-
Notifications
You must be signed in to change notification settings - Fork 219
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 1 new CVEs: CVE-2025-1028 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Feb 5, 2025
1 parent
b37d5b5
commit a94b91d
Showing
3 changed files
with
109 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2025-1028", | ||
| "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Wordfence", | ||
| "dateReserved": "2025-02-04T14:31:03.025Z", | ||
| "datePublished": "2025-02-05T03:21:17.570Z", | ||
| "dateUpdated": "2025-02-05T03:21:17.570Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "shortName": "Wordfence", | ||
| "dateUpdated": "2025-02-05T03:21:17.570Z" | ||
| }, | ||
| "affected": [ | ||
| { | ||
| "vendor": "kleor", | ||
| "product": "Contact Manager", | ||
| "versions": [ | ||
| { | ||
| "version": "*", | ||
| "status": "affected", | ||
| "lessThanOrEqual": "8.6.4", | ||
| "versionType": "semver" | ||
| } | ||
| ], | ||
| "defaultStatus": "unaffected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit." | ||
| } | ||
| ], | ||
| "title": "Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload", | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6f51a8e-4a59-4b64-b0c6-2ce3933a1df5?source=cve" | ||
| }, | ||
| { | ||
| "url": "https://plugins.trac.wordpress.org/changeset?old_path=/contact-manager/tags/8.6.4&new_path=/contact-manager/tags/8.6.5&sfp_email=&sfph_mail=" | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", | ||
| "cweId": "CWE-434", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
| "baseScore": 8.1, | ||
| "baseSeverity": "HIGH" | ||
| } | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "value": "Keshav verma" | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2025-02-04T00:00:00.000+00:00", | ||
| "lang": "en", | ||
| "value": "Disclosed" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,33 +1,14 @@ | ||
| { | ||
| "fetchTime": "2025-02-05T02:00:25.572Z", | ||
| "numberOfChanges": 4, | ||
| "fetchTime": "2025-02-05T03:23:05.939Z", | ||
| "numberOfChanges": 1, | ||
| "new": [ | ||
| { | ||
| "cveId": "CVE-2025-23114", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23114", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23114.json", | ||
| "dateUpdated": "2025-02-05T01:45:03.336Z" | ||
| } | ||
| ], | ||
| "updated": [ | ||
| { | ||
| "cveId": "CVE-2025-23087", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23087", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23087.json", | ||
| "dateUpdated": "2025-02-05T01:42:34.751Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2025-23088", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23088", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23088.json", | ||
| "dateUpdated": "2025-02-05T01:42:35.857Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2025-23089", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23089", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23089.json", | ||
| "dateUpdated": "2025-02-05T01:42:36.913Z" | ||
| "cveId": "CVE-2025-1028", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-1028", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/1xxx/CVE-2025-1028.json", | ||
| "dateUpdated": "2025-02-05T03:21:17.570Z" | ||
| } | ||
| ], | ||
| "updated": [], | ||
| "error": [] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters