{"vulnerability": "cve-2025-2575", "sightings": [{"uuid": "9e8d07ce-2cd1-4895-83d9-54c94eab031e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25759", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5679", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25759\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.\n\ud83d\udccf Published: 2025-02-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T14:19:09.821Z\n\ud83d\udd17 References:\n1. https://github.com/147536951/Qianyi-learn/blob/main/SUCMS.pdf", "creation_timestamp": "2025-02-27T14:27:09.000000Z"}, {"uuid": "50e2238b-fcce-465c-922d-337053a4b593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/cvedetector/22750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2575 - WordPress Z Companion Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2575 \nPublished : April 11, 2025, 12:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T16:27:17.000000Z"}, {"uuid": "74967a5e-992d-471e-af51-5ee413d8bf48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6hjfzb2b2y", "content": "", "creation_timestamp": "2025-02-27T17:53:43.015769Z"}, {"uuid": "d9922252-6c2a-4e5f-8263-041db04241ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://t.me/cvedetector/19064", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25759 - SUCMS Directory Traversal and File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25759 \nPublished : Feb. 27, 2025, 3:15 p.m. | 2\u00a0hours, 16\u00a0minutes ago \nDescription : An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T19:15:58.000000Z"}, {"uuid": "348607ea-36bc-4758-842f-106ada78a079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25758", "type": "seen", "source": "https://t.me/cvedetector/20772", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25758 - KukuFM Android Backup Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-25758 \nPublished : March 20, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup=\"true\" in the ANdroidManifest.xml \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T00:05:37.000000Z"}, {"uuid": "467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybqlrg2g", "content": "", "creation_timestamp": "2025-04-11T15:37:56.845986Z"}, {"uuid": "3783fb9f-4f4a-4423-a501-4b28832f8118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11414", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2575\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed.\n\ud83d\udccf Published: 2025-04-11T11:11:57.129Z\n\ud83d\udccf Modified: 2025-04-11T11:11:57.129Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f7bba4-76c3-4904-bd96-2074147b33f5?source=cve\n2. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L149\n3. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L63\n4. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L148\n5. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L62\n6. https://wordpress.org/plugins/z-companion/#developers\n7. https://plugins.trac.wordpress.org/changeset/3270130/", "creation_timestamp": "2025-04-11T11:50:43.000000Z"}]}