{"vulnerability": "CVE-2025-2697", "sightings": [{"uuid": "4b4a4ccb-1bf1-44a7-bdb9-237d521c7c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26977", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26977\n\ud83d\udd25 CVSS Score: 3.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1.\n\ud83d\udccf Published: 2025-02-25T14:17:58.501Z\n\ud83d\udccf Modified: 2025-02-25T14:17:58.501Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-plugin-6-4-2-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:24:05.000000Z"}, {"uuid": "79eb0106-2ee4-434b-9bfe-ff8aa1bd91f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26975", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26975\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3.\n\ud83d\udccf Published: 2025-02-25T14:17:58.344Z\n\ud83d\udccf Modified: 2025-02-25T14:17:58.344Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/strong-testimonials/vulnerability/wordpress-strong-testimonials-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:24:06.000000Z"}, {"uuid": "4592d4a5-a58d-463b-91af-809e14e2c84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26973", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26973\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.\n\ud83d\udccf Published: 2025-02-22T15:52:11.883Z\n\ud83d\udccf Modified: 2025-02-22T15:52:11.883Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/social-warfare/vulnerability/wordpress-social-warfare-plugin-4-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-22T16:25:10.000000Z"}, {"uuid": "f8642526-bdef-428a-9fd1-729eeb311041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11586", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26970\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a before 1.71.0.\n\ud83d\udccf Published: 2025-03-03T13:30:41.713Z\n\ud83d\udccf Modified: 2025-04-14T08:34:07.085Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ark-core/vulnerability/wordpress-ark-theme-core-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-14T08:55:47.000000Z"}, {"uuid": "cfb92a92-407d-4646-b126-6855f251a2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114099285788695979", "content": "", "creation_timestamp": "2025-03-03T15:48:54.626961Z"}, {"uuid": "9612199f-e6cc-4c8f-a2d0-45ab255ee9af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljkg3rpxir2o", "content": "", "creation_timestamp": "2025-03-04T12:00:08.398765Z"}, {"uuid": "259ea4eb-a087-4e72-b02f-a6a2bd65386d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26976", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114169121045008475", "content": "", "creation_timestamp": "2025-03-15T23:48:56.853486Z"}, {"uuid": "1026d2bb-a816-4c35-99ad-e7a02c972b8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26978", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114169121088832455", "content": "", "creation_timestamp": "2025-03-15T23:48:57.154132Z"}, {"uuid": "2464bbaf-75e5-4e77-9c6e-85876734d794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26977", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "17dffef4-61b0-46aa-a8c6-7b33b28034b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26975", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "a1fb8bb2-a34e-4bbf-96ff-7ef7e45aab82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "seen", "source": "https://t.me/cvedetector/18880", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26974 - WPExperts.io WP Multi Store Locator SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26974 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:56.000000Z"}, {"uuid": "fe3123df-97b8-4bbc-9a1e-1f243d6813de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26971", "type": "seen", "source": "https://t.me/cvedetector/18879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26971 - Ays-Pro Poll Maker SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26971 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:55.000000Z"}, {"uuid": "dcd0e39c-74f8-4d41-a4e7-806b6794101e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26979", "type": "seen", "source": "https://t.me/cvedetector/18876", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26979 - FunnelKit Funnel Builder PHP Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26979 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.9.0. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:49.000000Z"}, {"uuid": "b11bee70-5317-4fce-ba53-b45ee883e99f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26977", "type": "seen", "source": "https://t.me/cvedetector/18875", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26977 - Ninja Team Filebird Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26977 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1. \nSeverity: 3.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:48.000000Z"}, {"uuid": "85c2a080-8032-4a1a-961d-b6e13de68089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26975", "type": "seen", "source": "https://t.me/cvedetector/18874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26975 - WP Chill Strong Testimonials Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26975 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:47.000000Z"}, {"uuid": "3ebbc318-eaf5-4141-be64-62729b7996ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "seen", "source": "Telegram/5hc_GDBIhvPMdlkY5wvlRmFRduPyEoAyugjukrE5SSxvAy4", "content": "", "creation_timestamp": "2026-04-01T21:28:56.000000Z"}, {"uuid": "7867a82c-a682-4703-9557-e70a93fb82e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6215", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26970\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0.\n\ud83d\udccf Published: 2025-03-03T13:30:41.713Z\n\ud83d\udccf Modified: 2025-03-03T13:30:41.713Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ark-core/vulnerability/wordpress-ark-theme-core-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T14:30:10.000000Z"}, {"uuid": "8b8c9740-a742-48d1-859e-1d0bc10de2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26978", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7806", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26978\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.\n\ud83d\udccf Published: 2025-03-15T21:57:03.878Z\n\ud83d\udccf Modified: 2025-03-17T16:09:50.042Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fs-poster/vulnerability/wordpress-fs-poster-plugin-6-5-8-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-17T16:47:48.000000Z"}, {"uuid": "9c3fa4ac-a81d-4107-8c9b-4d2d83548dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26978", "type": "seen", "source": "https://t.me/cvedetector/20378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26978 - NotFound FS Poster SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26978 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:33.000000Z"}, {"uuid": "14cd0755-211c-4b06-bf52-5cf7f0745c36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114065784057293078", "content": "", "creation_timestamp": "2025-02-25T17:48:58.870552Z"}, {"uuid": "7a1b7b1b-c51d-4395-9fdb-ea9d90e917ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljj5uf75pr23", "content": "", "creation_timestamp": "2025-03-04T00:00:10.856038Z"}, {"uuid": "07aedc50-257c-4ff2-aecd-b3351c760f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj234cbyfa2f", "content": "", "creation_timestamp": "2025-02-26T00:01:02.173383Z"}, {"uuid": "d7b8b360-3a5d-46c0-8fd3-c4a4d74610a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26970", "type": "seen", "source": "https://t.me/cvedetector/19370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26970 - Apache Ark Theme Core Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26970 \nPublished : March 3, 2025, 2:15 p.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T18:03:50.000000Z"}, {"uuid": "0efe79f7-75f6-4a2d-b1d0-b744d991bdd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26973", "type": "seen", "source": "https://t.me/cvedetector/18722", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26973 - WarfarePlugins Social Warfare Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-26973 \nPublished : Feb. 22, 2025, 4:15 p.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T19:10:08.000000Z"}, {"uuid": "dd2fea93-ec5b-42fa-8239-435df30c5497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26979", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26979\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.9.0.\n\ud83d\udccf Published: 2025-02-25T14:17:58.657Z\n\ud83d\udccf Modified: 2025-02-25T14:17:58.657Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-9-0-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:24:04.000000Z"}, {"uuid": "6a2d6b7b-eecf-45b4-b59c-e90a4d8579be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26971", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5281", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26971\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.\n\ud83d\udccf Published: 2025-02-25T14:17:57.986Z\n\ud83d\udccf Modified: 2025-02-25T14:17:57.986Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-6-5-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:24:11.000000Z"}, {"uuid": "cc470c7d-6f2d-4689-9524-9fb6695ef619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5280", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26974\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1.\n\ud83d\udccf Published: 2025-02-25T14:17:58.153Z\n\ud83d\udccf Modified: 2025-02-25T14:17:58.153Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-5-1-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:24:07.000000Z"}, {"uuid": "04c5bd57-d3b7-4a47-9889-4f5ab1e28d20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26976", "type": "seen", "source": "https://t.me/cvedetector/20377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26976 - Aldo Latino PrivateContent SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26976 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:30.000000Z"}, {"uuid": "0964d331-be08-4a09-a20f-79bafcf19f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26972", "type": "seen", "source": "https://t.me/cvedetector/20376", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26972 - PrivateContent Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26972 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:29.000000Z"}, {"uuid": "16ee1134-c093-4a5a-8aed-39e394d70e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj3dciwi4u2g", "content": "", "creation_timestamp": "2025-02-26T12:00:17.337378Z"}, {"uuid": "18ab7f86-deb7-44f3-938d-455942208c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26974", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lizfyjr4mq25", "content": "", "creation_timestamp": "2025-02-25T17:43:03.069557Z"}, {"uuid": "6d779aa0-ebe0-4601-bd35-2436a93a495d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26971", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}]}