{"vulnerability": "cve-2025-3958", "sightings": [{"uuid": "67175f0d-005f-4b73-9f62-b5187c9c522d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39584", "type": "seen", "source": "https://t.me/cvedetector/23097", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39584 - Themewinter Eventin PHP RFI\", \n  \"Content\": \"CVE ID : CVE-2025-39584 \nPublished : April 16, 2025, 1:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T16:02:55.000000Z"}, {"uuid": "a8a40a79-60a2-499c-97f5-721c07b8586b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39589", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwtcbjc6e2i", "content": "", "creation_timestamp": "2025-04-16T14:43:55.371612Z"}, {"uuid": "de9e0202-6552-4420-9429-652a39d43189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwtccatlw2u", "content": "", "creation_timestamp": "2025-04-16T14:43:59.472518Z"}, {"uuid": "4fc76376-4a65-4a10-a5cb-8888a6d7cb66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39585", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwtcckwej2z", "content": "", "creation_timestamp": "2025-04-16T14:44:01.331777Z"}, {"uuid": "e3e7f18f-6dda-4f0a-b3d5-a7b81d50e62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwtcd63ip2h", "content": "", "creation_timestamp": "2025-04-16T14:44:04.482162Z"}, {"uuid": "6eba4bde-df02-46d4-9e92-46128a7b0b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3958", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnrgakkjlek2", "content": "", "creation_timestamp": "2025-04-27T04:40:02.192944Z"}, {"uuid": "4a8c54df-9543-43f6-8534-1e2bb00c639a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3958", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrqik7ohs2t", "content": "", "creation_timestamp": "2025-04-27T07:35:37.069935Z"}, {"uuid": "5093d67c-60cc-4994-8c2a-e1b5b1fd6e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3958", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13601", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3958\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2025-04-27T04:00:05.624Z\n\ud83d\udccf Modified: 2025-04-27T04:00:05.624Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306294\n2. https://vuldb.com/?ctiid.306294\n3. https://vuldb.com/?submit.557146\n4. https://github.com/caigo8/CVE-md/blob/main/Books-Management-System/XSS.md", "creation_timestamp": "2025-04-27T04:09:11.000000Z"}, {"uuid": "50fd0956-9d79-43ec-b191-cfc11bdc706a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39580", "type": "seen", "source": "https://t.me/cvedetector/23263", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39580 - Jidaikobo Dashi Missing Authorization\", \n  \"Content\": \"CVE ID : CVE-2025-39580 \nPublished : April 17, 2025, 4:15 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T20:30:38.000000Z"}, {"uuid": "bfe2b2c3-4273-44e9-a245-e7fbbc235e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3958", "type": "seen", "source": "https://t.me/cvedetector/23826", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3958 - Withstars Books-Management-System Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3958 \nPublished : April 27, 2025, 4:15 a.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T08:48:00.000000Z"}, {"uuid": "f224138a-e0a3-46b9-87f4-f36fdb170a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39582", "type": "seen", "source": "https://t.me/cvedetector/23102", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39582 - Passionate Programmer Peter WP Data Access Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-39582 \nPublished : April 16, 2025, 1:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T16:03:02.000000Z"}, {"uuid": "baa9e02a-66fe-4762-ab67-44ccecdc09a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39589", "type": "seen", "source": "https://t.me/cvedetector/23099", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39589 - WPDeveloper Essential Addons for Elementor Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-39589 \nPublished : April 16, 2025, 1:15 p.m. | 18\u00a0minutes ago \nDescription : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T16:02:57.000000Z"}, {"uuid": "d6d0f491-c6b3-4f2e-8226-1d671278c416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39585", "type": "seen", "source": "https://t.me/cvedetector/23098", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39585 - Themefic Travelfic Toolkit Stored Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-39585 \nPublished : April 16, 2025, 1:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T16:02:56.000000Z"}, {"uuid": "b5285db8-50bb-451f-95f0-b8bdf6437554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39586", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114354325561615240", "content": "", "creation_timestamp": "2025-04-17T16:48:54.663373Z"}, {"uuid": "f1a4624e-db9f-4487-ae59-d4b21ce5e5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39587", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114354325588630584", "content": "", "creation_timestamp": "2025-04-17T16:48:55.239531Z"}, {"uuid": "407639c5-45e7-4618-bacf-af2921ee210a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39588", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114354325620105590", "content": "", "creation_timestamp": "2025-04-17T16:48:55.561502Z"}, {"uuid": "31eae248-db3f-47c0-886e-439efa345114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39588", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmzq3d7tk524", "content": "", "creation_timestamp": "2025-04-17T18:24:24.987995Z"}, {"uuid": "69a4ef5e-24d5-4f3f-8db1-657b290a52be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39587", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmzq3dq6jd2d", "content": "", "creation_timestamp": "2025-04-17T18:24:27.854222Z"}, {"uuid": "336fdf94-dd7e-449b-948e-117ebf39bab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39586", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmzq3dtzxd2b", "content": "", "creation_timestamp": "2025-04-17T18:24:28.479442Z"}, {"uuid": "39e7ff47-f825-4bc5-9f9e-2b1817590bfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39589", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39589\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.\n\ud83d\udccf Published: 2025-04-16T12:44:21.605Z\n\ud83d\udccf Modified: 2025-04-16T12:44:21.605Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:57:07.000000Z"}, {"uuid": "3be25e91-15c3-4d61-94cd-235a43aa8cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39584", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12034", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39584\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.\n\ud83d\udccf Published: 2025-04-16T12:44:22.763Z\n\ud83d\udccf Modified: 2025-04-16T12:44:22.763Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-25-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:57:05.000000Z"}, {"uuid": "dbf8b842-4c3d-49f8-810c-9e8092fdc037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39581", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12032", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39581\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3.\n\ud83d\udccf Published: 2025-04-16T12:44:24.457Z\n\ud83d\udccf Modified: 2025-04-16T12:44:24.457Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/themify-shortcodes/vulnerability/wordpress-themify-shortcodes-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:57:03.000000Z"}, {"uuid": "9b92e5ab-a2cb-4445-826f-0ae646f803a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39585", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12035", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39585\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1.\n\ud83d\udccf Published: 2025-04-16T12:44:22.167Z\n\ud83d\udccf Modified: 2025-04-16T12:44:22.167Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/travelfic-toolkit/vulnerability/wordpress-travelfic-toolkit-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:57:06.000000Z"}, {"uuid": "20f95a52-492c-4218-99c3-93c76def3623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39582", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39582\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36.\n\ud83d\udccf Published: 2025-04-16T12:44:23.867Z\n\ud83d\udccf Modified: 2025-04-16T12:44:23.867Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-data-access/vulnerability/wordpress-wp-data-access-5-5-36-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:57:04.000000Z"}]}