Publish Advisories

GHSA-45gg-w2cf-qwhh GHSA-6876-c4r3-53ww GHSA-69jp-7vgw-2cgr GHSA-7jq5-8rmw-j9wh GHSA-9grv-p46v-p3fp GHSA-9hcf-78cf-xwqv GHSA-c33j-w5w4-w9q4 GHSA-c75v-42g3-xvcr GHSA-chc6-3mhw-pc4r GHSA-f39m-g6qq-h3xv GHSA-f5ph-j9m6-qjqc GHSA-fg8c-fxj5-qp3x GHSA-mj6j-32rm-jv58 GHSA-mvq2-cppv-f4gq GHSA-rpx4-w2f7-q5ww GHSA-v3w4-79rw-r73c GHSA-v9f7-mhwh-hfh9
2025-01-27 06:31:54 +00:00 · 2025-01-27 06:31:54 +00:00 · ef48511b8b
--- a/advisories/unreviewed/2025/01/GHSA-45gg-w2cf-qwhh/GHSA-45gg-w2cf-qwhh.json
+++ b/advisories/unreviewed/2025/01/GHSA-45gg-w2cf-qwhh/GHSA-45gg-w2cf-qwhh.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-45gg-w2cf-qwhh",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-12436"
+  ],
+  "details": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12436"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/3345a403-f62c-40c1-b7ae-bc947591e02a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:22Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-6876-c4r3-53ww/GHSA-6876-c4r3-53ww.json
+++ b/advisories/unreviewed/2025/01/GHSA-6876-c4r3-53ww/GHSA-6876-c4r3-53ww.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6876-c4r3-53ww",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13056"
+  ],
+  "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13056"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/a6acb608-a23e-461d-af48-a6669a45594a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-69jp-7vgw-2cgr/GHSA-69jp-7vgw-2cgr.json
+++ b/advisories/unreviewed/2025/01/GHSA-69jp-7vgw-2cgr/GHSA-69jp-7vgw-2cgr.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69jp-7vgw-2cgr",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-12774"
+  ],
+  "details": "The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12774"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/8decbef5-f106-488b-925c-42b3b280460a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:22Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-7jq5-8rmw-j9wh/GHSA-7jq5-8rmw-j9wh.json
+++ b/advisories/unreviewed/2025/01/GHSA-7jq5-8rmw-j9wh/GHSA-7jq5-8rmw-j9wh.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7jq5-8rmw-j9wh",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13095"
+  ],
+  "details": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13095"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/74e95fb5-025b-4d4d-a279-844b6ee3e57d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-9grv-p46v-p3fp/GHSA-9grv-p46v-p3fp.json
+++ b/advisories/unreviewed/2025/01/GHSA-9grv-p46v-p3fp/GHSA-9grv-p46v-p3fp.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9grv-p46v-p3fp",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13052"
+  ],
+  "details": "The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13052"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/671d5eef-c496-4047-9d01-8ab8a94cdc72"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:22Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-9hcf-78cf-xwqv/GHSA-9hcf-78cf-xwqv.json
+++ b/advisories/unreviewed/2025/01/GHSA-9hcf-78cf-xwqv/GHSA-9hcf-78cf-xwqv.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9hcf-78cf-xwqv",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13117"
+  ],
+  "details": "The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13117"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/3234cdac-f328-4f1e-a1de-31fbd86aefb9"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-c33j-w5w4-w9q4/GHSA-c33j-w5w4-w9q4.json
+++ b/advisories/unreviewed/2025/01/GHSA-c33j-w5w4-w9q4/GHSA-c33j-w5w4-w9q4.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c33j-w5w4-w9q4",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13055"
+  ],
+  "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13055"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/91178272-ed7e-412c-a187-e360a1313004"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-c75v-42g3-xvcr/GHSA-c75v-42g3-xvcr.json
+++ b/advisories/unreviewed/2025/01/GHSA-c75v-42g3-xvcr/GHSA-c75v-42g3-xvcr.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c75v-42g3-xvcr",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13094"
+  ],
+  "details": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13094"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-50dadcea7713"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-chc6-3mhw-pc4r/GHSA-chc6-3mhw-pc4r.json
+++ b/advisories/unreviewed/2025/01/GHSA-chc6-3mhw-pc4r/GHSA-chc6-3mhw-pc4r.json
@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-chc6-3mhw-pc4r",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-43446"
+  ],
+  "details": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43446"
+    },
+    {
+      "type": "WEB",
+      "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-02"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:24Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-f39m-g6qq-h3xv/GHSA-f39m-g6qq-h3xv.json
+++ b/advisories/unreviewed/2025/01/GHSA-f39m-g6qq-h3xv/GHSA-f39m-g6qq-h3xv.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f39m-g6qq-h3xv",
+  "modified": "2025-01-27T06:30:24Z",
+  "published": "2025-01-27T06:30:24Z",
+  "aliases": [
+    "CVE-2024-12280"
+  ],
+  "details": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12280"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/2b32c0b8-28bb-4220-800b-4c369bca91c5"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:21Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-f5ph-j9m6-qjqc/GHSA-f5ph-j9m6-qjqc.json
+++ b/advisories/unreviewed/2025/01/GHSA-f5ph-j9m6-qjqc/GHSA-f5ph-j9m6-qjqc.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f5ph-j9m6-qjqc",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13057"
+  ],
+  "details": "The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13057"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-fg8c-fxj5-qp3x/GHSA-fg8c-fxj5-qp3x.json
+++ b/advisories/unreviewed/2025/01/GHSA-fg8c-fxj5-qp3x/GHSA-fg8c-fxj5-qp3x.json
@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fg8c-fxj5-qp3x",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-43445"
+  ],
+  "details": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43445"
+    },
+    {
+      "type": "WEB",
+      "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-mj6j-32rm-jv58/GHSA-mj6j-32rm-jv58.json
+++ b/advisories/unreviewed/2025/01/GHSA-mj6j-32rm-jv58/GHSA-mj6j-32rm-jv58.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mj6j-32rm-jv58",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-12321"
+  ],
+  "details": "The WC Affiliate  WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12321"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:22Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-mvq2-cppv-f4gq/GHSA-mvq2-cppv-f4gq.json
+++ b/advisories/unreviewed/2025/01/GHSA-mvq2-cppv-f4gq/GHSA-mvq2-cppv-f4gq.json
@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mvq2-cppv-f4gq",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2025-24389"
+  ],
+  "details": "Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.\n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24389"
+    },
+    {
+      "type": "WEB",
+      "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:24Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-rpx4-w2f7-q5ww/GHSA-rpx4-w2f7-q5ww.json
+++ b/advisories/unreviewed/2025/01/GHSA-rpx4-w2f7-q5ww/GHSA-rpx4-w2f7-q5ww.json
@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rpx4-w2f7-q5ww",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2025-24390"
+  ],
+  "details": "A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.\n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24390"
+    },
+    {
+      "type": "WEB",
+      "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-04"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-614"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:24Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-v3w4-79rw-r73c/GHSA-v3w4-79rw-r73c.json
+++ b/advisories/unreviewed/2025/01/GHSA-v3w4-79rw-r73c/GHSA-v3w4-79rw-r73c.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v3w4-79rw-r73c",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-13116"
+  ],
+  "details": "The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13116"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/1755c8ad-7620-4b12-bba0-013e80c2691b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:23Z"
+  }
+}
--- a/advisories/unreviewed/2025/01/GHSA-v9f7-mhwh-hfh9/GHSA-v9f7-mhwh-hfh9.json
+++ b/advisories/unreviewed/2025/01/GHSA-v9f7-mhwh-hfh9/GHSA-v9f7-mhwh-hfh9.json
@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v9f7-mhwh-hfh9",
+  "modified": "2025-01-27T06:30:26Z",
+  "published": "2025-01-27T06:30:26Z",
+  "aliases": [
+    "CVE-2024-12773"
+  ],
+  "details": "The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12773"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/fab64105-599f-49a4-b01d-c873ff34b590"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-27T06:15:22Z"
+  }
+}