{"vulnerability": "cve-2025-2349", "sightings": [{"uuid": "cdf09aa1-07de-47b0-a29e-655a1fc65feb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23498", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23498\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-01-22T14:29:13.303Z\n\ud83d\udccf Modified: 2025-01-22T19:54:57.357Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/translation-pro/vulnerability/wordpress-translation-pro-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:44.000000Z"}, {"uuid": "7f4bea4c-598d-4b24-9cbc-120485213a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23495", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2621", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23495\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0.\n\ud83d\udccf Published: 2025-01-22T14:29:13.127Z\n\ud83d\udccf Modified: 2025-01-22T19:55:11.896Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woocommerce-order-searching/vulnerability/wordpress-woocommerce-order-search-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:43.000000Z"}, {"uuid": "59ba0fae-e19f-45b0-a41d-f20510c102a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23496", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6568", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23496\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP FPO allows Reflected XSS. This issue affects WP FPO: from n/a through 1.0.\n\ud83d\udccf Published: 2025-03-03T13:30:07.889Z\n\ud83d\udccf Modified: 2025-03-05T17:17:33.096Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-fpo/vulnerability/wordpress-wp-fpo-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:18.000000Z"}, {"uuid": "796e3dc0-7556-4a96-871f-1872f824e85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23494", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6567", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23494\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Quizzin allows Reflected XSS. This issue affects Quizzin: from n/a through 1.01.4.\n\ud83d\udccf Published: 2025-03-03T13:30:07.697Z\n\ud83d\udccf Modified: 2025-03-05T17:19:09.439Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/quizzin/vulnerability/wordpress-quizzin-plugin-1-01-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:17.000000Z"}, {"uuid": "35cd4d55-62c7-47a8-9b37-0664a678ab11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2349", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7722", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2349\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-16T21:31:04.302Z\n\ud83d\udccf Modified: 2025-03-16T21:31:04.302Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299815\n2. https://vuldb.com/?ctiid.299815\n3. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-9-exposed-root-password", "creation_timestamp": "2025-03-16T21:46:14.000000Z"}, {"uuid": "dab3f1c7-2e68-4208-9f16-e575c7afde2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23499", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xklgma2b", "content": "", "creation_timestamp": "2025-01-16T20:17:18.018246Z"}, {"uuid": "d33c72b5-2361-43ed-96a3-b25b7f63ef89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23491", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtlczw3b2t", "content": "", "creation_timestamp": "2025-02-03T15:17:05.776423Z"}, {"uuid": "aee0693f-40ae-4e46-a157-90a113bed910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23491", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113940708371114625", "content": "", "creation_timestamp": "2025-02-03T15:40:35.140972Z"}, {"uuid": "694cd297-eca0-48bc-ba05-11ba2443c133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23498", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2halc22h", "content": "", "creation_timestamp": "2025-01-22T15:18:18.847148Z"}, {"uuid": "1a424d0b-dc70-4fd4-8c33-88c5ea4f89d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2349", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjzbm5qgn2j", "content": "", "creation_timestamp": "2025-03-17T01:35:55.939672Z"}, {"uuid": "32f254b5-ebb1-4f90-a06b-a58229f67d69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2349", "type": "seen", "source": "https://t.me/cvedetector/20419", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2349 - IROAD Dash Cam FX2 Password Hash Handler Insufficient Computational Effort Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2349 \nPublished : March 16, 2025, 10:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T00:44:20.000000Z"}, {"uuid": "26fc80ad-dc52-44a7-bd3b-a0d541275cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23499", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840192866447848", "content": "", "creation_timestamp": "2025-01-16T21:38:10.340066Z"}, {"uuid": "a3b4f844-efed-4f46-9dbe-a69e228b5320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23497", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840133866340165", "content": "", "creation_timestamp": "2025-01-16T21:23:10.078574Z"}, {"uuid": "90877311-085b-4175-b4ca-75a30e7ab197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23497", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xi6yca2t", "content": "", "creation_timestamp": "2025-01-16T20:17:15.758077Z"}, {"uuid": "cdec01a2-a8a7-4f86-ae26-c33e502f840d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23492", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114002455575002948", "content": "", "creation_timestamp": "2025-02-14T13:23:43.103257Z"}, {"uuid": "01846112-d2ac-4c9b-8a4e-0025e8267e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23490", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23490\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Browser-Update-Notify allows Reflected XSS. This issue affects Browser-Update-Notify: from n/a through 0.2.1.\n\ud83d\udccf Published: 2025-03-03T13:30:07.255Z\n\ud83d\udccf Modified: 2025-03-03T20:23:33.909Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/browser-update-notify/vulnerability/wordpress-browser-update-notify-plugin-0-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:34.000000Z"}, {"uuid": "684960f8-55c1-473a-99af-0a612fc556c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23493", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23493\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Transliteration allows Reflected XSS. This issue affects Google Transliteration: from n/a through 1.7.2.\n\ud83d\udccf Published: 2025-03-03T13:30:07.493Z\n\ud83d\udccf Modified: 2025-03-03T20:24:28.451Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/google-transliteration/vulnerability/wordpress-google-transliteration-plugin-1-7-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:33.000000Z"}, {"uuid": "2014d6e0-44aa-449e-961b-dbfa60b82d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23495", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2dkt5o27", "content": "", "creation_timestamp": "2025-01-22T15:18:15.037104Z"}, {"uuid": "40c8feab-1241-41cd-a237-0ba4eaedcd79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23492", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5bxosr6c2h", "content": "", "creation_timestamp": "2025-02-14T13:16:27.037117Z"}, {"uuid": "043958ec-c2df-4f4f-ace7-d0becd2e39ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23493", "type": "seen", "source": "MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7", "content": "", "creation_timestamp": "2025-08-18T18:31:00.000000Z"}, {"uuid": "3a754bdf-5d43-409d-9ba6-0d5fadb6bf34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23491", "type": "seen", "source": "MISP/f7787455-9994-4047-b6f7-77347597c104", "content": "", "creation_timestamp": "2025-08-26T18:36:19.000000Z"}]}