{"vulnerability": "CVE-2025-3292", "sightings": [{"uuid": "d6e52b06-4c51-4adf-9de5-918d5065c52d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32929", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3td4wlx24", "content": "", "creation_timestamp": "2025-04-15T12:38:41.224725Z"}, {"uuid": "363d304c-f67a-4515-b6d0-4685009689ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32929", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:34.502356Z"}, {"uuid": "6d6379ca-7ca1-4a55-a4cd-9e16fb75d087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32920", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpk2zbvm7f2h", "content": "", "creation_timestamp": "2025-05-19T17:13:09.968414Z"}, {"uuid": "21c3611c-12ce-451c-9802-c837de065983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32923", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5o3ufyy2g", "content": "", "creation_timestamp": "2025-04-15T22:44:19.176944Z"}, {"uuid": "f5ae9b37-20b1-43bb-b21b-bb4aa2464a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32923", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lmv5r3a3mx2c", "content": "", "creation_timestamp": "2025-04-15T22:45:49.580443Z"}, {"uuid": "ae37050c-17a7-4f97-a47a-b37c8e122f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32924", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzxs7ht24", "content": "", "creation_timestamp": "2025-05-19T20:48:09.312923Z"}, {"uuid": "bd1d21fe-45e1-43b1-8c24-8a7dbe206002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32925", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzy6g742t", "content": "", "creation_timestamp": "2025-05-19T20:48:10.545136Z"}, {"uuid": "74bb5060-ced5-4c59-bb4b-ee839aeeaf9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzyuczm2t", "content": "", "creation_timestamp": "2025-05-19T20:48:14.035449Z"}, {"uuid": "18b720dc-82bb-429d-96b8-46cd96532da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32928", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzz6rp42e", "content": "", "creation_timestamp": "2025-05-19T20:48:16.002637Z"}, {"uuid": "120394bf-4999-4264-a23d-02abf3fadbc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32927", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzzfhu42t", "content": "", "creation_timestamp": "2025-05-19T20:48:17.097931Z"}, {"uuid": "7508352e-1844-4966-a56b-6fa34470eae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32928", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpkn7zhrjjl2", "content": "", "creation_timestamp": "2025-05-19T22:39:04.600804Z"}, {"uuid": "f35ec8f6-21a2-43a0-bbc4-a118123b2cf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32924", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpknaxcmsyb2", "content": "", "creation_timestamp": "2025-05-19T22:39:29.029897Z"}, {"uuid": "4957f902-127c-4162-ac16-e94bea6a9898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32925", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpknay3yz7v2", "content": "", "creation_timestamp": "2025-05-19T22:39:37.972529Z"}, {"uuid": "bc27347d-3143-4559-963e-6341ff093f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32926", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpknaznmjui2", "content": "", "creation_timestamp": "2025-05-19T22:39:38.643802Z"}, {"uuid": "0655e0b8-8eb1-49fd-aba0-0d2aaeb9a80d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32927", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpknb35wiqv2", "content": "", "creation_timestamp": "2025-05-19T22:39:39.361069Z"}, {"uuid": "aef413a9-9d5d-4e61-bde9-ee0474dbd89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3292", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3292\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.\n\ud83d\udccf Published: 2025-04-12T06:37:16.694Z\n\ud83d\udccf Modified: 2025-04-12T06:37:16.694Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=cve\n2. https://plugins.trac.wordpress.org/browser/user-registration/tags/4.1.3/includes/class-ur-ajax.php#L323\n3. https://plugins.trac.wordpress.org/changeset/3268617/user-registration/trunk/includes/class-ur-ajax.php", "creation_timestamp": "2025-04-12T06:51:50.000000Z"}, {"uuid": "dfc12fea-d1db-4c04-a445-c7ec6a438c1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32923", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32923\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.\n\ud83d\udccf Published: 2025-04-15T21:53:58.229Z\n\ud83d\udccf Modified: 2025-04-15T21:53:58.229Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/tourmaster/vulnerability/wordpress-tourmaster-plugin-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T22:56:02.000000Z"}, {"uuid": "1e4307ff-8f92-4538-82c0-1e7881cf104f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16934", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32925\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0.\n\ud83d\udccf Published: 2025-05-19T19:56:57.237Z\n\ud83d\udccf Modified: 2025-05-19T19:56:57.237Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rewardsystem/vulnerability/wordpress-sumo-reward-points-plugin-30-7-0-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T20:39:30.000000Z"}, {"uuid": "93faf86e-334c-419e-a2dc-93d51a6402a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32928", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16938", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32928\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.\n\ud83d\udccf Published: 2025-05-19T19:53:26.530Z\n\ud83d\udccf Modified: 2025-05-19T19:53:26.530Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/altair/vulnerability/wordpress-altair-theme-5-2-2-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T20:39:36.000000Z"}, {"uuid": "57439d71-d705-49eb-b52a-756c465003cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32927", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16937", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32927\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.\n\ud83d\udccf Published: 2025-05-19T19:54:47.090Z\n\ud83d\udccf Modified: 2025-05-19T19:54:47.090Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-foodbakery/vulnerability/wordpress-foodbakery-plugin-3-3-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T20:39:35.000000Z"}, {"uuid": "25eb3ceb-1a5b-40c2-84a1-0a91e96df1fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16936", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32926\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.\n\ud83d\udccf Published: 2025-05-19T19:55:38.253Z\n\ud83d\udccf Modified: 2025-05-19T19:55:38.253Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/grandrestaurant/vulnerability/wordpress-grand-restaurant-wordpress-theme-7-0-path-traversal-to-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T20:39:35.000000Z"}, {"uuid": "0812faf5-b3b9-481e-85e4-6dca54278096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32920", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16869", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32920\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2.\n\ud83d\udccf Published: 2025-05-19T16:05:49.475Z\n\ud83d\udccf Modified: 2025-05-19T16:05:49.475Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-plugin-2-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T16:38:53.000000Z"}, {"uuid": "12f231e4-fc0a-450f-9d9e-60bec4569acc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32924", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16933", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32924\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.\n\ud83d\udccf Published: 2025-05-19T19:57:42.192Z\n\ud83d\udccf Modified: 2025-05-19T19:57:42.192Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-2-1-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T20:39:29.000000Z"}, {"uuid": "cfa1e787-d128-4cd4-b88b-63e158598e5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32923", "type": "seen", "source": "https://t.me/cvedetector/23017", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32923 - Tourmaster Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-32923 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:48:47.000000Z"}, {"uuid": "7ec146e0-9403-4b12-8273-dc95acbe0d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32929", "type": "seen", "source": "https://t.me/cvedetector/22937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32929 - UKR Solution Barcode Generator for WooCommerce Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32929 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Dmitry V. (CEO of \"UKR Solution\") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:07.000000Z"}, {"uuid": "3de1f7b2-a90e-4867-91ff-2124d7b34b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3292", "type": "seen", "source": "https://t.me/cvedetector/22794", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3292 - WordPress User Registration & Membership Insecure Direct Object Reference (IDOR)\", \n  \"Content\": \"CVE ID : CVE-2025-3292 \nPublished : April 12, 2025, 7:15 a.m. | 59\u00a0minutes ago \nDescription : The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-12T10:50:26.000000Z"}]}