{"vulnerability": "cve-2025-5002", "sightings": [{"uuid": "66be44ad-8c24-4022-8fa4-b9ac65e5c600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50023", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19250", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50023\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Coyier CodePen Embed Block allows Stored XSS. This issue affects CodePen Embed Block: from n/a through 1.1.1.\n\ud83d\udccf Published: 2025-06-20T15:03:57.125Z\n\ud83d\udccf Modified: 2025-06-23T19:35:53.660Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/codepen-embed-block/vulnerability/wordpress-codepen-embed-block-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T19:46:56.000000Z"}, {"uuid": "6322b9e3-19d3-444a-9b0c-a716d5793b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5002", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5002\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-20T22:00:11.948Z\n\ud83d\udccf Modified: 2025-05-20T22:00:11.948Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309657\n2. https://vuldb.com/?ctiid.309657\n3. https://vuldb.com/?submit.580192\n4. https://github.com/laifeng-boy/cve/issues/5\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-05-20T22:40:41.000000Z"}, {"uuid": "26a94009-2260-4a6f-af43-a0377bb37594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50021", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19252", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50021\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Better Random Redirect allows Stored XSS. This issue affects Better Random Redirect: from n/a through 1.3.20.\n\ud83d\udccf Published: 2025-06-20T15:03:58.071Z\n\ud83d\udccf Modified: 2025-06-23T19:35:16.477Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/better-random-redirect/vulnerability/wordpress-better-random-redirect-plugin-1-3-20-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T19:46:58.000000Z"}, {"uuid": "fc790c4d-05dd-456a-ab99-0481b7d99c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50022", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19251", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50022\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3.\n\ud83d\udccf Published: 2025-06-20T15:03:57.594Z\n\ud83d\udccf Modified: 2025-06-23T19:35:36.110Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-fb-autoconnect/vulnerability/wordpress-wp-fb-autoconnect-plugin-4-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T19:46:57.000000Z"}, {"uuid": "59b79838-38d9-47af-b667-42e5384fa05a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50020", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19253", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50020\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitin Yawalkar RDFa Breadcrumb allows Stored XSS. This issue affects RDFa Breadcrumb: from n/a through 2.3.\n\ud83d\udccf Published: 2025-06-20T15:03:58.555Z\n\ud83d\udccf Modified: 2025-06-23T19:34:55.872Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rdfa-breadcrumb/vulnerability/wordpress-rdfa-breadcrumb-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-23T19:46:59.000000Z"}, {"uuid": "59532f23-456b-41fc-bbd0-0cbc3e354c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50024", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19329", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50024\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3.\n\ud83d\udccf Published: 2025-06-20T15:03:56.651Z\n\ud83d\udccf Modified: 2025-06-24T13:34:51.331Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/atp-call-now/vulnerability/wordpress-atp-call-now-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-24T13:50:37.000000Z"}, {"uuid": "add9aef6-89cc-4221-a7b1-d74b12b1f51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-50025", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19328", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-50025\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81.\n\ud83d\udccf Published: 2025-06-20T15:03:56.190Z\n\ud83d\udccf Modified: 2025-06-24T13:35:29.611Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/cp-polls/vulnerability/wordpress-cp-polls-plugin-1-0-81-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-24T13:50:36.000000Z"}, {"uuid": "305e546b-bd1b-428e-98d3-b6c57620639d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpn7mr4g5x2w", "content": "", "creation_timestamp": "2025-05-20T23:13:37.145361Z"}]}