CVE-2025-2250

CVE-2025-2250

Título es
CVE-2025-2250

Jue, 13/03/2025 – 04:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-2250

Descripción en
The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

13/03/2025

13/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://plugins.svn.wordpress.org/reportattacks/tags/2.32/includes/list-tables/class-reportattacks-list-table.php

  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3254851%40reportattacks&new=3254851%40reportattacks

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/602bf9b1-17a9-441a-b12d-15412df2deb4?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1503

    CVE-2025-1503

    Título es
    CVE-2025-1503

    Jue, 13/03/2025 – 05:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1503

    Descripción en
    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    13/03/2025

    13/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset/3254687/wp-recipe-maker/trunk/includes/public/class-wprm-list-saver.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/e23f63a0-3061-42e0-a6be-05fa20a174ea?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1561

    CVE-2025-1561

    Título es
    CVE-2025-1561

    Jue, 13/03/2025 – 05:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1561

    Descripción en
    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page.

    13/03/2025

    13/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.10/templates/template.php#L32

  • https://plugins.trac.wordpress.org/changeset/3254632/apppresser/tags/4.4.11/inc/AppPresser_Log_Admin.php?old=3219464&old_path=apppresser/tags/4.4.10/inc/AppPresser_Log_Admin.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/77328e35-b6e6-40eb-8c85-896d54419aef?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-2104

    CVE-2025-2104

    Título es
    CVE-2025-2104

    Jue, 13/03/2025 – 05:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2104

    Descripción en
    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site.

    13/03/2025

    13/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-27407

    CVE-2025-27407

    Título es
    CVE-2025-27407

    Mié, 12/03/2025 – 19:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27407

    Descripción en
    graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.

    12/03/2025

    12/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias


  • https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released

  • https://github.com/github-community-projects/graphql-client

  • https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd

  • https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f

  • https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be

  • https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca

  • https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb

  • https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c

  • https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367

  • https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492

    • Enviar en el boletín
    Off

    CVE-2025-25293

    CVE-2025-25293

    Título es
    CVE-2025-25293

    Mié, 12/03/2025 – 21:15

    Tipo
    CWE-400

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25293

    Descripción en
    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    7.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released

  • Sign in as anyone: Bypassing SAML SSO authentication with parser differentials



  • https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a

  • https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0

  • https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq

  • https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv

    • Enviar en el boletín
    Off

    CVE-2025-25292

    CVE-2025-25292

    Título es
    CVE-2025-25292

    Mié, 12/03/2025 – 21:15

    Tipo
    CWE-347

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25292

    Descripción en
    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.80

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released

  • Sign in as anyone: Bypassing SAML SSO authentication with parser differentials



  • https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9

  • https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0

  • https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2

  • https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv

    • Enviar en el boletín
    Off

    CVE-2025-25291

    CVE-2025-25291

    Título es
    CVE-2025-25291

    Mié, 12/03/2025 – 21:15

    Tipo
    CWE-347

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25291

    Descripción en
    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.80

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released

  • Sign in as anyone: Bypassing SAML SSO authentication with parser differentials



  • https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9

  • https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4

  • https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0

  • https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm

  • https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv

    • Enviar en el boletín
    Off

    CVE-2025-0117

    CVE-2025-0117

    Título es
    CVE-2025-0117

    Mié, 12/03/2025 – 19:15

    Tipo
    CWE-807

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0117

    Descripción en
    A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.

    GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://security.paloaltonetworks.com/CVE-2025-0117

    • Enviar en el boletín
    Off

    CVE-2025-0116

    CVE-2025-0116

    Título es
    CVE-2025-0116

    Mié, 12/03/2025 – 19:15

    Tipo
    CWE-754

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0116

    Descripción en
    A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.

    This issue does not apply to Cloud NGFWs or Prisma Access software.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://security.paloaltonetworks.com/CVE-2025-0116

    • Enviar en el boletín
    Off