{"vulnerability": "cve-2025-2699", "sightings": [{"uuid": "7eceda96-b510-445e-84a7-acbeae3e6bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2699", "type": "seen", "source": "https://t.me/cvedetector/20945", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2699 - GetmeUK ContentTools Image Handler Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2699 \nPublished : March 24, 2025, 8:15 a.m. | 44\u00a0minutes ago \nDescription : A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T10:02:22.000000Z"}, {"uuid": "593f8abc-559d-4921-81d9-510ab1bb76f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26992", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdelpp24", "content": "", "creation_timestamp": "2025-04-15T12:38:42.444401Z"}, {"uuid": "d27bc886-49fb-45ba-85b0-7e33184880cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26990", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdhwva2r", "content": "", "creation_timestamp": "2025-04-15T12:38:43.049625Z"}, {"uuid": "072bd4b3-1b43-4d0d-9624-96e01d24f3d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26993", "type": "seen", "source": "https://t.me/cvedetector/18872", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26993 - Vito Peleg Atarim Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-26993 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:46.000000Z"}, {"uuid": "c424b310-6e10-4b2e-a7bd-9f73487d2be9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26991", "type": "seen", "source": "https://t.me/cvedetector/18871", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26991 - WPPizza Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-26991 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:42.000000Z"}, {"uuid": "f82a2f62-a687-45fe-9743-ad67af910c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26995", "type": "seen", "source": "https://t.me/cvedetector/18868", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26995 - Anton Vanyukov Market Exporter Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26995 \nPublished : Feb. 25, 2025, 3:15 p.m. | 33\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T17:22:40.000000Z"}, {"uuid": "7165f0c2-5ec8-4a27-95f3-b8b0fcc51aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26994", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26994\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform \u2013 Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform \u2013 Price Calculator & Cost Estimation Form Builder Lite: from n/a through 7.4.2.\n\ud83d\udccf Published: 2025-03-03T13:30:42.301Z\n\ud83d\udccf Modified: 2025-03-03T13:30:42.301Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/zigaform-calculator-cost-estimation-form-builder-lite/vulnerability/wordpress-zigaform-price-calculator-cost-estimation-form-builder-lite-plugin-7-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T14:30:07.000000Z"}, {"uuid": "e4787519-0b04-453d-8a69-29a9cb49c3dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26990", "type": "seen", "source": "https://t.me/cvedetector/22940", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26990 - Royal Elementor Addons SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-26990 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:13.000000Z"}, {"uuid": "db57106e-904e-48aa-9305-2d68b7e2650c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26999", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114099285895612611", "content": "", "creation_timestamp": "2025-03-03T15:48:56.739385Z"}, {"uuid": "0d1f11c2-e2f3-423e-a58d-cf8003e027b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26991", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lizdqx2yhz2l", "content": "", "creation_timestamp": "2025-02-25T17:03:00.292707Z"}, {"uuid": "b63f31a8-8987-40aa-a8bf-c0408b295b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26990", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26990\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006.\n\ud83d\udccf Published: 2025-04-15T11:59:07.117Z\n\ud83d\udccf Modified: 2025-04-15T11:59:07.117Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1006-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:33.000000Z"}, {"uuid": "057b480e-3c10-4b9c-a3fe-b949f4ce12c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26992", "type": "seen", "source": "https://t.me/cvedetector/22941", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26992 - Fatcatapps Landing Page Cat Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26992 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.8. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:14.000000Z"}, {"uuid": "8f062ed2-4e68-410c-a539-0d35d655b60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2699", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmpclin2m", "content": "", "creation_timestamp": "2025-03-24T10:34:19.192193Z"}, {"uuid": "0ebf68b9-e719-4937-aaeb-4cb4003a579b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26999", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:24.000000Z"}, {"uuid": "5f6c77dd-a7f5-4dd0-b811-f56b4849444e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26999", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:47.000000Z"}, {"uuid": "d260a7bf-428b-4d96-9dc5-081837f2048a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26994", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "00e6fbdb-d093-4c36-9d85-8408dd272c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26995", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"}, {"uuid": "15313720-2095-4179-9655-92ac84edc947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26991", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26991\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4.\n\ud83d\udccf Published: 2025-02-25T14:17:59.333Z\n\ud83d\udccf Modified: 2025-02-25T14:17:59.333Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wppizza/vulnerability/wordpress-wppizza-plugin-3-19-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:23:57.000000Z"}, {"uuid": "58a81270-bca9-4c61-bf4d-e6c2127d5b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26993", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26993\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0.\n\ud83d\udccf Published: 2025-02-25T14:17:59.501Z\n\ud83d\udccf Modified: 2025-02-25T14:17:59.501Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/atarim-visual-collaboration/vulnerability/wordpress-visual-website-collaboration-atarim-plugin-4-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:23:56.000000Z"}, {"uuid": "ac400241-2327-4f81-a666-97c9a2132cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26995", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26995\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.\n\ud83d\udccf Published: 2025-02-25T14:17:59.685Z\n\ud83d\udccf Modified: 2025-02-25T14:17:59.685Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/market-exporter/vulnerability/wordpress-market-exporter-plugin-2-0-21-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T14:23:56.000000Z"}]}