{"vulnerability": "cve-2025-3181", "sightings": [{"uuid": "a179dc9c-cd24-48ad-8ffe-00fc0fc5be8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31818", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9993", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31818\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentBot.ai ContentBot AI Writer allows Stored XSS. This issue affects ContentBot AI Writer: from n/a through 1.2.4.\n\ud83d\udccf Published: 2025-04-01T14:51:44.682Z\n\ud83d\udccf Modified: 2025-04-01T19:15:39.642Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/content-bot/vulnerability/wordpress-contentbot-ai-writer-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:32.000000Z"}, {"uuid": "cd98b279-15e3-44f9-b0e9-e0177d807a5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31816", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10015", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31816\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1.\n\ud83d\udccf Published: 2025-04-01T14:51:43.552Z\n\ud83d\udccf Modified: 2025-04-01T19:58:46.208Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mobile-app/vulnerability/wordpress-mobile-app-canvas-plugin-3-8-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T20:33:37.000000Z"}, {"uuid": "455720c8-893c-47b8-a3f4-82f688f06936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31815", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31815\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks allows Stored XSS. This issue affects Design Blocks: from n/a through 1.2.2.\n\ud83d\udccf Published: 2025-04-01T14:51:43.013Z\n\ud83d\udccf Modified: 2025-04-01T20:03:59.679Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/exclusive-blocks/vulnerability/wordpress-design-blocks-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T20:33:36.000000Z"}, {"uuid": "b7970b03-8d0a-4288-9e7e-41958ed492f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31817", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10017", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31817\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWheels BlockWheels allows DOM-Based XSS. This issue affects BlockWheels: from n/a through 1.0.1.\n\ud83d\udccf Published: 2025-04-01T14:51:44.143Z\n\ud83d\udccf Modified: 2025-04-01T19:53:10.451Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/blockwheels/vulnerability/wordpress-blockwheels-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T20:33:42.000000Z"}, {"uuid": "d1a259e9-3864-451e-9d31-217679d52060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31819", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31819\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8.\n\ud83d\udccf Published: 2025-04-01T20:58:15.132Z\n\ud83d\udccf Modified: 2025-04-02T13:28:02.772Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/nova-blocks/vulnerability/wordpress-nova-blocks-by-pixelgrade-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T13:33:31.000000Z"}, {"uuid": "dfc4be15-eb8d-4e2f-b585-34b3ae96ac3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3181", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10358", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3181\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T21:31:04.936Z\n\ud83d\udccf Modified: 2025-04-03T21:31:04.936Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303140\n2. https://vuldb.com/?ctiid.303140\n3. https://vuldb.com/?submit.543841\n4. https://github.com/p1026/CVE/issues/15", "creation_timestamp": "2025-04-03T21:35:26.000000Z"}, {"uuid": "c8da1cf6-193d-4080-8d0a-91253b86e7b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31819", "type": "seen", "source": "https://t.me/cvedetector/21806", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31819 - Pixelgrade Nova Blocks Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31819 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks by Pixelgrade. This issue affects Nova Blocks by Pixelgrade: from n/a through 2.1.8. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:01.000000Z"}, {"uuid": "25edbf01-c3d5-4636-b201-fd1016521628", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31813", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9967", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31813\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Website366.com WPSHARE247 Elementor Addons allows Stored XSS. This issue affects WPSHARE247 Elementor Addons: from n/a through 2.1.\n\ud83d\udccf Published: 2025-04-01T14:51:41.800Z\n\ud83d\udccf Modified: 2025-04-01T18:19:35.822Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpshare247-elementor-addons/vulnerability/wordpress-wpshare247-elementor-addons-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:46.000000Z"}, {"uuid": "1c99b630-7cf3-40fb-baa8-d7ec9026cfbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31812", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9966", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31812\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas BuddyPress Members Only allows Stored XSS. This issue affects BuddyPress Members Only: from n/a through 3.5.3.\n\ud83d\udccf Published: 2025-04-01T14:51:41.048Z\n\ud83d\udccf Modified: 2025-04-01T18:19:53.792Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/buddypress-members-only/vulnerability/wordpress-buddypress-members-only-plugin-3-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:42.000000Z"}, {"uuid": "ebba96ec-c1c1-4078-b740-4c37e959ecf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31814", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9971", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31814\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez allows Cross Site Request Forgery. This issue affects OwnerRez: from n/a through 1.2.0.\n\ud83d\udccf Published: 2025-04-01T14:51:42.462Z\n\ud83d\udccf Modified: 2025-04-01T18:15:07.554Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ownerrez/vulnerability/wordpress-ownerrez-plugin-1-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:49.000000Z"}, {"uuid": "5985ffc9-52a5-4140-b067-709d302b96a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31819", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llrxufb2wj2s", "content": "", "creation_timestamp": "2025-04-01T22:57:12.727365Z"}, {"uuid": "bbe2e631-f507-432e-9481-30a829f6f322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3181", "type": "seen", "source": "https://t.me/cvedetector/22037", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3181 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3181 \nPublished : April 3, 2025, 10:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T02:06:56.000000Z"}]}