{"vulnerability": "CVE-2025-3154", "sightings": [{"uuid": "71383a3b-03f7-4294-9f46-e87b685e2483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31542", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114257829782218361", "content": "", "creation_timestamp": "2025-03-31T15:48:45.951098Z"}, {"uuid": "6c80807b-7c91-481d-a7c0-45eb0371d996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31547", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3llolit2p4s2q", "content": "", "creation_timestamp": "2025-03-31T14:37:55.137669Z"}, {"uuid": "7d7f7687-0278-44a9-bb3f-998efac7fb69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31547", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114257829821699756", "content": "", "creation_timestamp": "2025-03-31T15:48:45.470864Z"}, {"uuid": "9d3d5ca3-0ac9-4f0c-b1ac-17c17bc18dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31547", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114257829821699756", "content": "", "creation_timestamp": "2025-03-31T15:48:45.466457Z"}, {"uuid": "1daf235c-394a-407d-81ea-6d5a14f92e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31542", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114257829782218361", "content": "", "creation_timestamp": "2025-03-31T15:48:45.983281Z"}, {"uuid": "f0e8d6d0-893b-4727-a58e-dc105f5c51ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31545", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9656", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31545\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Safe Ai Malware Protection for WP: from n/a through 1.0.20.\n\ud83d\udccf Published: 2025-03-31T12:55:13.987Z\n\ud83d\udccf Modified: 2025-03-31T14:10:48.165Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/safe-ai-malware-protection-for-wp/vulnerability/wordpress-safe-ai-malware-protection-for-wp-plugin-1-0-20-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:02.000000Z"}, {"uuid": "13657854-add5-4286-a778-f619c3f2629a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9655", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31544\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0.\n\ud83d\udccf Published: 2025-03-31T12:55:13.444Z\n\ud83d\udccf Modified: 2025-03-31T14:11:19.251Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/swiss-toolkit-for-wp/vulnerability/wordpress-swiss-toolkit-for-wp-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:02.000000Z"}, {"uuid": "25ea0dd1-71d5-4b24-932c-047de029f0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9654", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31543\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twice Commerce Twice Commerce allows DOM-Based XSS. This issue affects Twice Commerce: from n/a through 1.3.1.\n\ud83d\udccf Published: 2025-03-31T12:55:12.863Z\n\ud83d\udccf Modified: 2025-03-31T14:12:33.207Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/embed-rentle/vulnerability/wordpress-twice-commerce-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:01.000000Z"}, {"uuid": "66ee9426-2ba1-49a0-a656-86b41043fc2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31540", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31540\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in acmemediakits ACME Divi Modules allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ACME Divi Modules: from n/a through 1.3.5.\n\ud83d\udccf Published: 2025-03-31T12:55:11.719Z\n\ud83d\udccf Modified: 2025-03-31T18:56:34.520Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/acme-divi-modules/vulnerability/wordpress-acme-divi-modules-plugin-1-3-5-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T19:31:09.000000Z"}, {"uuid": "713a73bf-d74f-4840-8b3d-6eafc021ef66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9657", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31546\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0.\n\ud83d\udccf Published: 2025-03-31T12:55:14.507Z\n\ud83d\udccf Modified: 2025-03-31T14:10:19.264Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/swiss-toolkit-for-wp/vulnerability/wordpress-swiss-toolkit-for-wp-plugin-1-3-0-broken-access-control-vulnerability-2?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:03.000000Z"}, {"uuid": "b26e5ced-9ab8-412b-9575-5b7801032e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9658", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31547\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows SQL Injection. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.\n\ud83d\udccf Published: 2025-03-31T12:55:15.105Z\n\ud83d\udccf Modified: 2025-03-31T14:09:54.400Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/uptime-robot-monitor/vulnerability/wordpress-uptime-robot-plugin-for-wordpress-plugin-2-3-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:04.000000Z"}, {"uuid": "0a7dde99-023d-4a6a-83ce-9e168edded22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3154", "type": "seen", "source": "https://t.me/cvedetector/21931", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3154 - Xpdf Out-of-bounds Array Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3154 \nPublished : April 2, 2025, 11:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T02:41:48.000000Z"}, {"uuid": "14aec9f7-5037-4a97-b79b-a1ee8f6345af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31542", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9651", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31542\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro allows Blind SQL Injection. This issue affects My auctions allegro: from n/a through 3.6.20.\n\ud83d\udccf Published: 2025-03-31T12:55:12.286Z\n\ud83d\udccf Modified: 2025-03-31T14:24:13.949Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/my-auctions-allegro-free-edition/vulnerability/wordpress-my-auctions-allegro-plugin-3-6-20-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:31:55.000000Z"}, {"uuid": "7332baf2-fb2b-4344-bca6-7fca39e1d1be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3154", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10147", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3154\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.\n\ud83d\udccf Published: 2025-04-02T22:18:46.033Z\n\ud83d\udccf Modified: 2025-04-02T22:18:46.033Z\n\ud83d\udd17 References:\n1. https://www.xpdfreader.com/security-bug/CVE-2025-3154.html", "creation_timestamp": "2025-04-02T22:34:29.000000Z"}, {"uuid": "461b91d1-09a8-424f-a4fb-3c9c3eafc693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31548", "type": "seen", "source": "https://t.me/cvedetector/21823", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31548 - M. Tuhin Ultimate Push Notifications Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31548 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:23.000000Z"}]}