{"vulnerability": "CVE-2025-4996", "sightings": [{"uuid": "867c972b-8d96-4c09-8168-aa164ebc1648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49965", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18990", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49965\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0.\n\ud83d\udccf Published: 2025-06-20T15:04:22.655Z\n\ud83d\udccf Modified: 2025-06-20T16:23:10.433Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/pixelbeds-channel-manager-booking-engine/vulnerability/wordpress-pixelbeds-channel-manager-and-hotel-booking-engine-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-20T16:44:46.000000Z"}, {"uuid": "a01ee8fb-1152-49e2-8fa0-a3b221c165b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49966", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18989", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49966\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.\n\ud83d\udccf Published: 2025-06-20T15:04:22.175Z\n\ud83d\udccf Modified: 2025-06-20T16:24:09.621Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/oganro-travel-portal-search-widget-for-hotelbeds-apitude-api/vulnerability/wordpress-oganro-travel-portal-search-widget-for-hotelbeds-apitude-api-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-20T16:44:45.000000Z"}, {"uuid": "74065371-32da-4106-a914-e86ca81a3a2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49967", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18988", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49967\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1.\n\ud83d\udccf Published: 2025-06-20T15:04:21.688Z\n\ud83d\udccf Modified: 2025-06-20T16:25:10.666Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/live-sports-streamthunder/vulnerability/wordpress-live-sports-streamthunder-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-20T16:44:44.000000Z"}, {"uuid": "14a53360-ab71-434d-8f6d-51da91c853e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49964", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49964\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.\n\ud83d\udccf Published: 2025-06-20T15:04:23.124Z\n\ud83d\udccf Modified: 2025-06-20T16:20:25.409Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/cliplink/vulnerability/wordpress-cliplink-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-20T16:44:47.000000Z"}]}