{"vulnerability": "CVE-2025-2801", "sightings": [{"uuid": "b53785ec-1ee4-4f89-ab1e-584b2ef1002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2801", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnotxcc6gz42", "content": "", "creation_timestamp": "2025-04-26T04:39:17.585500Z"}, {"uuid": "6382b55d-39c9-471a-bc16-d449110e1c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2801", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnp7hezyxg2d", "content": "", "creation_timestamp": "2025-04-26T07:25:25.060271Z"}, {"uuid": "25e65f68-6fd6-45bd-8a38-30b2f656adeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28019", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28019\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component\n\ud83d\udccf Published: 2025-04-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T15:53:18.099Z\n\ud83d\udd17 References:\n1. https://locrian-lightning-dc7.notion.site/BufferOverflow1-1948e5e2b1a280ad96efca529ecae658\n2. https://locrian-lightning-dc7.notion.site/CVE-2025-28019-BufferOverflow1-1948e5e2b1a280ad96efca529ecae658", "creation_timestamp": "2025-04-24T16:06:55.000000Z"}, {"uuid": "389edec1-ca6e-4728-a27b-2a381711bf81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28011", "type": "seen", "source": "https://t.me/cvedetector/20239", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28011 - PHPGurukul User Registration & Login and User Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28011 \nPublished : March 13, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T19:48:15.000000Z"}, {"uuid": "681aad07-ba43-442e-8764-cec2ec78fd25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28011", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28011\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.\n\ud83d\udccf Published: 2025-03-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-13T16:18:54.296Z\n\ud83d\udd17 References:\n1. https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/Change-password-sql-injection.pdf", "creation_timestamp": "2025-03-13T16:45:41.000000Z"}, {"uuid": "c6566500-117f-4810-9d1b-e7e8747dbbe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28017", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13267", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28017\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.\n\ud83d\udccf Published: 2025-04-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T15:54:33.085Z\n\ud83d\udd17 References:\n1. https://locrian-lightning-dc7.notion.site/TOTOLINK-A800R-RCE-1938e5e2b1a280d696bbd25699fb5e97\n2. https://locrian-lightning-dc7.notion.site/CVE-2025-28017-TOTOLINK-A800R-RCE-1938e5e2b1a280d696bbd25699fb5e97", "creation_timestamp": "2025-04-24T16:06:49.000000Z"}, {"uuid": "c173d567-c20c-4280-983b-0424284faf66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2801", "type": "seen", "source": "https://t.me/cvedetector/23792", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2801 - WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2801 \nPublished : April 26, 2025, 4:15 a.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-26T07:43:24.000000Z"}, {"uuid": "b59647b7-3fee-4857-949e-7c1e1e3d9514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2801", "type": "seen", "source": "Telegram/58oUu--thuTl0z9YXe4tcdvklZdyfP1JbAcIPSjB2zT1L5k", "content": "", "creation_timestamp": "2025-04-26T06:00:31.000000Z"}, {"uuid": "74630202-8141-4858-a09f-8dbac7c1f86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28018", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13268", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28018\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.\n\ud83d\udccf Published: 2025-04-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T15:53:59.636Z\n\ud83d\udd17 References:\n1. https://locrian-lightning-dc7.notion.site/BufferOverflow2-1948e5e2b1a28070a8d1d1ba725febff", "creation_timestamp": "2025-04-24T16:06:50.000000Z"}, {"uuid": "07a5779a-c144-4cb6-a64d-a267da7a1b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2801", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13564", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2801\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-04-26T03:24:24.464Z\n\ud83d\udccf Modified: 2025-04-26T03:24:24.464Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e45afda4-447a-4d95-90cb-9731b398a009?source=cve\n2. https://plugins.trac.wordpress.org/browser/abcsubmit/tags/1.2.4/abcsubmit.php#L86\n3. https://plugins.trac.wordpress.org/browser/abcsubmit/tags/1.2.4/abcsubmit.php#L88\n4. https://wordpress.org/plugins/abcsubmit/#developers", "creation_timestamp": "2025-04-26T04:07:46.000000Z"}, {"uuid": "2d8ba159-25df-4c61-a13f-309e411ea418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28010", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28010\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.\n\ud83d\udccf Published: 2025-03-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:53:43.217Z\n\ud83d\udd17 References:\n1. https://github.com/rtnthakur/CVE/blob/main/MODX/README.md", "creation_timestamp": "2025-03-19T15:17:45.000000Z"}]}