{"vulnerability": "CVE-2025-1562", "sightings": [{"uuid": "f7579cb5-0941-4523-8a33-766c646ccf9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1562", "type": "seen", "source": "Telegram/HqM6uK2LXU7SXVlPrFtYJtTUa7IPac-02SpDf6naVT-Dl2k", "content": "", "creation_timestamp": "2025-06-18T08:30:50.000000Z"}, {"uuid": "c2718d74-4467-46fa-aed6-3470df63fc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15620", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mikaikdgyk2d", "content": "", "creation_timestamp": "2026-04-02T22:20:53.018814Z"}, {"uuid": "ae5f3ad6-ca71-42bb-8bc5-b74d69efc1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15620", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3miknxrazrp2x", "content": "", "creation_timestamp": "2026-04-03T02:22:03.037473Z"}, {"uuid": "011aa09b-559e-47f5-b827-59cc81c3648d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1562", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrygbxd7i52i", "content": "", "creation_timestamp": "2025-06-19T21:02:23.664950Z"}, {"uuid": "9cd08b9a-654e-4f86-b8b0-f81adf7549a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1562", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lruudqn7rq2k", "content": "", "creation_timestamp": "2025-06-18T11:03:16.750361Z"}, {"uuid": "48d0b7b5-88b2-45a6-89cf-f65646202e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15621", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjmmol6ohx2t", "content": "", "creation_timestamp": "2026-04-16T14:29:31.427215Z"}, {"uuid": "4b3ef2de-6dd2-4d1d-9111-2efd5e1ae0dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15625", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjoq2j2jxn26", "content": "", "creation_timestamp": "2026-04-17T10:35:12.672510Z"}, {"uuid": "7489911f-77ec-48a1-b513-84b9e7b2ba71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15624", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjoqveekgm2f", "content": "", "creation_timestamp": "2026-04-17T10:50:13.632917Z"}, {"uuid": "fd0006e5-dc3a-47da-9975-44a9f0b05d92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15621", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116420169665687709", "content": "", "creation_timestamp": "2026-04-17T13:00:15.975272Z"}, {"uuid": "6f0041d8-71fa-4d85-9d48-6a3725a53e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15622", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjoopeyoc52r", "content": "", "creation_timestamp": "2026-04-17T10:11:05.846110Z"}, {"uuid": "f9507b66-7bcb-4fa1-807a-3ba7a8b149f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15623", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjoot7vyfz23", "content": "", "creation_timestamp": "2026-04-17T10:13:14.325733Z"}, {"uuid": "26b72b01-9c0f-495a-8135-3a084bedb598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15620", "type": "seen", "source": "Telegram/wPpcMbRpbo1Ga69LyA-eFh8R0SLzJGU8C7s0zmgI81BZZ_k", "content": "", "creation_timestamp": "2026-04-02T23:18:37.000000Z"}, {"uuid": "4fedbb32-8ac8-4192-9cd9-423f112680c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15623", "type": "seen", "source": "Telegram/Gicxpbsei5vwZhhkOJEP5kItUnFZEzNYMMsg3c4t0xeHr7Q", "content": "", "creation_timestamp": "2026-04-17T11:17:26.000000Z"}, {"uuid": "a86f0071-e125-481b-ae34-0858a9f829e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15625", "type": "seen", "source": "Telegram/Gicxpbsei5vwZhhkOJEP5kItUnFZEzNYMMsg3c4t0xeHr7Q", "content": "", "creation_timestamp": "2026-04-17T11:17:26.000000Z"}, {"uuid": "0eccd945-6af1-4c81-9439-7b417ef2eec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-15624", "type": "seen", "source": "Telegram/Gicxpbsei5vwZhhkOJEP5kItUnFZEzNYMMsg3c4t0xeHr7Q", "content": "", "creation_timestamp": "2026-04-17T11:17:26.000000Z"}, {"uuid": "aa66c551-901c-4f5f-afb3-8bbc39e330e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1562\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site.\n\ud83d\udccf Published: 2025-06-18T07:22:43.948Z\n\ud83d\udccf Modified: 2025-06-18T07:22:43.948Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/admin/class-bwfan-admin.php\n3. https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/api/plugin_status/class-bwfan-api-install-and-activate-plugin.php\n4. https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/class-bwfan-db.php#L153\n5. https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/class-bwfan-api-loader.php\n6. https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/abstracts/class-bwfan-api-base.php", "creation_timestamp": "2025-06-18T07:42:51.000000Z"}]}