{"vulnerability": "CVE-2025-4749", "sightings": [{"uuid": "642b94f6-7c83-4798-901d-a0116682caa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47498", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15304", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47498\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.\n\ud83d\udccf Published: 2025-05-07T14:19:55.784Z\n\ud83d\udccf Modified: 2025-05-07T14:19:55.784Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/nd-booking/vulnerability/wordpress-hotel-booking-3-6-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:32.000000Z"}, {"uuid": "f016cb93-67c9-4558-abf6-51f8cce0919b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47499", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15303", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47499\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Blog Stats allows Stored XSS. This issue affects Simple Blog Stats: from n/a through 20250416.\n\ud83d\udccf Published: 2025-05-07T14:19:56.307Z\n\ud83d\udccf Modified: 2025-05-07T14:19:56.307Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simple-blog-stats/vulnerability/wordpress-simple-blog-stats-20250416-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:31.000000Z"}, {"uuid": "d51d3eaf-0ad9-4ee1-a10e-7b46176d738e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4749", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16630", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4749\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T05:00:09.105Z\n\ud83d\udccf Modified: 2025-05-16T05:00:09.105Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309052\n2. https://vuldb.com/?ctiid.309052\n3. https://vuldb.com/?submit.571068\n4. https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/backup.md\n5. https://www.dlink.com/", "creation_timestamp": "2025-05-16T05:34:38.000000Z"}, {"uuid": "6bb8326f-11f6-4d71-b2c5-6c7afaac9b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47490", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lom653hjx72h", "content": "", "creation_timestamp": "2025-05-07T19:48:58.464117Z"}, {"uuid": "84a1325d-e164-4917-8d90-0f85825463f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47496", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15306", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47496\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress PublishPress Authors allows PHP Local File Inclusion. This issue affects PublishPress Authors: from n/a through 4.7.5.\n\ud83d\udccf Published: 2025-05-07T14:19:54.712Z\n\ud83d\udccf Modified: 2025-05-07T14:19:54.712Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/publishpress-authors/vulnerability/wordpress-publishpress-authors-4-7-5-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:35.000000Z"}, {"uuid": "2f06b66a-1839-48fc-9de0-05664b030f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47497", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47497\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepoints Logo Showcase allows DOM-Based XSS. This issue affects Logo Showcase: from n/a through 3.0.4.\n\ud83d\udccf Published: 2025-05-07T14:19:55.254Z\n\ud83d\udccf Modified: 2025-05-07T14:19:55.254Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/logo-showcase/vulnerability/wordpress-logo-showcase-3-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:33.000000Z"}, {"uuid": "5dc27509-946a-4984-9603-44923488f367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47494", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47494\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.4.1.\n\ud83d\udccf Published: 2025-05-07T14:19:53.669Z\n\ud83d\udccf Modified: 2025-05-07T14:19:53.669Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-2-4-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:38.000000Z"}, {"uuid": "ef216a6d-1efd-4c68-ad21-9ea9b68b6039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47495", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47495\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare allows Stored XSS. This issue affects Blockspare: from n/a through 3.2.9.\n\ud83d\udccf Published: 2025-05-07T14:19:54.179Z\n\ud83d\udccf Modified: 2025-05-07T14:19:54.179Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/blockspare/vulnerability/wordpress-blockspare-3-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:36.000000Z"}, {"uuid": "b4ad7148-779a-443d-b5a7-c4ffd7c8ba06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47493", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47493\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.9.\n\ud83d\udccf Published: 2025-05-07T14:19:53.136Z\n\ud83d\udccf Modified: 2025-05-07T14:19:53.136Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ultimate-blocks/vulnerability/wordpress-ultimate-blocks-3-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:39.000000Z"}, {"uuid": "1822ab2e-4b15-4d15-b043-b214ac70d21e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47490", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47490\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail allows SQL Injection. This issue affects Ultimate WP Mail: from n/a through 1.3.4.\n\ud83d\udccf Published: 2025-05-07T14:19:51.954Z\n\ud83d\udccf Modified: 2025-05-07T14:19:51.954Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ultimate-wp-mail/vulnerability/wordpress-ultimate-wp-mail-1-3-4-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:40.000000Z"}, {"uuid": "85376afa-1855-4f74-b15e-f25ec7cca899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47491", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15310", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47491\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery. This issue affects Contact Form Widget: from n/a through 1.4.6.\n\ud83d\udccf Published: 2025-05-07T14:19:52.529Z\n\ud83d\udccf Modified: 2025-05-07T14:19:52.529Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/new-contact-form-widget/vulnerability/wordpress-contact-form-widget-1-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:39.000000Z"}]}