{"vulnerability": "CVE-2025-5271", "sightings": [{"uuid": "620c93dc-1b4c-4f38-976d-37ac921f0d20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52713", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19219", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52713\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\n\ud83d\udccf Published: 2025-06-20T15:03:36.364Z\n\ud83d\udccf Modified: 2025-06-23T16:23:08.597Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T16:47:08.000000Z"}, {"uuid": "21f2e1f9-f49c-4974-875e-722ce14d6d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52711", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52711\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor allows Cross Site Request Forgery. This issue affects Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\n\ud83d\udccf Published: 2025-06-20T15:03:35.880Z\n\ud83d\udccf Modified: 2025-06-23T16:23:14.047Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T16:47:04.000000Z"}, {"uuid": "84242636-6d46-4d6b-8cdc-8fa61d9e06c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19217", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52710\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.\n\ud83d\udccf Published: 2025-06-20T15:03:35.411Z\n\ud83d\udccf Modified: 2025-06-23T16:23:19.684Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/filester/vulnerability/wordpress-file-manager-pro-plugin-1-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T16:47:03.000000Z"}, {"uuid": "eb8fa0d0-74c0-44d9-82bd-8ff8c27d9f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5271", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq5trxn6ym2e", "content": "", "creation_timestamp": "2025-05-27T13:56:54.416554Z"}, {"uuid": "af268830-9bdf-4b9a-9b04-cc3c4eab7dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52718", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-06T01:04:20.000000Z"}, {"uuid": "6ab73a29-9e9a-4304-a0ff-5ee940f0377b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52715", "type": "seen", "source": "Telegram/Few3gCpIxK62dc1jWUhItJrwg7vqQG5I5Yuv8pw_mn_INJA", "content": "", "creation_timestamp": "2025-06-20T16:17:33.000000Z"}, {"uuid": "40557d50-7a0b-4a6f-a7ce-545c60115eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52718", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lt5e6qbxnn2l", "content": "", "creation_timestamp": "2025-07-04T13:33:17.926911Z"}, {"uuid": "fd612daf-8ca9-452b-bf53-030731b429ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52718", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-21T10:03:57.000000Z"}, {"uuid": "a0356a28-c00d-4113-aacf-d84fb2b8a37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52717", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19724", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52717\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6.\n\ud83d\udccf Published: 2025-06-27T11:52:28.496Z\n\ud83d\udccf Modified: 2025-06-27T14:47:28.749Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/lifterlms/vulnerability/wordpress-lifterlms-8-0-6-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-27T14:51:24.000000Z"}, {"uuid": "9c9888b1-bc36-40e8-9c8e-5a8db65e6db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5271", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5271\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139.\n\ud83d\udccf Published: 2025-05-27T12:29:29.404Z\n\ud83d\udccf Modified: 2025-05-27T12:29:29.404Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1920348\n2. https://www.mozilla.org/security/advisories/mfsa2025-42/", "creation_timestamp": "2025-05-27T12:48:41.000000Z"}, {"uuid": "33183af1-90b2-47b8-8816-4d1ac18f8f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52719", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19221", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52719\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid  allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.\n\ud83d\udccf Published: 2025-06-20T15:03:37.331Z\n\ud83d\udccf Modified: 2025-06-23T16:22:56.149Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-2-full-path-disclosure-fpd-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T16:47:10.000000Z"}, {"uuid": "fe1fc424-3215-4b21-81a7-3da0e7d11813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52715", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52715\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.\n\ud83d\udccf Published: 2025-06-20T15:03:36.841Z\n\ud83d\udccf Modified: 2025-06-23T16:23:02.731Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/classified-listing/vulnerability/wordpress-classified-listing-plugin-4-2-0-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T16:47:09.000000Z"}, {"uuid": "fc606c2a-50e7-439e-a1cd-cc650ce29096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5271", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq5rf525f7z2", "content": "", "creation_timestamp": "2025-05-27T13:16:29.369479Z"}]}