{"vulnerability": "CVE-2025-3101", "sightings": [{"uuid": "e2902e65-9edc-4656-b5a1-b0b38efa2f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdyyxv2l", "content": "", "creation_timestamp": "2025-04-15T12:38:46.080553Z"}, {"uuid": "7e86060f-54a9-46f7-9115-bf8d49e5b38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7wwm22v", "content": "", "creation_timestamp": "2025-04-24T10:15:16.618493Z"}, {"uuid": "605a119a-44c3-4b9d-905b-bf736524093c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114392779857628608", "content": "", "creation_timestamp": "2025-04-24T11:48:18.953704Z"}, {"uuid": "573769dd-73b9-43d0-b60a-25a675d08104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11116", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31017\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager allows Stored XSS. This issue affects Nav Menu Manager: from n/a through 3.2.5.\n\ud83d\udccf Published: 2025-04-09T16:10:16.940Z\n\ud83d\udccf Modified: 2025-04-09T16:10:16.940Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/noakes-menu-manager/vulnerability/wordpress-nav-menu-manager-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:48.000000Z"}, {"uuid": "a3ba7067-3907-4d75-8bd2-64e461b1d511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11115", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31012\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.\n\ud83d\udccf Published: 2025-04-09T16:10:17.589Z\n\ud83d\udccf Modified: 2025-04-09T16:10:17.589Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/age-gate/vulnerability/wordpress-age-gate-3-5-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:47.000000Z"}, {"uuid": "50d41ef4-bc8a-420d-b03b-93735551785b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31011\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.\n\ud83d\udccf Published: 2025-04-15T11:59:08.265Z\n\ud83d\udccf Modified: 2025-04-15T11:59:08.265Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simply-rets/vulnerability/wordpress-simplyrets-real-estate-idx-plugin-3-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:25.000000Z"}, {"uuid": "348474a6-d390-491e-abe0-8ee128d2b2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3101\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.\n\ud83d\udccf Published: 2025-04-24T08:23:48.158Z\n\ud83d\udccf Modified: 2025-04-24T08:23:48.158Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve\n2. https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230", "creation_timestamp": "2025-04-24T09:12:24.000000Z"}, {"uuid": "70b64861-c780-4c67-815b-c67590301058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31016", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31016\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18.\n\ud83d\udccf Published: 2025-03-31T06:07:10.988Z\n\ud83d\udccf Modified: 2025-03-31T06:07:10.988Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-woo-builder/vulnerability/wordpress-jetwoobuilder-plugin-2-1-18-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:02.000000Z"}, {"uuid": "683c1c97-0f3a-4da7-a55a-4062e415ea8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3101", "type": "seen", "source": "https://t.me/cvedetector/23667", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3101 - WordPress Configurator Theme Core Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3101 \nPublished : April 24, 2025, 9:15 a.m. | 1\u00a0hour, 16\u00a0minutes ago \nDescription : The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T13:03:55.000000Z"}, {"uuid": "04f06c88-1481-4cba-b06d-bb5902244599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31011", "type": "seen", "source": "https://t.me/cvedetector/22934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31011 - ReichertBrothers SimplyRETS Real Estate IDX Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31011 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:05.000000Z"}, {"uuid": "568d4939-e6ac-4aa1-ad20-e7bf85b9e91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31016", "type": "seen", "source": "https://t.me/cvedetector/21549", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31016 - JetWooBuilder PHP Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31016 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:09.000000Z"}, {"uuid": "64da1bfd-1dec-4ee7-a28e-b330273ba8fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31010", "type": "seen", "source": "https://t.me/cvedetector/21436", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31010 - ReichertBrothers SimplyRETS Real Estate IDX CSRF\", \n  \"Content\": \"CVE ID : CVE-2025-31010 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:12.000000Z"}, {"uuid": "3a1141dc-feed-4771-a0dc-fc5ee3c4e966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31010", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9366", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31010\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.\n\ud83d\udccf Published: 2025-03-28T15:12:26.626Z\n\ud83d\udccf Modified: 2025-03-28T15:12:26.626Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simply-rets/vulnerability/wordpress-simplyrets-real-estate-idx-plugin-3-0-3-csrf-to-multiple-admin-actions-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T15:28:37.000000Z"}]}