{"vulnerability": "CVE-2025-2891", "sightings": [{"uuid": "4770084e-daf2-45e8-920e-8651eb7c1971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114150716611163148", "content": "", "creation_timestamp": "2025-03-12T17:48:27.031921Z"}, {"uuid": "b58969b3-d014-45f2-b591-8b07267741b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lk6ghtuywk2r", "content": "", "creation_timestamp": "2025-03-12T11:00:08.002795Z"}, {"uuid": "7e61d077-8696-42f9-b00b-282621b8867a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114262074055767061", "content": "", "creation_timestamp": "2025-04-01T09:48:06.702418Z"}, {"uuid": "767386d6-d63f-4702-a865-fdb5538ecfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "07454c3d-1c4d-4896-ae1e-9e108d1a84cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28910", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28910\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0.\n\ud83d\udccf Published: 2025-03-11T21:00:57.554Z\n\ud83d\udccf Modified: 2025-03-12T17:20:28.647Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-hide-admin-bar/vulnerability/wordpress-wp-hide-admin-bar-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-12T17:41:37.000000Z"}, {"uuid": "c55f4663-d61f-42ab-8c5c-5cd9582a0eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "Telegram/9LVGSk6wVw0IWhEGPHpvxSTJTnKNt02SSt_xE5fqoYcZYJA", "content": "", "creation_timestamp": "2025-03-14T20:00:08.000000Z"}, {"uuid": "db5f2769-645a-4d09-8d7b-106421862cf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "Telegram/E6R0RTFhRVkzL0XvyGJLYGLmtOVWOOq1YD8cIv5SyhOq51o", "content": "", "creation_timestamp": "2025-03-12T20:00:07.000000Z"}, {"uuid": "23ce776c-9a4a-4882-8076-58ffa3c4406a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "Telegram/YXXAYpim7CTBciEsZ274r31Y5zZFEUA-ADCgFk7JYE3PFkE", "content": "", "creation_timestamp": "2025-03-12T10:00:05.000000Z"}, {"uuid": "24c14637-02ea-48bf-9159-7bf8e37edd6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28916", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llc4nsjeg32v", "content": "", "creation_timestamp": "2025-03-26T15:40:20.370958Z"}, {"uuid": "dd23fdda-fa1e-47f8-9030-7def5b3ce432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114262074055767061", "content": "", "creation_timestamp": "2025-04-01T09:48:06.704909Z"}, {"uuid": "5b52f5f2-82cd-4de8-b23d-2c408c8ed9ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28917", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8868", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28917\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2.\n\ud83d\udccf Published: 2025-03-26T14:24:24.733Z\n\ud83d\udccf Modified: 2025-03-26T15:10:48.837Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/custom-smilies-se/vulnerability/wordpress-custom-smilies-plugin-2-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-26T15:26:15.000000Z"}, {"uuid": "026176da-1a28-4d0f-a852-556568399d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://t.me/cvedetector/21738", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2891 - \"Real Estate 7 WordPress Theme Arbitrary File Upload Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2891 \nPublished : April 1, 2025, 8:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T11:57:25.000000Z"}, {"uuid": "2787913b-30e3-4e9a-b26e-611965e40021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk5552pcq62n", "content": "", "creation_timestamp": "2025-03-11T22:40:20.921215Z"}, {"uuid": "b2da3ae6-61b4-42c8-8263-bb7bdbe65505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28917", "type": "seen", "source": "https://t.me/cvedetector/21201", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28917 - Apache NotFound Custom Smilies Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28917 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:29.000000Z"}, {"uuid": "d57cc29f-c890-46d9-bf8c-0d40568b57bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28916", "type": "seen", "source": "https://t.me/cvedetector/21200", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28916 - Docpro PHP Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28916 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:28.000000Z"}, {"uuid": "eae6261a-9d11-437d-aeb7-6748e2834414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28911", "type": "seen", "source": "https://t.me/cvedetector/21199", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28911 - Gravity2Pdf Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-28911 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF allows Reflected XSS. This issue affects Gravity 2 PDF: from n/a through 3.1.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:27.000000Z"}, {"uuid": "717b17b9-b874-44ac-b2d3-16966a089971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2891\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.\n\ud83d\udccf Published: 2025-04-01T07:29:12.911Z\n\ud83d\udccf Modified: 2025-04-01T07:29:12.911Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve\n2. https://contempothemes.com/changelog/", "creation_timestamp": "2025-04-01T07:32:09.000000Z"}, {"uuid": "c90e0726-2dde-40ef-b19b-71f86d5f91ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14576", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udcc5 Date: 2025-03-14 03:28:39\n\ud83d\udea8 Title: Alleged disclosure of WordPress ThemeEgg ToolKit 1.2.9 Shell Upload Exploit\n\ud83d\udee1\ufe0f Victim Country: \n\ud83c\udfed Victim Industry: \n\ud83c\udfe2 Victim Organization: \n\ud83c\udf10 Victim Site: \n\ud83d\udcdc Category: Vulnerability\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Threat Actor: Nxploited\n\ud83c\udf0d Network: openweb\n\ud83d\udd17 Claim: https://0day.today/exploit/description/39947\n\ud83d\udcdd Description: The threat actor claims to have released an exploit targeting the WordPress ThemeEgg ToolKit version 1.2.9. This exploit allows attackers to upload malicious shell files, posing a critical security risk to PHP-based web applications. The vulnerability is tracked as CVE-2025-28915.\n\n\u26a0\ufe0f Stay ahead of cyber threats! Subscribe to the Paid Threat Feed at https://t.me/DarkWebInformer_Bot for real-time updates (Website excluded). Want to pay via crypto? Visit https://darkwebinformer.com/crypto-payments.", "creation_timestamp": "2025-03-14T04:28:41.000000Z"}, {"uuid": "0e6a6c21-7efb-4e15-a76d-7c4fdd053b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28915", "type": "published-proof-of-concept", "source": "Telegram/6dlU4QbhjC-C_L4Pj9RI3h9dT6ZG3i42hrGY9HoOz9OH_bU", "content": "", "creation_timestamp": "2025-03-13T20:00:06.000000Z"}]}