{"vulnerability": "CVE-2025-3098", "sightings": [{"uuid": "8a514bb3-9edb-41a4-b6dc-087ef5213e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30985", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114342528151747458", "content": "", "creation_timestamp": "2025-04-15T14:48:41.537267Z"}, {"uuid": "8677c00e-b965-4388-b44c-864792759bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30985", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:34.276016Z"}, {"uuid": "723d03e4-019f-4f53-93d6-779a290ee41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30984", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11956", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30984\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7.\n\ud83d\udccf Published: 2025-04-15T21:53:15.127Z\n\ud83d\udccf Modified: 2025-04-15T21:53:15.127Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/seo-automatic-seo-tools/vulnerability/wordpress-seo-tools-plugin-4-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T22:56:02.000000Z"}, {"uuid": "a8f6d747-3065-4e7f-8fcd-384ed3ee0284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30987", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9598", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30987\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.16.\n\ud83d\udccf Published: 2025-03-31T06:07:10.811Z\n\ud83d\udccf Modified: 2025-03-31T06:07:10.811Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-blocks/vulnerability/wordpress-jetblocks-for-elementor-plugin-1-3-16-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:06.000000Z"}, {"uuid": "0257edfe-577a-4222-8a09-a2ba375292d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3098", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3098\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-04-02T09:21:43.601Z\n\ud83d\udccf Modified: 2025-04-02T09:21:43.601Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/587e28ea-b3f4-4e40-a7d2-c6a01ac905bf?source=cve\n2. https://plugins.trac.wordpress.org/browser/video-sidebar-widget/tags/1.0.0.3/delete.php\n3. https://plugins.trac.wordpress.org/browser/video-sidebar-widget/tags/1.0.0.3/video_edit.php\n4. https://wordpress.org/plugins/video-sidebar-widget/", "creation_timestamp": "2025-04-02T09:34:29.000000Z"}, {"uuid": "1c6f4e5d-d994-4a26-b873-368e4cddcd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30985", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11786", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30985\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4.\n\ud83d\udccf Published: 2025-04-15T11:59:08.069Z\n\ud83d\udccf Modified: 2025-04-15T11:59:08.069Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gnucommerce/vulnerability/wordpress-gnucommerce-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:26.000000Z"}, {"uuid": "3c9ca059-7256-415d-9280-317e2e5998e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30984", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5o3qyk32h", "content": "", "creation_timestamp": "2025-04-15T22:44:18.436836Z"}, {"uuid": "db5cc362-ca9c-4a23-a537-e4fabb1690b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30982", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5o3nida2g", "content": "", "creation_timestamp": "2025-04-15T22:44:17.832338Z"}, {"uuid": "9b6cfe5b-6e0d-439c-a73b-cc3e5ace7ea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30982", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11957", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30982\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8.\n\ud83d\udccf Published: 2025-04-15T21:53:14.959Z\n\ud83d\udccf Modified: 2025-04-15T21:53:14.959Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mybookprogress/vulnerability/wordpress-mybookprogress-by-stormhill-media-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T22:56:03.000000Z"}, {"uuid": "95923a57-8dcb-428e-9cfb-8ad1a618381a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30985", "type": "seen", "source": "https://t.me/cvedetector/22936", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30985 - GNUCommerce NotFound Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30985 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:07.000000Z"}, {"uuid": "b5fcb8ec-01c2-40e6-8c9b-2586402168ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30987", "type": "seen", "source": "https://t.me/cvedetector/21548", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30987 - JetBlocks For Elementor Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-30987 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.16. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:08.000000Z"}, {"uuid": "1b62314e-4b94-4396-b0b3-7bceb23aee76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30984", "type": "seen", "source": "https://t.me/cvedetector/23018", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30984 - NotFound SEO Tools Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-30984 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:48:48.000000Z"}, {"uuid": "cd59a04a-af59-4252-8942-22427b21a268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30982", "type": "seen", "source": "https://t.me/cvedetector/23028", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30982 - Stormhill Media MyBookProgress Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-30982 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:49:01.000000Z"}, {"uuid": "b29bb423-36f1-4420-8e8e-ebe4f8a12001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3098", "type": "seen", "source": "https://t.me/cvedetector/21856", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3098 - WordPress Video Url Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-3098 \nPublished : April 2, 2025, 10:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T14:58:57.000000Z"}]}