{"vulnerability": "cve-2025-2687", "sightings": [{"uuid": "c4a59c61-b2a4-4ec5-ac4e-08ac647025c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26874", "type": "seen", "source": "https://t.me/cvedetector/21348", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26874 - MemberSpace Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-26874 \nPublished : March 27, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:13.000000Z"}, {"uuid": "1cc9e79e-899f-44e0-8218-3ccafc0bca68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26875", "type": "seen", "source": "https://t.me/cvedetector/20390", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26875 - Silverplugins217 WooCommerce SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26875 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:48.000000Z"}, {"uuid": "209c35f9-3841-4210-8f6b-3c15758069cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2687", "type": "seen", "source": "https://t.me/cvedetector/20938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2687 - PHPGurukul eLearning System Image Handler Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2687 \nPublished : March 24, 2025, 6:15 a.m. | 43\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T08:22:01.000000Z"}, {"uuid": "635742f6-9fb2-49cb-8693-2d5a8e538b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2687", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114218899342893433", "content": "", "creation_timestamp": "2025-03-24T18:48:15.476132Z"}, {"uuid": "426b8e60-29ec-463b-8fb2-510f6ea8d6be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2687", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmoqzwh24", "content": "", "creation_timestamp": "2025-03-24T10:34:16.245063Z"}, {"uuid": "df94e19b-1cb5-4c01-9f56-400e41efc6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2687", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3ll5myd4t3f24", "content": "", "creation_timestamp": "2025-03-24T20:49:13.605141Z"}, {"uuid": "aea7c316-d5f1-46df-9ccb-abf979af74d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26873", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llfelpnq762v", "content": "", "creation_timestamp": "2025-03-27T22:40:18.474363Z"}, {"uuid": "975afb96-c1d8-4ea8-9c0b-7a0e6aee0f60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26875", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkjqkye6zl27", "content": "", "creation_timestamp": "2025-03-16T23:00:06.672845Z"}, {"uuid": "dc7e97c9-7f06-4e21-b140-b6902b07a01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26874", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9237", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26874\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13.\n\ud83d\udccf Published: 2025-03-27T21:58:19.989Z\n\ud83d\udccf Modified: 2025-03-27T21:58:19.989Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/memberspace/vulnerability/wordpress-memberspace-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:47.000000Z"}, {"uuid": "c7746a01-0c29-4e67-ab3d-1d0fb1b9e558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26873", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26873\n\ud83d\udd25 CVSS Score: 9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.\n\ud83d\udccf Published: 2025-03-27T21:59:49.863Z\n\ud83d\udccf Modified: 2025-03-27T21:59:49.863Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:46.000000Z"}, {"uuid": "17173c43-e926-47de-b1c1-3167de26757b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26875", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkiidjumrs2r", "content": "", "creation_timestamp": "2025-03-16T11:00:06.446659Z"}, {"uuid": "c13c482c-d1ba-4d94-a8f8-ef7250583fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26873", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3llgio7rtwy2z", "content": "", "creation_timestamp": "2025-03-28T09:25:57.090851Z"}, {"uuid": "7f900a77-8f19-4f90-827a-499141667952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26871", "type": "seen", "source": "Telegram/EgY-3dooiREg-dALgS8idmo8jFkn1Hp5AACRbJP7ZYbsQN4", "content": "", "creation_timestamp": "2026-04-01T21:28:26.000000Z"}, {"uuid": "353bc0e5-78d5-499a-9b90-32e96378a51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26871", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5348", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26871\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.\n\ud83d\udccf Published: 2025-02-25T14:17:50.925Z\n\ud83d\udccf Modified: 2025-02-25T19:11:28.803Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-8-3-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:34.000000Z"}, {"uuid": "bfb9b5e5-208a-4360-9ef7-2fa22973c7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26879", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26879\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristi\u00e1n L\u00e1vaque s2Member Pro allows Reflected XSS. This issue affects s2Member Pro: from n/a through 241216.\n\ud83d\udccf Published: 2025-03-03T13:30:40.679Z\n\ud83d\udccf Modified: 2025-03-03T13:30:40.679Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-plugin-241216-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T14:30:18.000000Z"}, {"uuid": "82dd9efe-3fd9-49ae-b116-320899dddecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26875", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7802", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26875\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3.\n\ud83d\udccf Published: 2025-03-15T21:57:01.817Z\n\ud83d\udccf Modified: 2025-03-17T16:11:57.870Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/different-shipping-and-billing-address-for-woocommerce/vulnerability/wordpress-multiple-shipping-and-billing-address-for-woocommerce-plugin-1-3-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-17T16:47:41.000000Z"}, {"uuid": "76df2d99-1de0-45f7-be14-da29af948cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26873", "type": "seen", "source": "https://t.me/cvedetector/21353", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26873 - Shinetheme Traveler Deserialization of Untrusted Data Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26873 \nPublished : March 27, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:20.000000Z"}, {"uuid": "21e2f265-7b6c-4e80-a57d-ea86581aacbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26875", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114169120894617970", "content": "", "creation_timestamp": "2025-03-15T23:48:53.907240Z"}]}