{"vulnerability": "CVE-2025-3092", "sightings": [{"uuid": "1028069f-a230-4288-b91c-beb2b74245c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114737345025910183", "content": "", "creation_timestamp": "2025-06-24T08:15:45.877793Z"}, {"uuid": "cc57ba0e-4490-4013-9e45-53f2c3aa2a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lsdnsfqipjb2", "content": "", "creation_timestamp": "2025-06-24T08:16:22.328661Z"}, {"uuid": "00ea4c50-1e79-410a-a44e-e2382e6bf3ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114737349309802470", "content": "", "creation_timestamp": "2025-06-24T08:16:51.214355Z"}, {"uuid": "47889c8d-85b2-469a-a1e6-0ded8b479b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lsdntrnbheb2", "content": "", "creation_timestamp": "2025-06-24T08:17:01.053146Z"}, {"uuid": "2cd619eb-3e71-422b-8d3c-d0fd35a8336d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30924", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9853", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30924\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a.\n\ud83d\udccf Published: 2025-04-01T05:31:41.181Z\n\ud83d\udccf Modified: 2025-04-01T05:31:41.181Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/primer-mydata/vulnerability/wordpress-primer-mydata-for-woocommerce-plugin-4-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:32:04.000000Z"}, {"uuid": "e1d49e5f-7d76-4bc5-bd1f-d878c90b51df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30920", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30920\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7.\n\ud83d\udccf Published: 2025-03-27T10:55:56.654Z\n\ud83d\udccf Modified: 2025-03-27T10:55:56.654Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-posts-carousel/vulnerability/wordpress-wp-posts-carousel-plugin-1-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:19.000000Z"}, {"uuid": "3368d420-3e49-4c2b-8400-7f265c795272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30921", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9042", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30921\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.\n\ud83d\udccf Published: 2025-03-27T10:55:57.363Z\n\ud83d\udccf Modified: 2025-03-27T10:55:57.363Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-9-9-7-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:18.000000Z"}, {"uuid": "e6a4b8ce-b489-4c3a-8a8b-c90808c93882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30922", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9041", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30922\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1.\n\ud83d\udccf Published: 2025-03-27T10:55:58.072Z\n\ud83d\udccf Modified: 2025-03-27T10:55:58.072Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simplebooklet/vulnerability/wordpress-simplebooklet-pdf-viewer-and-embedder-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:17.000000Z"}, {"uuid": "fe4e8a60-a3b7-4cb1-a52b-1f79da1db042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30923", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9040", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30923\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8.\n\ud83d\udccf Published: 2025-03-27T10:55:58.799Z\n\ud83d\udccf Modified: 2025-03-27T10:55:58.799Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gift-message-for-woocommerce/vulnerability/wordpress-gift-message-for-woocommerce-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:16.000000Z"}, {"uuid": "41b75d71-c957-4f9e-b13d-8f322546c739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsduoboiwp2i", "content": "", "creation_timestamp": "2025-06-24T10:19:06.863040Z"}, {"uuid": "e7e6f403-2315-4a41-8305-4783e62ce4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30925\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1.\n\ud83d\udccf Published: 2025-03-27T10:56:07.994Z\n\ud83d\udccf Modified: 2025-03-27T10:56:07.994Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/the-pack-addon/vulnerability/wordpress-the-pack-elementor-addons-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:15.000000Z"}, {"uuid": "8fd037af-f20b-4e9d-8ce0-a5dd86ebfa05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30926", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9852", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30926\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58.\n\ud83d\udccf Published: 2025-04-01T05:31:41.359Z\n\ud83d\udccf Modified: 2025-04-01T05:31:41.359Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/king-addons/vulnerability/wordpress-king-addons-for-elementor-plugin-24-12-58-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:32:03.000000Z"}, {"uuid": "3b45ed72-9546-4d6c-8174-5d71a408adb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30922", "type": "seen", "source": "https://t.me/cvedetector/21287", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30922 - Simplebooklet PDF Viewer and Embedder Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-30922 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:37.000000Z"}, {"uuid": "556484ea-1ddd-4eee-a900-afd498b43a84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3092", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19323", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3092\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.\n\ud83d\udccf Published: 2025-06-24T08:14:31.864Z\n\ud83d\udccf Modified: 2025-06-24T08:14:31.864Z\n\ud83d\udd17 References:\n1. https://certvde.com/en/advisories/VDE-2025-035\n2. https://certvde.com/en/advisories/VDE-2025-038", "creation_timestamp": "2025-06-24T08:50:38.000000Z"}, {"uuid": "2ef8950d-c9fe-40ab-9226-b349dc034e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30921", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/29317", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC of CVE-2025-30921\nURL\uff1ahttps://github.com/DoTTak/CVE-2025-30921\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-03T00:34:13.000000Z"}, {"uuid": "746e39cc-ead5-4cbc-a4ff-361c87c3b248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30923", "type": "seen", "source": "https://t.me/cvedetector/21282", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30923 - Powerfulwp Gift Message for WooCommerce CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30923 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:30.000000Z"}, {"uuid": "39bc19b6-64a2-4997-b8e1-fa408114d1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30920", "type": "seen", "source": "https://t.me/cvedetector/21286", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30920 - Teastudio.pl WP Posts Carousel Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-30920 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:36.000000Z"}, {"uuid": "04a210a6-d93f-4ddc-9b47-a9aa30fe9bc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30921", "type": "published-proof-of-concept", "source": "Telegram/FNC1P0Gl8d6qmm8YowDYr7uAJgPIxQ7tBQIyYwFKfWivDuY", "content": "", "creation_timestamp": "2025-04-03T05:00:06.000000Z"}, {"uuid": "18d50c25-98a2-4096-8fc4-8b22e6d96707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30921", "type": "seen", "source": "https://t.me/cvedetector/21289", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30921 - Tribulant Software Newsletters SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-30921 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:42.000000Z"}, {"uuid": "bd405e0b-bb79-49a4-a0be-4bc52bceb2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30925", "type": "seen", "source": "https://t.me/cvedetector/21283", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30925 - Webangon Elementor Pack Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-30925 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:34.000000Z"}, {"uuid": "45182038-fc4e-4142-92d7-cd6317d6d366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30926", "type": "seen", "source": "https://t.me/cvedetector/21724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30926 - KingAddons.com King Addons for Elementor Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30926 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:43.000000Z"}, {"uuid": "b7f8f1cf-e775-44e3-a6a6-0654c58ea9ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30924", "type": "seen", "source": "https://t.me/cvedetector/21723", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30924 - Primer MyData for Woocommerce Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-30924 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:42.000000Z"}]}