{"vulnerability": "CVE-2025-3142", "sightings": [{"uuid": "6e728dec-fd1a-484d-83de-dd4a040827e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3142", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvdot7uf42c", "content": "", "creation_timestamp": "2025-04-03T07:06:45.543155Z"}, {"uuid": "9af41b45-615d-4dc3-9e44-ef6dcc0ffe77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31424", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17734", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31424\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3.\n\ud83d\udccf Published: 2025-06-09T15:56:38.948Z\n\ud83d\udccf Modified: 2025-06-09T17:22:42.936Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/leadcapture/vulnerability/wordpress-wp-lead-capturing-pages-plugin-2-3-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T18:11:24.000000Z"}, {"uuid": "bb98c3b1-21b7-46c8-a64d-560c2f9c8498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-31420", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lm76yndhgd2x", "content": "", "creation_timestamp": "2025-04-07T05:09:22.979772Z"}, {"uuid": "c32c4e76-a7e8-4f45-b17a-a86ee4df0201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31421", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10444", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31421\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0.\n\ud83d\udccf Published: 2025-04-04T12:59:15.703Z\n\ud83d\udccf Modified: 2025-04-04T12:59:15.703Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/srbtranslatin/vulnerability/wordpress-srbtranslatin-plugin-3-2-0-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:52.000000Z"}, {"uuid": "234e8dba-3035-438f-b68e-4e60c59102ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31420", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10443", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31420\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L)\n\ud83d\udd39 Description: Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.\n\ud83d\udccf Published: 2025-04-04T13:00:13.600Z\n\ud83d\udccf Modified: 2025-04-04T13:00:13.600Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-2-4-2-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:51.000000Z"}, {"uuid": "b409e6e0-9107-4084-8764-90ff79c03861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31428", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31428\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8.\n\ud83d\udccf Published: 2025-06-27T11:52:37.516Z\n\ud83d\udccf Modified: 2025-06-27T13:42:29.102Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/hydro/vulnerability/wordpress-hydro-theme-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-27T13:50:45.000000Z"}, {"uuid": "1c846a70-0a91-4b67-914e-bb4ec689e404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31429", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31429\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1.\n\ud83d\udccf Published: 2025-06-09T15:56:36.838Z\n\ud83d\udccf Modified: 2025-06-09T17:22:54.650Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/press-grid/vulnerability/wordpress-pressgrid-frontend-publish-reaction-multimedia-theme-1-3-1-deserialization-of-untrusted-data-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T18:11:22.000000Z"}, {"uuid": "069b4d14-7d00-443c-8761-ad3b19c6cffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31420", "type": "seen", "source": "https://t.me/cvedetector/22121", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31420 - Tomdever wpForo Forum Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-31420 \nPublished : April 4, 2025, 1:15 p.m. | 41\u00a0minutes ago \nDescription : Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T16:20:51.000000Z"}, {"uuid": "adfb4863-e336-4dbf-bd9f-17a0d8830891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3142", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10161", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3142\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.\n\ud83d\udccf Published: 2025-04-03T05:31:05.298Z\n\ud83d\udccf Modified: 2025-04-03T05:31:05.298Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303047\n2. https://vuldb.com/?ctiid.303047\n3. https://vuldb.com/?submit.525320\n4. https://github.com/Lena-lyy/SQL/blob/main/SQL3.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-03T05:36:28.000000Z"}, {"uuid": "4134d9e3-afe9-41da-9340-ee79192301ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31426", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31426\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player allows Reflected XSS. This issue affects Sticky Radio Player: from n/a through 3.4.\n\ud83d\udccf Published: 2025-06-09T15:56:37.872Z\n\ud83d\udccf Modified: 2025-06-09T17:22:48.774Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/lbg-audio5-html5-shoutcast_sticky/vulnerability/wordpress-sticky-radio-player-plugin-3-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T18:11:23.000000Z"}, {"uuid": "45319959-27bc-4433-ab6f-e5800d0b1280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3142", "type": "seen", "source": "https://t.me/cvedetector/21942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3142 - SourceCodester Apartment Visitor Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-3142 \nPublished : April 3, 2025, 6:15 a.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T09:22:44.000000Z"}, {"uuid": "acb8e7c5-50ca-48e4-b937-7b38e09f40b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31421", "type": "seen", "source": "https://t.me/cvedetector/22122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31421 - Oblak Studio Srbtranslatin Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31421 \nPublished : April 4, 2025, 1:15 p.m. | 41\u00a0minutes ago \nDescription : Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T16:20:52.000000Z"}]}