Publish Advisories

GHSA-34q4-78v9-8v67
GHSA-jq7j-8mw4-v9xm
GHSA-2vj5-r237-wrxw
GHSA-ghv5-9m7m-pgpq
GHSA-rv7v-x668-2w85
GHSA-8j9x-j56g-p6pf
GHSA-whmx-vmqq-mjpv
GHSA-2cp2-9mq6-4h2w
GHSA-987q-rh8g-5x3f
GHSA-cfmf-rfqg-w6rc
GHSA-mr9j-vgmq-cxhq
GHSA-p383-92r7-352c

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-34q4-78v9-8v67/GHSA-34q4-78v9-8v67.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/02/GHSA-jq7j-8mw4-v9xm/GHSA-jq7j-8mw4-v9xm.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-787"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-2vj5-r237-wrxw/GHSA-2vj5-r237-wrxw.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-ghv5-9m7m-pgpq/GHSA-ghv5-9m7m-pgpq.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-rv7v-x668-2w85/GHSA-rv7v-x668-2w85.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-8j9x-j56g-p6pf/GHSA-8j9x-j56g-p6pf.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-whmx-vmqq-mjpv/GHSA-whmx-vmqq-mjpv.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-22"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-2cp2-9mq6-4h2w/GHSA-2cp2-9mq6-4h2w.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cp2-9mq6-4h2w",
+  "modified": "2025-07-17T03:34:01Z",
+  "published": "2025-07-17T03:34:01Z",
+  "aliases": [
+    "CVE-2025-7729"
+  ],
+  "details": "A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7729"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/CVE-2025-7729.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.316711"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.316711"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.607950"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-17T02:15:27Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-987q-rh8g-5x3f/GHSA-987q-rh8g-5x3f.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-cfmf-rfqg-w6rc/GHSA-cfmf-rfqg-w6rc.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cfmf-rfqg-w6rc",
+  "modified": "2025-07-17T03:34:01Z",
+  "published": "2025-07-17T03:34:01Z",
+  "aliases": [
+    "CVE-2025-7712"
+  ],
+  "details": "The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7712"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mangabooth.com/product/wp-manga-theme-madara"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9de8e90-5bda-4ab1-aa78-2748cd717376?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-17T03:15:26Z"
+  }
+}