From 68ae9cf7482da815d9c9f0a51d2f55f97f2ae5bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivijan-Stefan=20Stipi=C4=87?= Date: Fri, 8 May 2026 16:54:38 +0200 Subject: [PATCH 1/2] Add patched version and fix references for GHSA-4828-4rjm-75q4 --- .../GHSA-4828-4rjm-75q4.json | 40 +++++++++++++++++-- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json b/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json index de446aac2dd8b..d89f899550ba4 100644 --- a/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json +++ b/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json @@ -1,19 +1,39 @@ { "schema_version": "1.4.0", "id": "GHSA-4828-4rjm-75q4", - "modified": "2026-01-20T15:32:00Z", + "modified": "2026-05-08T00:00:00Z", "published": "2025-12-09T18:30:38Z", "aliases": [ "CVE-2025-62109" ], - "details": "Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through <= 8.9.4.", + "details": "Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data. This issue affects Geo Controller versions through 8.9.4 and has been fixed in version 8.9.6.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "WordPress", + "name": "cf-geoplugin" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.9.6" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -26,6 +46,18 @@ { "type": "WEB", "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/cf-geoplugin/vulnerability/wordpress-geo-controller-plugin-8-9-4-sensitive-data-exposure-vulnerability?_s_id=cve" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/cf-geoplugin/" + }, + { + "type": "WEB", + "url": "https://github.com/InfinitumForm/cf-geoplugin/commit/ced9b450f0b8bca9f6ea8b907e88013fed3282d9" + }, + { + "type": "WEB", + "url": "https://github.com/InfinitumForm/cf-geoplugin/blob/ced9b450f0b8bca9f6ea8b907e88013fed3282d9/CHANGELOG.txt" } ], "database_specific": { @@ -37,4 +69,4 @@ "github_reviewed_at": null, "nvd_published_at": "2025-12-09T16:18:01Z" } -} \ No newline at end of file +} From 9f351733a8bd0d399d652cb27da69fc9db4edceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivijan-Stefan=20Stipi=C4=87?= Date: Fri, 8 May 2026 16:58:28 +0200 Subject: [PATCH 2/2] Fix OSV ecosystem mapping for WordPress advisory --- .../2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json b/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json index d89f899550ba4..ca19027ad55a7 100644 --- a/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json +++ b/advisories/unreviewed/2025/12/GHSA-4828-4rjm-75q4/GHSA-4828-4rjm-75q4.json @@ -16,7 +16,7 @@ "affected": [ { "package": { - "ecosystem": "WordPress", + "ecosystem": "Packagist", "name": "cf-geoplugin" }, "ranges": [