{"vulnerability": "CVE-2025-3138", "sightings": [{"uuid": "442c8332-dca2-44a0-88de-1d919ed43d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31386", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9628", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31386\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11.\n\ud83d\udccf Published: 2025-03-31T09:32:20.296Z\n\ud83d\udccf Modified: 2025-03-31T09:32:20.296Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simplepress/vulnerability/wordpress-simple-press-plugin-6-10-11-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T10:30:35.000000Z"}, {"uuid": "01bf6e3f-4ed9-49da-896f-67ced2943c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31381", "type": "seen", "source": "https://t.me/cvedetector/22138", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31381 - Shiptrack Booking Calendar and Notification Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31381 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:25.000000Z"}, {"uuid": "8d202188-ddfd-4011-8084-eb4ef4d561eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3138", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10201", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3138\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T04:00:18.633Z\n\ud83d\udccf Modified: 2025-04-03T13:21:02.312Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303043\n2. https://vuldb.com/?ctiid.303043\n3. https://vuldb.com/?submit.525265\n4. https://github.com/ARPANET-cybersecurity/vuldb/issues/3\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-03T13:34:43.000000Z"}, {"uuid": "5c2f75ca-9061-43fb-a08c-fa03ae4d8432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31384", "type": "seen", "source": "https://t.me/cvedetector/22141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31384 - Aviplugins Videos Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31384 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:28.000000Z"}, {"uuid": "2cfbb06b-adbc-4769-bc5e-69f1973662f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31389", "type": "seen", "source": "https://t.me/cvedetector/22139", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31389 - Sequel.Io Sequel Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31389 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:26.000000Z"}, {"uuid": "daf91ccc-99ed-4efa-9ad0-8a435120570b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9596", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31387\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.\n\ud83d\udccf Published: 2025-03-31T06:07:11.377Z\n\ud83d\udccf Modified: 2025-03-31T06:07:11.377Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-82-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:01.000000Z"}, {"uuid": "bbca97d6-14f2-4bbd-b6d9-7edd4ea04047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31385", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31385\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in  Site Table of Contents allows Stored XSS. This issue affects Site Table of Contents: from n/a through 0.3.\n\ud83d\udccf Published: 2025-04-09T16:13:33.162Z\n\ud83d\udccf Modified: 2025-04-09T16:13:33.162Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/site-table-of-contents/vulnerability/wordpress-site-table-of-contents-plugin-0-3-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:35.000000Z"}, {"uuid": "b1728fae-cab3-452b-8482-60bbb52f10cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31383", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11107", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31383\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in  FrescoChat Live Chat allows Stored XSS. This issue affects FrescoChat Live Chat: from n/a through 3.2.6.\n\ud83d\udccf Published: 2025-04-09T16:13:33.869Z\n\ud83d\udccf Modified: 2025-04-09T16:13:33.869Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/flexytalk-widget/vulnerability/wordpress-frescochat-live-chat-plugin-3-2-6-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:34.000000Z"}, {"uuid": "18509a5d-bb9d-41a8-9622-552ba3c9a598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31387", "type": "seen", "source": "https://t.me/cvedetector/21551", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31387 - InstaWP InstaWP Connect PHP Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31387 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:10.000000Z"}, {"uuid": "5273fc0f-0758-4ada-a7d2-1be9ee15f957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3138", "type": "seen", "source": "https://t.me/cvedetector/21937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3138 - PHPGurukul Online Security Guards Hiring System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3138 \nPublished : April 3, 2025, 4:15 a.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T06:52:17.000000Z"}, {"uuid": "b2885f60-781d-4366-bdb6-4d0ec11e5b36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31386", "type": "seen", "source": "https://t.me/cvedetector/21571", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31386 - Simple:Press Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31386 \nPublished : March 31, 2025, 10:15 a.m. | 32\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T13:20:16.000000Z"}, {"uuid": "ef65a87f-7154-4fb5-a332-d81a5f67d10e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3138", "type": "published-proof-of-concept", "source": "Telegram/EmS9bgYgLpx5pRbXrtQctY-Iz8lbm4p2ZetMSDDYp7zCam8", "content": "", "creation_timestamp": "2025-04-03T07:31:02.000000Z"}]}