{"vulnerability": "cve-2025-2351", "sightings": [{"uuid": "a8187086-bb04-4265-a13c-e7b26beaeb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23511", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xugxba2t", "content": "", "creation_timestamp": "2025-01-16T20:17:28.427158Z"}, {"uuid": "7f562297-a638-481b-ab27-9295acc2a0e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23513", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xww4np2c", "content": "", "creation_timestamp": "2025-01-16T20:17:31.003899Z"}, {"uuid": "93890585-8561-41e6-8c0f-c7e9ed0747fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23514", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xzejay2t", "content": "", "creation_timestamp": "2025-01-16T20:17:33.560379Z"}, {"uuid": "4c4657bb-d42c-4cf3-898f-1de8598bac8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23517", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23517\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Map on Post/Page allows Reflected XSS. This issue affects Google Map on Post/Page: from n/a through 1.1.\n\ud83d\udccf Published: 2025-03-03T13:30:09.055Z\n\ud83d\udccf Modified: 2025-03-05T17:11:05.126Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/google-map-on-postpage/vulnerability/wordpress-google-map-on-post-page-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:26.000000Z"}, {"uuid": "fd4dc735-aea1-45cb-9ea8-69667b60fed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23519", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6579", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23519\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound G Web Pro Store Locator allows Reflected XSS. This issue affects G Web Pro Store Locator: from n/a through 2.0.1.\n\ud83d\udccf Published: 2025-03-03T13:30:09.467Z\n\ud83d\udccf Modified: 2025-03-05T17:05:31.494Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gwebpro-store-locator/vulnerability/wordpress-g-web-pro-store-locator-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:33.000000Z"}, {"uuid": "600af70a-f002-4d9d-aa5a-f5ef28b986b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23516", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23516\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sale with Razorpay allows Reflected XSS. This issue affects Sale with Razorpay: from n/a through 1.0.\n\ud83d\udccf Published: 2025-03-03T13:30:08.784Z\n\ud83d\udccf Modified: 2025-03-05T17:12:19.583Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/sell-with-razorpay/vulnerability/wordpress-sale-with-razorpay-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:25.000000Z"}, {"uuid": "85f07dff-466d-4a47-af61-21b342a93856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23515", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6572", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23515\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Missing Authorization vulnerability in tsecher ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ts-tree: from n/a through 0.1.1.\n\ud83d\udccf Published: 2025-03-03T13:30:08.570Z\n\ud83d\udccf Modified: 2025-03-05T17:13:51.491Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ts-tree/vulnerability/wordpress-ts-tree-plugin-0-1-1-arbitrary-content-deletion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:24.000000Z"}, {"uuid": "fe4ac40e-1366-40e7-8f0a-67a6837fecd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2351", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7724", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2351\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-16T22:31:04.147Z\n\ud83d\udccf Modified: 2025-03-16T22:31:04.147Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299818\n2. https://vuldb.com/?ctiid.299818\n3. https://vuldb.com/?submit.512793", "creation_timestamp": "2025-03-16T22:45:47.000000Z"}, {"uuid": "c87aeb37-5387-4a10-af3d-56ab1b3b35ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2351", "type": "seen", "source": "https://t.me/cvedetector/20425", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2351 - DayCloud StudentManage SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2351 \nPublished : March 16, 2025, 11:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T02:24:44.000000Z"}, {"uuid": "44bc87d6-e8e9-4c73-90e8-ab1834c2db67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23511", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840251913667297", "content": "", "creation_timestamp": "2025-01-16T21:53:11.343096Z"}, {"uuid": "5166f1ee-0579-43ae-bde4-115889bf0158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23513", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840251928175069", "content": "", "creation_timestamp": "2025-01-16T21:53:11.596463Z"}, {"uuid": "7bc39a77-3a50-4302-b55d-efd89566d04f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23510", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840192910191183", "content": "", "creation_timestamp": "2025-01-16T21:38:11.080489Z"}, {"uuid": "3cfd5fdc-ded9-463b-9329-9d6db778ddd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23510", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xry3bq2n", "content": "", "creation_timestamp": "2025-01-16T20:17:25.768027Z"}, {"uuid": "9839257b-5f66-49e9-ab00-672e337c78da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23514", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840251942825885", "content": "", "creation_timestamp": "2025-01-16T21:53:11.927745Z"}, {"uuid": "3572e122-dff9-4b63-8a46-0d9c5171f347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23512", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo33vcp32t", "content": "", "creation_timestamp": "2025-01-22T15:18:40.506824Z"}, {"uuid": "1ca2c615-6119-4eaa-b69f-38df2d30c556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2351", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjzbmbijl2x", "content": "", "creation_timestamp": "2025-03-17T01:35:56.517290Z"}, {"uuid": "6c921ec8-473e-4827-8a3a-bc64ccea8c30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23512", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2628", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23512\n\ud83d\udd39 Description: Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0.\n\ud83d\udccf Published: 2025-01-22T14:29:14.122Z\n\ud83d\udccf Modified: 2025-01-22T19:53:40.261Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/team-118group-agent/vulnerability/wordpress-team-118group-agent-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:51.000000Z"}, {"uuid": "914abaa3-fa99-4591-abf6-6f136d17bf2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23518", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6576", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23518\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound GoogleMapper allows Reflected XSS. This issue affects GoogleMapper: from n/a through 2.0.3.\n\ud83d\udccf Published: 2025-03-03T13:30:09.258Z\n\ud83d\udccf Modified: 2025-03-05T17:10:03.427Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/googlemapper-2/vulnerability/wordpress-googlemapper-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:31.000000Z"}]}