Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 13 May 2026 14:08:54 +0000 568d4939-e6ac-4aa1-ad20-e7bf85b9e91b https://db.gcve.eu/sighting/568d4939-e6ac-4aa1-ad20-e7bf85b9e91b/export {"uuid": "568d4939-e6ac-4aa1-ad20-e7bf85b9e91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31016", "type": "seen", "source": "https://t.me/cvedetector/21549", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31016 - JetWooBuilder PHP Remote File Inclusion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31016 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:09.000000Z"} {"uuid": "568d4939-e6ac-4aa1-ad20-e7bf85b9e91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31016", "type": "seen", "source": "https://t.me/cvedetector/21549", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31016 - JetWooBuilder PHP Remote File Inclusion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31016 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:09.000000Z"} https://db.gcve.eu/sighting/568d4939-e6ac-4aa1-ad20-e7bf85b9e91b/export Mon, 31 Mar 2025 09:09:09 +0000 a3ba7067-3907-4d75-8bd2-64e461b1d511 https://db.gcve.eu/sighting/a3ba7067-3907-4d75-8bd2-64e461b1d511/export {"uuid": "a3ba7067-3907-4d75-8bd2-64e461b1d511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11115", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31012\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.\n\ud83d\udccf Published: 2025-04-09T16:10:17.589Z\n\ud83d\udccf Modified: 2025-04-09T16:10:17.589Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/age-gate/vulnerability/wordpress-age-gate-3-5-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:47.000000Z"} {"uuid": "a3ba7067-3907-4d75-8bd2-64e461b1d511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11115", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31012\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.\n\ud83d\udccf Published: 2025-04-09T16:10:17.589Z\n\ud83d\udccf Modified: 2025-04-09T16:10:17.589Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/age-gate/vulnerability/wordpress-age-gate-3-5-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:47.000000Z"} https://db.gcve.eu/sighting/a3ba7067-3907-4d75-8bd2-64e461b1d511/export Wed, 09 Apr 2025 16:48:47 +0000 573769dd-73b9-43d0-b60a-25a675d08104 https://db.gcve.eu/sighting/573769dd-73b9-43d0-b60a-25a675d08104/export {"uuid": "573769dd-73b9-43d0-b60a-25a675d08104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11116", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31017\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5.\n\ud83d\udccf Published: 2025-04-09T16:10:16.940Z\n\ud83d\udccf Modified: 2025-04-09T16:10:16.940Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/noakes-menu-manager/vulnerability/wordpress-nav-menu-manager-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:48.000000Z"} {"uuid": "573769dd-73b9-43d0-b60a-25a675d08104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11116", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31017\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5.\n\ud83d\udccf Published: 2025-04-09T16:10:16.940Z\n\ud83d\udccf Modified: 2025-04-09T16:10:16.940Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/noakes-menu-manager/vulnerability/wordpress-nav-menu-manager-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:48.000000Z"} https://db.gcve.eu/sighting/573769dd-73b9-43d0-b60a-25a675d08104/export Wed, 09 Apr 2025 16:48:48 +0000 e2902e65-9edc-4656-b5a1-b0b38efa2f38 https://db.gcve.eu/sighting/e2902e65-9edc-4656-b5a1-b0b38efa2f38/export {"uuid": "e2902e65-9edc-4656-b5a1-b0b38efa2f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdyyxv2l", "content": "", "creation_timestamp": "2025-04-15T12:38:46.080553Z"} {"uuid": "e2902e65-9edc-4656-b5a1-b0b38efa2f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdyyxv2l", "content": "", "creation_timestamp": "2025-04-15T12:38:46.080553Z"} https://db.gcve.eu/sighting/e2902e65-9edc-4656-b5a1-b0b38efa2f38/export Tue, 15 Apr 2025 12:38:46 +0000 50d41ef4-bc8a-420d-b03b-93735551785b https://db.gcve.eu/sighting/50d41ef4-bc8a-420d-b03b-93735551785b/export {"uuid": "50d41ef4-bc8a-420d-b03b-93735551785b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31011\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.\n\ud83d\udccf Published: 2025-04-15T11:59:08.265Z\n\ud83d\udccf Modified: 2025-04-15T11:59:08.265Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simply-rets/vulnerability/wordpress-simplyrets-real-estate-idx-plugin-3-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:25.000000Z"} {"uuid": "50d41ef4-bc8a-420d-b03b-93735551785b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31011\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.\n\ud83d\udccf Published: 2025-04-15T11:59:08.265Z\n\ud83d\udccf Modified: 2025-04-15T11:59:08.265Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simply-rets/vulnerability/wordpress-simplyrets-real-estate-idx-plugin-3-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:25.000000Z"} https://db.gcve.eu/sighting/50d41ef4-bc8a-420d-b03b-93735551785b/export Tue, 15 Apr 2025 12:54:25 +0000 04f06c88-1481-4cba-b06d-bb5902244599 https://db.gcve.eu/sighting/04f06c88-1481-4cba-b06d-bb5902244599/export {"uuid": "04f06c88-1481-4cba-b06d-bb5902244599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://t.me/cvedetector/22934", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31011 - ReichertBrothers SimplyRETS Real Estate IDX Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31011 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:05.000000Z"} {"uuid": "04f06c88-1481-4cba-b06d-bb5902244599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://t.me/cvedetector/22934", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31011 - ReichertBrothers SimplyRETS Real Estate IDX Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31011 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:05.000000Z"} https://db.gcve.eu/sighting/04f06c88-1481-4cba-b06d-bb5902244599/export Tue, 15 Apr 2025 15:46:05 +0000 348474a6-d390-491e-abe0-8ee128d2b2b3 https://db.gcve.eu/sighting/348474a6-d390-491e-abe0-8ee128d2b2b3/export {"uuid": "348474a6-d390-491e-abe0-8ee128d2b2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3101\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.\n\ud83d\udccf Published: 2025-04-24T08:23:48.158Z\n\ud83d\udccf Modified: 2025-04-24T08:23:48.158Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve\n2. https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230", "creation_timestamp": "2025-04-24T09:12:24.000000Z"} {"uuid": "348474a6-d390-491e-abe0-8ee128d2b2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3101\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.\n\ud83d\udccf Published: 2025-04-24T08:23:48.158Z\n\ud83d\udccf Modified: 2025-04-24T08:23:48.158Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve\n2. https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230", "creation_timestamp": "2025-04-24T09:12:24.000000Z"} https://db.gcve.eu/sighting/348474a6-d390-491e-abe0-8ee128d2b2b3/export Thu, 24 Apr 2025 09:12:24 +0000 7e86060f-54a9-46f7-9115-bf8d49e5b38e https://db.gcve.eu/sighting/7e86060f-54a9-46f7-9115-bf8d49e5b38e/export {"uuid": "7e86060f-54a9-46f7-9115-bf8d49e5b38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7wwm22v", "content": "", "creation_timestamp": "2025-04-24T10:15:16.618493Z"} {"uuid": "7e86060f-54a9-46f7-9115-bf8d49e5b38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7wwm22v", "content": "", "creation_timestamp": "2025-04-24T10:15:16.618493Z"} https://db.gcve.eu/sighting/7e86060f-54a9-46f7-9115-bf8d49e5b38e/export Thu, 24 Apr 2025 10:15:16 +0000 605a119a-44c3-4b9d-905b-bf736524093c https://db.gcve.eu/sighting/605a119a-44c3-4b9d-905b-bf736524093c/export {"uuid": "605a119a-44c3-4b9d-905b-bf736524093c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114392779857628608", "content": "", "creation_timestamp": "2025-04-24T11:48:18.953704Z"} {"uuid": "605a119a-44c3-4b9d-905b-bf736524093c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114392779857628608", "content": "", "creation_timestamp": "2025-04-24T11:48:18.953704Z"} https://db.gcve.eu/sighting/605a119a-44c3-4b9d-905b-bf736524093c/export Thu, 24 Apr 2025 11:48:18 +0000 683c1c97-0f3a-4da7-a55a-4062e415ea8f https://db.gcve.eu/sighting/683c1c97-0f3a-4da7-a55a-4062e415ea8f/export {"uuid": "683c1c97-0f3a-4da7-a55a-4062e415ea8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/cvedetector/23667", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3101 - WordPress Configurator Theme Core Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3101 \nPublished : April 24, 2025, 9:15 a.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T13:03:55.000000Z"} {"uuid": "683c1c97-0f3a-4da7-a55a-4062e415ea8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/cvedetector/23667", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3101 - WordPress Configurator Theme Core Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3101 \nPublished : April 24, 2025, 9:15 a.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T13:03:55.000000Z"} https://db.gcve.eu/sighting/683c1c97-0f3a-4da7-a55a-4062e415ea8f/export Thu, 24 Apr 2025 13:03:55 +0000