{"vulnerability": "CVE-2025-3228", "sightings": [{"uuid": "89cdbb61-5c08-407a-976b-b7e95e5f85a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32280", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyvpxxhlo2i", "content": "", "creation_timestamp": "2025-04-04T17:07:31.311842Z"}, {"uuid": "f06c0652-d23b-46aa-925f-86ea61b6bae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32282", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfslytf624", "content": "", "creation_timestamp": "2025-04-10T11:32:35.244954Z"}, {"uuid": "4fa3e09a-0a18-43f8-994d-819f0005ead2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32287", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodobdes2p", "content": "", "creation_timestamp": "2025-05-16T18:37:39.670921Z"}, {"uuid": "b8864dfa-90ec-4d76-890c-04dc24bd193a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32280", "type": "seen", "source": "Telegram/DpyuY30DJ1pr5lpZ1TsoyLIWT-1QQs66jLQv08yWDwU2R9I", "content": "", "creation_timestamp": "2026-04-01T21:29:56.000000Z"}, {"uuid": "4edc210b-7497-4a29-9c7c-dd58fef52a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32282", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32282\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.\n\ud83d\udccf Published: 2025-04-10T08:09:48.186Z\n\ud83d\udccf Modified: 2025-04-10T08:09:48.186Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/googleanalytics/vulnerability/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:41.000000Z"}, {"uuid": "4b3e4a4a-32fe-4bb9-9e35-6cdbe34d44ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32281", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32281\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.\n\ud83d\udccf Published: 2025-06-27T11:52:36.905Z\n\ud83d\udccf Modified: 2025-06-27T13:42:35.259Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpkit-elementor/vulnerability/wordpress-wpkit-for-elementor-plugin-1-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-27T13:50:44.000000Z"}, {"uuid": "cfb27b5c-0f32-46db-905e-01a82b3b3ac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32285", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17385", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32285\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher allows Reflected XSS. This issue affects Butcher: from n/a through 2.40.\n\ud83d\udccf Published: 2025-05-23T12:43:59.597Z\n\ud83d\udccf Modified: 2025-05-23T13:23:27.473Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/butcher/vulnerability/wordpress-butcher-theme-2-40-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:00:07.000000Z"}, {"uuid": "98a2a3e2-4d7c-43ba-82b6-923728d0a6d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3228", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3228\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.\n\ud83d\udccf Published: 2025-06-20T14:31:49.162Z\n\ud83d\udccf Modified: 2025-06-20T14:31:49.162Z\n\ud83d\udd17 References:\n1. https://mattermost.com/security-updates", "creation_timestamp": "2025-06-20T14:43:34.000000Z"}, {"uuid": "d34b42df-465f-4476-b15e-0ec9de43157a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32282", "type": "seen", "source": "https://t.me/cvedetector/22624", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32282 - ShareThis Dashboard for Google Analytics CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32282 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:31.000000Z"}, {"uuid": "dc859ce8-fdcb-488e-8db7-ea28aab68c06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32280", "type": "seen", "source": "https://t.me/cvedetector/22156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32280 - WeDevs WP Project Manager CSRF\", \n  \"Content\": \"CVE ID : CVE-2025-32280 \nPublished : April 4, 2025, 4:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T20:32:14.000000Z"}, {"uuid": "bbd37f26-757f-4e76-a66a-257ef1ca9e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32280", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10491", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32280\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22.\n\ud83d\udccf Published: 2025-04-04T15:59:49.424Z\n\ud83d\udccf Modified: 2025-04-04T15:59:49.424Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T16:36:50.000000Z"}]}