": [
+    "CVE-2025-11086"
+  ],
+  "details": "The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. This makes it possible for unauthenticated attackers to update their role to Administrator when registering on the site.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11086"
+    },
+    {
+      "type": "WEB",
+      "url": "https://academylms.net"
+    },
+    {
+      "type": "WEB",
+      "url": "https://academylms.net/whats-new"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f42f0be-5386-448b-9e65-5d2584cc2175?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T12:15:33Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-cwmv-37m7-7829/GHSA-cwmv-37m7-7829.json b/advisories/unreviewed/2025/10/GHSA-cwmv-37m7-7829/GHSA-cwmv-37m7-7829.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cwmv-37m7-7829",
+  "modified": "2025-10-22T12:31:21Z",
+  "published": "2025-10-22T12:31:21Z",
+  "aliases": [
+    "CVE-2025-11915"
+  ],
+  "details": "Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2025-059"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-444"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T10:15:31Z"
+  }
+}
