{"vulnerability": "cve-2025-3145", "sightings": [{"uuid": "f823ca63-bc80-47f3-9afb-f153e9819ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31457", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9338", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31457\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Aur\u00e9lien LWS LWS SMS allows Cross Site Request Forgery. This issue affects LWS SMS: from n/a through 2.4.1.\n\ud83d\udccf Published: 2025-03-28T11:54:10.747Z\n\ud83d\udccf Modified: 2025-03-28T11:54:10.747Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/lws-sms/vulnerability/wordpress-lws-sms-2-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:55.000000Z"}, {"uuid": "d8eb95df-4bf2-4a9a-868b-a429c13ae219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31456", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31456\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2.\n\ud83d\udccf Published: 2025-03-28T11:54:11.374Z\n\ud83d\udccf Modified: 2025-03-28T11:54:11.374Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ultimate-security-checker/vulnerability/wordpress-ultimate-security-checker-plugin-4-2-cross-site-request-forgery-csrf-to-security-rescan-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:54.000000Z"}, {"uuid": "0b09528d-098e-448d-a512-2a2c2947bb02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31452", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9335", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31452\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search allows Stored XSS. This issue affects WP Ultimate Search: from n/a through 2.0.3.\n\ud83d\udccf Published: 2025-03-28T11:54:12.630Z\n\ud83d\udccf Modified: 2025-03-28T11:54:12.630Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-ultimate-search/vulnerability/wordpress-wp-ultimate-search-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:52.000000Z"}, {"uuid": "6909b4cf-0cf8-47bb-b6b5-20989b3e5fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31451", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9334", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31451\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce allows Stored XSS. This issue affects wBounce: from n/a through 1.8.1.\n\ud83d\udccf Published: 2025-03-28T11:54:13.268Z\n\ud83d\udccf Modified: 2025-03-28T11:54:13.268Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wbounce/vulnerability/wordpress-wbounce-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:52.000000Z"}, {"uuid": "e8741003-6156-4468-aaa9-758c19c61cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31450", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9333", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31450\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6.\n\ud83d\udccf Published: 2025-03-28T11:54:13.920Z\n\ud83d\udccf Modified: 2025-03-28T11:54:13.920Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/toggle-box/vulnerability/wordpress-toggle-box-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:48.000000Z"}, {"uuid": "693e6448-b9c8-4178-aa2a-f56a38f6f6a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31453", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9336", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31453\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6.\n\ud83d\udccf Published: 2025-03-28T11:54:12.005Z\n\ud83d\udccf Modified: 2025-03-28T11:54:12.005Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/youtube-simplegallery/vulnerability/wordpress-youtube-simplegallery-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T12:27:53.000000Z"}, {"uuid": "186cbc75-526e-44fb-a6d1-eaa5c886ac2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31455", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31455\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5.\n\ud83d\udccf Published: 2025-04-01T20:58:10.662Z\n\ud83d\udccf Modified: 2025-04-02T16:10:22.598Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/limit-max-ips-per-user/vulnerability/wordpress-limit-max-ips-per-user-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T16:35:10.000000Z"}, {"uuid": "26b45002-61f8-4844-a392-15eed395c99d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31454", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31454\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Delete Post Revision allows Reflected XSS. This issue affects Delete Post Revision: from n/a through 1.1.\n\ud83d\udccf Published: 2025-04-01T20:58:10.502Z\n\ud83d\udccf Modified: 2025-04-02T16:12:31.408Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/delete-post-revision/vulnerability/wordpress-delete-post-revision-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T16:35:07.000000Z"}, {"uuid": "4bc48f28-5477-416c-bd81-0ff76b99cff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3145", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10165", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3145\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Affected by this issue is the function mindspore.numpy.fft.rfft2. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T06:31:11.782Z\n\ud83d\udccf Modified: 2025-04-03T06:31:11.782Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303050\n2. https://vuldb.com/?ctiid.303050\n3. https://gitee.com/mindspore/mindspore/issues/IBVKM8", "creation_timestamp": "2025-04-03T06:34:10.000000Z"}, {"uuid": "761f05e1-fd7a-4b22-9c51-b1fd4aec869d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31459", "type": "seen", "source": "https://t.me/cvedetector/21431", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31459 - PasqualePuzio Login Alert CSRF Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2025-31459 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:57.000000Z"}, {"uuid": "b5e7bc0e-eff5-4a3d-a7a7-e854dc2113e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31458", "type": "seen", "source": "https://t.me/cvedetector/21430", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31458 - Forsgren Video Embedder CSRF Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31458 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:56.000000Z"}, {"uuid": "ac778c7f-d806-4c70-9a25-918881cbddf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31457", "type": "seen", "source": "https://t.me/cvedetector/21429", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31457 - Aur\u00e9lien LWS LWS SMS CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31457 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Aur\u00e9lien LWS LWS SMS allows Cross Site Request Forgery. This issue affects LWS SMS: from n/a through 2.4.1. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:55.000000Z"}, {"uuid": "07386ccc-9b00-4269-8da6-6a687dc52fa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31453", "type": "seen", "source": "https://t.me/cvedetector/21428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31453 - YouTube SimpleGallery Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31453 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:54.000000Z"}, {"uuid": "7c7336f3-15ef-45fb-8460-8a10bbb2b732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31456", "type": "seen", "source": "https://t.me/cvedetector/21427", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31456 - BSNDev Ultimate Security Checker CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31456 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:53.000000Z"}]}