{"vulnerability": "cve-2025-3103", "sightings": [{"uuid": "eedaf6e0-a70b-497e-bba6-27cbf684747a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31035", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31035\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md \u2013 The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md \u2013 The Perfect WordPress Markdown Editor: from n/a through 10.2.1.\n\ud83d\udccf Published: 2025-04-09T16:10:12.161Z\n\ud83d\udccf Modified: 2025-04-09T16:10:12.161Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-editormd/vulnerability/wordpress-wp-editor-md-the-perfect-wordpress-markdown-editor-10-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:55.000000Z"}, {"uuid": "24c36b8f-c84d-4c0e-a0f2-5d2601f66fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31031", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9232", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31031\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4.\n\ud83d\udccf Published: 2025-03-27T22:16:09.481Z\n\ud83d\udccf Modified: 2025-03-27T22:16:09.481Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-job-manager-colors/vulnerability/wordpress-job-colors-for-wp-job-manager-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:40.000000Z"}, {"uuid": "4bc1ca81-5dda-40e4-94ec-99be7dcf6f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3103", "type": "seen", "source": "Telegram/hTANeX6nkmK-6QHGY2D4HZuK57SCBWdCO620ccfnOLbtEss", "content": "", "creation_timestamp": "2025-04-19T07:30:23.000000Z"}, {"uuid": "16b9da2d-fdae-4e66-b5d0-59238e579828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31033", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbv3mby2p", "content": "", "creation_timestamp": "2025-08-03T21:02:40.513905Z"}, {"uuid": "859c740a-d3aa-4c68-9b21-93131e9d335b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31032", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11120", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31032\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar \u2013 WooCommerce Gateway allows Stored XSS. This issue affects Pagopar \u2013 WooCommerce Gateway: from n/a through 2.7.1.\n\ud83d\udccf Published: 2025-04-09T16:10:14.368Z\n\ud83d\udccf Modified: 2025-04-09T16:10:14.368Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/pagopar-woocommerce-gateway/vulnerability/wordpress-pagopar-woocommerce-gateway-plugin-2-7-1-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:53.000000Z"}, {"uuid": "1316395c-3c16-4b42-8884-986c8ec4a229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31033", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11121", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31033\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2.\n\ud83d\udccf Published: 2025-04-09T16:10:13.782Z\n\ud83d\udccf Modified: 2025-04-09T16:10:13.782Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/buddypress-humanity/vulnerability/wordpress-buddypress-humanity-plugin-1-2-csrf-to-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:54.000000Z"}, {"uuid": "500ca3ce-74d6-4ad2-8022-96e912bd125f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31034", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11122", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31034\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows Cross Site Request Forgery. This issue affects Customize Login Page: from n/a through 1.1.\n\ud83d\udccf Published: 2025-04-09T16:10:12.927Z\n\ud83d\udccf Modified: 2025-04-09T16:10:12.927Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/customize-login-page/vulnerability/wordpress-customize-login-page-plugin-1-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:54.000000Z"}, {"uuid": "39a47669-720f-482a-a35e-4928fcd54985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31036", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31036\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0.\n\ud83d\udccf Published: 2025-04-09T16:10:11.430Z\n\ud83d\udccf Modified: 2025-04-09T16:10:11.430Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpsolr-free/vulnerability/wordpress-wpsolr-plugin-24-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:56.000000Z"}, {"uuid": "27eef9e5-3829-4af9-9162-d248f0f595d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3103", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3103\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.\n\ud83d\udccf Published: 2025-04-19T04:21:14.601Z\n\ud83d\udccf Modified: 2025-04-19T04:21:14.601Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0733261f-a2e1-4bd1-a57d-fdaaa8c904db?source=cve\n2. https://codecanyon.net/item/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon/26708087#item-description__updates-release-log", "creation_timestamp": "2025-04-19T04:59:57.000000Z"}, {"uuid": "75f7bc51-d270-41bd-8dfe-23b504fab98d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3103", "type": "seen", "source": "https://t.me/cvedetector/23375", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3103 - Elementor CLEVER WordPress File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3103 \nPublished : April 19, 2025, 5:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T09:18:11.000000Z"}, {"uuid": "b84fec8b-f1b6-4742-8088-5195fcc04bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31031", "type": "seen", "source": "https://t.me/cvedetector/21341", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31031 - Astoundify Job Colors for WP Job Manager Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31031 \nPublished : March 27, 2025, 11:15 p.m. | 38\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:04.000000Z"}, {"uuid": "930c85fa-d18e-48c7-8d62-82026dbedacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31033", "type": "published-proof-of-concept", "source": "Telegram/R8EoyxEXRbLNSWTsyEt6N9qTL1rPI2Yd_uQ0MxwcMFQZ7gc", "content": "", "creation_timestamp": "2025-04-10T17:00:07.000000Z"}, {"uuid": "e597457c-88bb-4bc5-ad90-40954f2a7986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31033", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114309734826046892", "content": "", "creation_timestamp": "2025-04-09T19:48:52.284463Z"}, {"uuid": "deb1b519-2254-428c-88a4-93c22bc4eb0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31036", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114309734861586827", "content": "", "creation_timestamp": "2025-04-09T19:48:53.082396Z"}, {"uuid": "fc1bbb3d-db2e-4c00-83b5-f9db8c478aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31038", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114309734908577806", "content": "", "creation_timestamp": "2025-04-09T19:48:57.026497Z"}, {"uuid": "690466c9-5f9c-4dfd-ae70-6c10224dffd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3103", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5laf64bjo2", "content": "", "creation_timestamp": "2025-04-19T07:08:46.466850Z"}, {"uuid": "daa2f410-3346-4dde-b642-d0e1ea97e8d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3103", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctj3iq2l", "content": "", "creation_timestamp": "2025-04-19T08:39:11.975334Z"}]}