{"vulnerability": "CVE-2025-2252", "sightings": [{"uuid": "31ad8667-3974-462a-b1fc-0b398ea23e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22526", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9370", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22526\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.\n\ud83d\udccf Published: 2025-03-28T15:12:25.884Z\n\ud83d\udccf Modified: 2025-03-28T15:12:25.884Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mywebtonet-performancestats/vulnerability/wordpress-php-mysql-cpu-performance-statistics-plugin-1-2-1-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T15:28:40.000000Z"}, {"uuid": "599d2071-081e-4161-915e-17159ae8ca65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22522", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/476", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22522\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2.\n\ud83d\udccf Published: 2025-01-07T14:57:31.285Z\n\ud83d\udccf Modified: 2025-01-07T17:28:46.457Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/singsong/vulnerability/wordpress-singsong-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-07T17:37:37.000000Z"}, {"uuid": "1cfbf445-437e-45fa-a7ec-e9c38286d648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22524", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/475", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22524\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in instaform.ir \u0641\u0631\u0645 \u0633\u0627\u0632 \u0641\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 allows Stored XSS.This issue affects \u0641\u0631\u0645 \u0633\u0627\u0632 \u0641\u0631\u0645 \u0627\u0641\u0632\u0627\u0631: from n/a through 2.0.\n\ud83d\udccf Published: 2025-01-07T14:57:30.503Z\n\ud83d\udccf Modified: 2025-01-07T17:29:10.191Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/formafzar/vulnerability/wordpress-frm-s-z-frm-fz-r-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-07T17:37:23.000000Z"}, {"uuid": "e2d671d0-c769-4ad0-9979-2830aa7c794a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2252", "type": "seen", "source": "https://t.me/cvedetector/21053", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2252 - Easy Digital Downloads WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-2252 \nPublished : March 25, 2025, 7:15 a.m. | 32\u00a0minutes ago \nDescription : The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T09:27:27.000000Z"}, {"uuid": "54cdce3b-08eb-40c8-a037-2f8ec2c44cda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22527", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd3bwniyc2e", "content": "", "creation_timestamp": "2025-01-09T16:17:17.365709Z"}, {"uuid": "67333d5e-307e-41cd-a4c8-5614bbd53ab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22524", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62fcwqvt2k", "content": "", "creation_timestamp": "2025-01-07T16:17:58.279017Z"}, {"uuid": "2f7ea08c-355d-4ecb-bb68-f0c7a5899ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2252", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8620", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2252\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal.\n\ud83d\udccf Published: 2025-03-25T07:04:54.606Z\n\ud83d\udccf Modified: 2025-03-25T07:04:54.606Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve\n2. https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L466\n3. https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459\n4. https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1\n5. https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php", "creation_timestamp": "2025-03-25T07:23:56.000000Z"}, {"uuid": "e05a0a6a-ae80-4225-bb7f-bc29b155a365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22523", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9371", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22523\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-03-28T15:12:25.734Z\n\ud83d\udccf Modified: 2025-03-28T15:12:25.734Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/schedule/vulnerability/wordpress-schedule-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T15:28:44.000000Z"}, {"uuid": "9e5460fc-1e12-43a0-8ae1-0e76b1a9c275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22523", "type": "seen", "source": "https://t.me/cvedetector/21444", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22523 - Apache NotFound SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22523 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:25.000000Z"}, {"uuid": "aa7a9ba0-3f10-4820-b78e-6edcbfbdd371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22526", "type": "seen", "source": "https://t.me/cvedetector/21439", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22526 - Apache PHP MySQL Untrusted Data Object Injection\", \n  \"Content\": \"CVE ID : CVE-2025-22526 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:18.000000Z"}, {"uuid": "cbaddebe-fbd2-4501-8038-de45afc4b8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22520", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62f5s7n62f", "content": "", "creation_timestamp": "2025-01-07T16:17:53.307443Z"}, {"uuid": "bbd73a2a-1ab6-4a09-9349-f28bd719d8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22522", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62fabemc2c", "content": "", "creation_timestamp": "2025-01-07T16:17:55.525383Z"}, {"uuid": "029ebe1d-8ce1-48b8-9322-35e0770701d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/492", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22528\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a through 1.5.6.\n\ud83d\udccf Published: 2025-01-07T14:57:29.176Z\n\ud83d\udccf Modified: 2025-01-07T17:12:16.177Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/huurkalender-wp/vulnerability/wordpress-huurkalender-wp-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-07T17:41:13.000000Z"}, {"uuid": "e1f0a48b-ebcb-4917-bb64-adc9a6559706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22529", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/491", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22529\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5.\n\ud83d\udccf Published: 2025-01-07T14:57:28.572Z\n\ud83d\udccf Modified: 2025-01-07T17:12:41.532Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/we-blocks/vulnerability/wordpress-we-blocks-1-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-07T17:40:58.000000Z"}, {"uuid": "b583b89f-deae-4d73-ae1e-c6f68e917ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22521", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd3bubzwz2k", "content": "", "creation_timestamp": "2025-01-09T16:17:14.937158Z"}, {"uuid": "6c4335c0-3881-48cb-9b5d-bbe32a459aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22525", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62ffnont25", "content": "", "creation_timestamp": "2025-01-07T16:18:01.203915Z"}, {"uuid": "9ecd12cd-cf92-445b-9872-6eb21343e768", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22529", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62fkpuzb2m", "content": "", "creation_timestamp": "2025-01-07T16:18:06.462167Z"}, {"uuid": "abbdb116-4118-410a-98e1-7e37da93d3c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22528", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62fifhzu2o", "content": "", "creation_timestamp": "2025-01-07T16:18:04.033041Z"}, {"uuid": "23754267-e7a2-4d01-a970-4ad7d829dd20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22523", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llhawrd3ab2v", "content": "", "creation_timestamp": "2025-03-28T16:40:13.799176Z"}, {"uuid": "0393bdd3-2956-47fb-a985-27bd9b1ab2fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22526", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llhawsdtmc2v", "content": "", "creation_timestamp": "2025-03-28T16:40:14.958326Z"}, {"uuid": "4fb53303-d4e2-4d22-b465-d6428929e5c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22526", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3llhdbogfh32c", "content": "", "creation_timestamp": "2025-03-28T17:22:07.584482Z"}]}