{"vulnerability": "cve-2025-3182", "sightings": [{"uuid": "cb3bd5ec-cf2d-4765-8c31-37f9152c3a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3182", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llxacudoqh2u", "content": "", "creation_timestamp": "2025-04-04T01:11:48.630766Z"}, {"uuid": "da30decb-9378-4de7-9ba7-ed03f9e3b8fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31828", "type": "seen", "source": "Telegram/L0cFcm6S1F1svW4k55Pq2JGBMr8SGws0gJeKBbgjH-EsWCM", "content": "", "creation_timestamp": "2026-04-01T21:29:45.000000Z"}, {"uuid": "33bde3fa-df4a-4200-90b6-170e9580e197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31821", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9974", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31821\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6.\n\ud83d\udccf Published: 2025-04-01T14:51:45.775Z\n\ud83d\udccf Modified: 2025-04-01T18:12:42.738Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/integration-of-zoho-crm-and-contact-form-7/vulnerability/wordpress-integration-of-zoho-crm-and-contact-form-7-plugin-1-0-6-open-redirection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:55.000000Z"}, {"uuid": "62df3c5a-98d9-4ca0-80f7-cbfee1b83225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31826", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9981", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31826\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.\n\ud83d\udccf Published: 2025-04-01T14:51:48.162Z\n\ud83d\udccf Modified: 2025-04-01T18:00:11.278Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:33:04.000000Z"}, {"uuid": "2bf41019-8719-40f8-8691-02265e0f1d98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3182", "type": "seen", "source": "https://t.me/cvedetector/22036", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3182 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3182 \nPublished : April 3, 2025, 10:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T02:06:56.000000Z"}, {"uuid": "37158041-2cf0-4605-b0a7-23dad4210b70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31828", "type": "published-proof-of-concept", "source": "Telegram/KTve-ylqtLiLjqXZhMB9xyx1YNgyBl72T9B20ArtsU9PWWM", "content": "", "creation_timestamp": "2026-04-01T21:29:22.000000Z"}, {"uuid": "751eafc1-7527-4d5b-af33-71fb8c975e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31820", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9972", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31820\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.\n\ud83d\udccf Published: 2025-04-01T14:51:45.247Z\n\ud83d\udccf Modified: 2025-04-01T18:14:22.701Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:53.000000Z"}, {"uuid": "39abdc3d-7cb7-4dc6-840d-0909f4b7852f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31824", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9980", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31824\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7.\n\ud83d\udccf Published: 2025-04-01T14:51:47.645Z\n\ud83d\udccf Modified: 2025-04-01T18:00:34.766Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-optin-wheel/vulnerability/wordpress-wp-optin-wheel-plugin-1-4-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:33:03.000000Z"}, {"uuid": "0e1b4de3-f70e-4d38-a8a3-e53dc320db0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31823", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9977", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31823\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons allows Stored XSS. This issue affects WPoperation Elementor Addons: from n/a through 1.1.9.\n\ud83d\udccf Published: 2025-04-01T14:51:46.887Z\n\ud83d\udccf Modified: 2025-04-01T18:11:03.827Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpop-elementor-addons/vulnerability/wordpress-wpoperation-elementor-addons-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:33:00.000000Z"}, {"uuid": "001ff564-52fd-4ad8-bda4-afd83d091e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31822", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9976", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31822\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2.\n\ud83d\udccf Published: 2025-04-01T14:51:46.314Z\n\ud83d\udccf Modified: 2025-04-01T18:11:32.467Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-simple-html-sitemap/vulnerability/wordpress-wordpress-simple-html-sitemap-plugin-3-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:56.000000Z"}, {"uuid": "64918739-ed0a-4b4f-b513-c4887b104e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3182", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10357", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3182\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T21:31:07.079Z\n\ud83d\udccf Modified: 2025-04-03T21:31:07.079Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303141\n2. https://vuldb.com/?ctiid.303141\n3. https://vuldb.com/?submit.543842\n4. https://github.com/p1026/CVE/issues/16", "creation_timestamp": "2025-04-03T21:35:25.000000Z"}]}