{"vulnerability": "CVE-2025-3104", "sightings": [{"uuid": "c8c73674-222b-4c3b-871a-b71d2e19d9ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3104", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwfusila52c", "content": "", "creation_timestamp": "2025-04-16T10:43:50.995121Z"}, {"uuid": "220e6ac9-f4ad-4e6b-8ef2-a5e00086fea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31044", "type": "seen", "source": "Telegram/e-X4ScE1vEPdKuuUEgfhVv-BIPUzPUJYlt0nH6_CCEcxyPQ", "content": "", "creation_timestamp": "2026-01-05T12:04:18.000000Z"}, {"uuid": "77d744ea-0dbf-47e5-b567-b7feab48c1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31047", "type": "seen", "source": "Telegram/e-X4ScE1vEPdKuuUEgfhVv-BIPUzPUJYlt0nH6_CCEcxyPQ", "content": "", "creation_timestamp": "2026-01-05T12:04:18.000000Z"}, {"uuid": "04c2c230-2ae7-4afb-a896-36a7eeea4f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31048", "type": "seen", "source": "Telegram/e-X4ScE1vEPdKuuUEgfhVv-BIPUzPUJYlt0nH6_CCEcxyPQ", "content": "", "creation_timestamp": "2026-01-05T12:04:18.000000Z"}, {"uuid": "81353924-0d2e-48aa-ac85-e99004c47ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31043", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9602", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31043\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7.\n\ud83d\udccf Published: 2025-03-31T06:06:30.508Z\n\ud83d\udccf Modified: 2025-03-31T06:06:30.508Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-search/vulnerability/wordpress-jetsearch-plugin-3-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:09.000000Z"}, {"uuid": "3313e7d5-47c1-4304-906a-435b03772e92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31040", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11436", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31040\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1.\n\ud83d\udccf Published: 2025-04-11T08:42:49.906Z\n\ud83d\udccf Modified: 2025-04-11T14:32:45.707Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-food/vulnerability/wordpress-wp-food-ordering-and-restaurant-menu-1-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T14:51:09.000000Z"}, {"uuid": "5fea6817-e2b8-4616-a5d3-930e9594314c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11438", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31041\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4.\n\ud83d\udccf Published: 2025-04-11T08:42:50.083Z\n\ud83d\udccf Modified: 2025-04-11T14:32:03.939Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/anytrack-affiliate-link-manager/vulnerability/wordpress-anytrack-affiliate-link-manager-1-0-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T14:51:14.000000Z"}, {"uuid": "6bcc0da8-3b26-47b0-a2d6-7e161310368d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3104", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12000", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3104\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest() function. This makes it possible for unauthenticated attackers to reveal outdated installed active or inactive plugins.\n\ud83d\udccf Published: 2025-04-16T08:22:17.436Z\n\ud83d\udccf Modified: 2025-04-16T08:22:17.436Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/572e290e-9324-4c17-8c3b-fa67233b15c4?source=cve\n2. https://wp-staging.com/wp-staging-pro-changelog/", "creation_timestamp": "2025-04-16T08:55:59.000000Z"}, {"uuid": "3abc5a53-56dc-49b4-afc3-7750aafbbc94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31043", "type": "seen", "source": "https://t.me/cvedetector/21550", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31043 - JetSearch Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31043 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:09.000000Z"}, {"uuid": "939f5cae-a75c-4e4b-b62a-72769776eee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3104", "type": "seen", "source": "https://t.me/cvedetector/23083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3104 - WordPress WP STAGING Pro Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3104 \nPublished : April 16, 2025, 9:15 a.m. | 2\u00a0hours, 15\u00a0minutes ago \nDescription : The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest() function. This makes it possible for unauthenticated attackers to reveal outdated installed active or inactive plugins. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T13:31:37.000000Z"}]}