{"uuid": "c90e0726-2dde-40ef-b19b-71f86d5f91ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14576", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udcc5 Date: 2025-03-14 03:28:39\n\ud83d\udea8 Title: Alleged disclosure of WordPress ThemeEgg ToolKit 1.2.9 Shell Upload Exploit\n\ud83d\udee1\ufe0f Victim Country: \n\ud83c\udfed Victim Industry: \n\ud83c\udfe2 Victim Organization: \n\ud83c\udf10 Victim Site: \n\ud83d\udcdc Category: Vulnerability\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Threat Actor: Nxploited\n\ud83c\udf0d Network: openweb\n\ud83d\udd17 Claim: https://0day.today/exploit/description/39947\n\ud83d\udcdd Description: The threat actor claims to have released an exploit targeting the WordPress ThemeEgg ToolKit version 1.2.9. This exploit allows attackers to upload malicious shell files, posing a critical security risk to PHP-based web applications. The vulnerability is tracked as CVE-2025-28915.\n\n\u26a0\ufe0f Stay ahead of cyber threats! Subscribe to the Paid Threat Feed at https://t.me/DarkWebInformer_Bot for real-time updates (Website excluded). Want to pay via crypto? Visit https://darkwebinformer.com/crypto-payments.", "creation_timestamp": "2025-03-14T04:28:41.000000Z"}