{"vulnerability": "CVE-2025-3260", "sightings": [{"uuid": "af96700d-edbc-44f7-ba12-dab09ef4247b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32603", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114319171099697127", "content": "", "creation_timestamp": "2025-04-11T11:48:38.235462Z"}, {"uuid": "339409c0-b117-451f-9d2b-f6fde3682d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32607", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114319171133706626", "content": "", "creation_timestamp": "2025-04-11T11:48:40.970031Z"}, {"uuid": "353aba13-d3aa-4a18-bf17-9274b3718bed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32600", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11406", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32600\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1.\n\ud83d\udccf Published: 2025-04-11T08:42:59.147Z\n\ud83d\udccf Modified: 2025-04-11T08:42:59.147Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/tournamatch/vulnerability/wordpress-tournamatch-plugin-4-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:36.000000Z"}, {"uuid": "1832e751-f326-4682-936b-a566d0c39ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32603", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32603\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-04-11T08:42:59.507Z\n\ud83d\udccf Modified: 2025-04-11T08:42:59.507Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-online-users-stats/vulnerability/wordpress-wp-online-users-stats-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:34.000000Z"}, {"uuid": "44e0132f-11f2-430f-bed7-b2da7bc21030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32607", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32607\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0.\n\ud83d\udccf Published: 2025-04-11T08:42:59.659Z\n\ud83d\udccf Modified: 2025-04-11T08:42:59.659Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-0-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:33.000000Z"}, {"uuid": "e880f755-d450-447d-99b7-333939a18a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32601", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11405", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32601\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments allows Reflected XSS. This issue affects Twispay Credit Card Payments: from n/a through 2.1.2.\n\ud83d\udccf Published: 2025-04-11T08:42:59.353Z\n\ud83d\udccf Modified: 2025-04-11T08:42:59.353Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/twispay/vulnerability/wordpress-twispay-credit-card-payments-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:35.000000Z"}, {"uuid": "f2ce5ae4-dfb5-43ff-9e50-80bf60bae1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://t.me/ics_cert/1187", "content": "\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u067e\u0644\u062a\u0641\u0631\u0645 \u0646\u0638\u0627\u0631\u062a \u0648 \u067e\u0627\u06cc\u0634 \u06af\u0631\u0627\u0641\u0627\u0646\u0627 (Grafana) \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0646\u0642\u0635 \u062f\u0631 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 \u0645\u062c\u0648\u0632\u062f\u0647\u06cc \u0627\u0633\u062a. \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc \u06a9\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0639\u0645\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0648\u062c\u0648\u062f \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u062f.\nCVE-2025-3260\n\n\u0646\u0635\u0628 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0645\u0639\u062a\u0628\u0631. \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0627\u0634\u0646\u0627\u0633 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0644\u062a\u0641\u0631\u0645\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0644\u0627\u06cc\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f (WAF) \u0628\u0631\u0627\u06cc \u0641\u06cc\u0644\u062a\u0631 \u06a9\u0631\u062f\u0646 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0634\u0628\u06a9\u0647\u061b\n- \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0644\u062a\u0641\u0631\u0645 \u0627\u0632 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n- \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646/\u062d\u0630\u0641 \u062d\u0633\u0627\u0628\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u06cc \u067e\u0644\u062a\u0641\u0631\u0645 \u06a9\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u062e\u0635\u0648\u0635\u06cc \u0645\u062c\u0627\u0632\u06cc \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (VPN) \u0628\u0647 \u067e\u0644\u062a\u0641\u0631\u0645.\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627:\nhttps://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/\n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33\n\u06af\u0631\u0648\u0647 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ICSCERT_IR", "creation_timestamp": "2025-06-07T18:27:26.000000Z"}, {"uuid": "a03ab053-96c8-4523-ba2c-b1694fce2f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmncixnncy2", "content": "", "creation_timestamp": "2025-06-02T11:11:14.299741Z"}, {"uuid": "7431c9fc-23cc-4644-b992-fc014e204f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqmu4dogem2s", "content": "", "creation_timestamp": "2025-06-02T13:12:38.658429Z"}, {"uuid": "5cb9b1fc-6137-488d-893a-2d2bb5e25786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/grafana.bsky.social/post/3lnhroytxvs2w", "content": "", "creation_timestamp": "2025-04-23T08:30:30.589094Z"}, {"uuid": "246a64ae-2eeb-4f32-a546-cd3b72315db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lnhytg4c222p", "content": "", "creation_timestamp": "2025-04-23T10:38:14.768093Z"}, {"uuid": "709b462a-5314-40bb-bb4e-9a9cecea8d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lnjwd32p4s2o", "content": "", "creation_timestamp": "2025-04-24T04:58:39.194001Z"}, {"uuid": "21901511-e3fa-4e88-b073-0921cb681d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3260", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lnkcwyjvik2u", "content": "", "creation_timestamp": "2025-04-24T08:44:32.969595Z"}]}