{"vulnerability": "cve-2025-49966", "sightings": [{"uuid": "a01ee8fb-1152-49e2-8fa0-a3b221c165b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-49966", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18989", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49966\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.\n\ud83d\udccf Published: 2025-06-20T15:04:22.175Z\n\ud83d\udccf Modified: 2025-06-20T16:24:09.621Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/oganro-travel-portal-search-widget-for-hotelbeds-apitude-api/vulnerability/wordpress-oganro-travel-portal-search-widget-for-hotelbeds-apitude-api-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-20T16:44:45.000000Z"}]}