{"vulnerability": "cve-2025-2688", "sightings": [{"uuid": "079259b1-389c-49f7-ad6d-6004c39c60fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26884", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26884\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.\n\ud83d\udccf Published: 2025-02-25T14:17:52.084Z\n\ud83d\udccf Modified: 2025-02-25T19:07:26.673Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/greenshift-animation-and-page-builder-blocks/vulnerability/wordpress-greenshift-plugin-10-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:46.000000Z"}, {"uuid": "3c7e2ca1-a005-447a-bbc3-df30a836a67f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26888", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11141", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26888\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8.\n\ud83d\udccf Published: 2025-04-09T19:35:42.843Z\n\ud83d\udccf Modified: 2025-04-09T19:35:42.843Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woocommerce-multilingual/vulnerability/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-8-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T19:48:13.000000Z"}, {"uuid": "880fe1ac-8585-4e65-98b5-2a106dbb7a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26886", "type": "seen", "source": "https://t.me/cvedetector/20391", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26886 - PublishPress Authors SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26886 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:49.000000Z"}, {"uuid": "2f86fe1e-ddbb-4810-97c7-2a46631a4ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2688", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmp3jyo2l", "content": "", "creation_timestamp": "2025-03-24T10:34:18.047268Z"}, {"uuid": "e8fd0507-83a2-46d3-9ea4-804cb6f63aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26889", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tcha7b2i", "content": "", "creation_timestamp": "2025-04-15T12:38:37.421272Z"}, {"uuid": "5abe7c51-2c15-4f48-81dc-b34dc0efcfe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26882", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5364", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26882\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder allows Stored XSS. This issue affects Popup Builder: from n/a through 1.1.33.\n\ud83d\udccf Published: 2025-02-25T14:17:51.802Z\n\ud83d\udccf Modified: 2025-02-25T18:52:00.748Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/easy-notify-lite/vulnerability/wordpress-popup-builder-plugin-1-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:57.000000Z"}, {"uuid": "ccb5fc33-ba42-46a3-a679-a1efbac51357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26886", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7803", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26886\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3.\n\ud83d\udccf Published: 2025-03-15T21:57:01.998Z\n\ud83d\udccf Modified: 2025-03-17T16:11:31.608Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/publishpress-authors/vulnerability/wordpress-publishpress-authors-plugin-4-7-3-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-17T16:47:42.000000Z"}, {"uuid": "3ec29066-e016-4086-9685-741216e71287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26889", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26889\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows PHP Local File Inclusion. This issue affects hockeydata LOS: from n/a through 1.2.4.\n\ud83d\udccf Published: 2025-04-15T11:59:05.561Z\n\ud83d\udccf Modified: 2025-04-15T11:59:05.561Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hockeydata-los/vulnerability/wordpress-hockeydata-los-plugin-1-2-4-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:47.000000Z"}, {"uuid": "9d8aa580-bf8e-4325-9c61-891c60084595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26885", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6219", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26885\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in Brent Jett Assistant allows Object Injection. This issue affects Assistant: from n/a through 1.5.1.\n\ud83d\udccf Published: 2025-03-03T13:30:40.875Z\n\ud83d\udccf Modified: 2025-03-03T13:30:40.875Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/assistant/vulnerability/wordpress-assistant-plugin-1-5-1-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T14:30:17.000000Z"}, {"uuid": "9b318505-c75b-42ce-bc15-b310e33d0543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2688", "type": "seen", "source": "https://t.me/cvedetector/20947", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2688 - TOTOLINK A3000RU Syslog Configuration File Handler Local Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2688 \nPublished : March 24, 2025, 7:15 a.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T10:02:24.000000Z"}, {"uuid": "3b6800a6-bcd8-4c8f-867f-1784c3ab0bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26889", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:35.168227Z"}]}