{"vulnerability": "CVE-2025-3157", "sightings": [{"uuid": "02d8939f-7001-4a94-986f-d6a2fbb4a39d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31572", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9672", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31572\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar allows Cross Site Request Forgery. This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through 1.1.3.\n\ud83d\udccf Published: 2025-03-31T12:55:21.426Z\n\ud83d\udccf Modified: 2025-03-31T15:23:48.271Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/dragon-calendar-free-version/vulnerability/wordpress-multi-days-events-and-multi-events-in-one-day-calendar-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:05.000000Z"}, {"uuid": "8a60cd58-91ef-43fa-8c8d-0c387f9384bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3157", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3157\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected.\n\ud83d\udccf Published: 2025-04-03T13:31:04.529Z\n\ud83d\udccf Modified: 2025-04-03T15:41:39.365Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303101\n2. https://vuldb.com/?ctiid.303101\n3. https://vuldb.com/?submit.501902", "creation_timestamp": "2025-04-03T16:35:14.000000Z"}, {"uuid": "a80e8ce6-f65f-4ac9-92d2-838116fdf68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11241", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31579\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.\n\ud83d\udccf Published: 2025-04-01T20:58:14.026Z\n\ud83d\udccf Modified: 2025-04-10T14:40:22.258Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-autokeyword/vulnerability/wordpress-wp-autokeyword-plugin-1-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T14:50:22.000000Z"}, {"uuid": "2d8bee1a-861a-4416-85df-7160687cdd90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31578", "type": "seen", "source": "https://t.me/cvedetector/21818", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31578 - Wisdomlogix Solutions Pvt. Ltd. Fonts Manager Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31578 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:16.000000Z"}, {"uuid": "9e8f09ce-273e-4ec2-a0f5-0e235efa513e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31571", "type": "seen", "source": "https://t.me/cvedetector/21817", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31571 - Cynob IT Consultancy The Logo Slider Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31571 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:15.000000Z"}, {"uuid": "8dd9855e-7d1a-451d-9fb7-d53b127f90c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265379485331459", "content": "", "creation_timestamp": "2025-04-01T23:48:43.658507Z"}, {"uuid": "bd8f807e-95ec-44cf-acf8-d5ae770b77d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31578", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llrxufvinz2l", "content": "", "creation_timestamp": "2025-04-01T22:57:16.846628Z"}, {"uuid": "8eb6f53b-9da6-4ea4-bce7-08a1b434e508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31577", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9659", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31577\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server. This issue affects Appointify: from n/a through 1.0.8.\n\ud83d\udccf Published: 2025-03-31T12:55:23.719Z\n\ud83d\udccf Modified: 2025-03-31T14:09:27.239Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/appointify/vulnerability/wordpress-appointify-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:08.000000Z"}, {"uuid": "e0e625ab-0730-4d48-9359-78e3a4122516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31574", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9673", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31574\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Custom Content Scrollbar allows Stored XSS. This issue affects Custom Content Scrollbar: from n/a through 1.3.\n\ud83d\udccf Published: 2025-03-31T12:55:22.112Z\n\ud83d\udccf Modified: 2025-03-31T15:21:39.998Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/custom-content-scrollbar/vulnerability/wordpress-custom-content-scrollbar-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:06.000000Z"}, {"uuid": "25ad9d52-5dc3-4683-ae9d-de21603d076b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31570", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9671", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31570\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2.\n\ud83d\udccf Published: 2025-03-31T12:55:20.827Z\n\ud83d\udccf Modified: 2025-03-31T15:25:36.845Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/advanced-css3-related-posts-widget/vulnerability/wordpress-related-posts-widget-with-thumbnails-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:04.000000Z"}, {"uuid": "f79defe9-c4fa-488e-80c2-aea26f04dfe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31576", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9690", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31576\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.\n\ud83d\udccf Published: 2025-03-31T12:55:23.196Z\n\ud83d\udccf Modified: 2025-03-31T16:22:44.465Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/postmarkapp-email-integrator/vulnerability/wordpress-postmarkapp-email-integrator-plugin-2-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T16:33:11.000000Z"}, {"uuid": "65c2d5b4-dd76-4922-948b-890b85701156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "seen", "source": "https://t.me/cvedetector/21808", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31579 - EXEIdeas International WP AutoKeyword SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-31579 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:03.000000Z"}, {"uuid": "71494d7c-9357-4378-8e26-0799b511b64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31575", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9674", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31575\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons allows Stored XSS. This issue affects Flag Icons: from n/a through 2.2.\n\ud83d\udccf Published: 2025-03-31T12:55:22.643Z\n\ud83d\udccf Modified: 2025-03-31T15:21:17.507Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/language-icons-flags-switcher/vulnerability/wordpress-flag-icons-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:10.000000Z"}, {"uuid": "e1d8ab5c-b643-4c89-9881-21e02dab6117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3157", "type": "seen", "source": "https://t.me/cvedetector/21973", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3157 - Intelbras WRN 150 Wireless Menu Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3157 \nPublished : April 3, 2025, 2:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T17:44:24.000000Z"}, {"uuid": "1c8ba03e-8291-407b-aba0-7b440e14034b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llrxuf24wx2s", "content": "", "creation_timestamp": "2025-04-01T22:57:11.321082Z"}, {"uuid": "36494b98-885b-4b50-97f1-b0e0104bced3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llrtlkdgi52b", "content": "", "creation_timestamp": "2025-04-01T21:40:36.115019Z"}, {"uuid": "81f9fdd4-f1a4-45a9-8d84-90673ce35264", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31579", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265379485331459", "content": "", "creation_timestamp": "2025-04-01T23:48:43.662644Z"}, {"uuid": "737a4497-f34f-437d-94db-9ba5d6bf79f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31571", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llrxufgsgx2x", "content": "", "creation_timestamp": "2025-04-01T22:57:14.149435Z"}]}