{"vulnerability": "CVE-2025-3809", "sightings": [{"uuid": "6f23e6f2-304f-4537-98e2-a4d7fe01ee1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5laa7gafu2", "content": "", "creation_timestamp": "2025-04-19T07:08:23.794421Z"}, {"uuid": "599f9aca-0a78-4199-931c-8935b8f8d304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qcsxy7i24", "content": "", "creation_timestamp": "2025-04-19T08:39:10.284599Z"}, {"uuid": "15889c5c-f666-4ad5-92dc-37d63cb120c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38092", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsyosp2qiz2q", "content": "", "creation_timestamp": "2025-07-02T17:00:07.661129Z"}, {"uuid": "6aff0db9-01d7-43c9-8545-f2b9628fca05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38093", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsyp2odabq2m", "content": "", "creation_timestamp": "2025-07-02T17:04:34.119613Z"}, {"uuid": "67affe0c-264d-4c5a-aca7-ebe58273f1db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38091", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsyp75rak52p", "content": "", "creation_timestamp": "2025-07-02T17:07:06.971551Z"}, {"uuid": "447b5e27-5459-4854-83d2-12640d5a1c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "https://t.me/cvedetector/23372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3809 - WordPress Debug Log Manager Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-3809 \nPublished : April 19, 2025, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T09:18:09.000000Z"}, {"uuid": "cd48a4f2-7550-44aa-89a8-105c229d75da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38090", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lst2rmiqxp2a", "content": "", "creation_timestamp": "2025-06-30T11:18:16.724601Z"}, {"uuid": "8101b68a-b81f-40d0-b377-0456f76f9b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38091", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lultrwme4c2p", "content": "", "creation_timestamp": "2025-07-23T01:14:59.417101Z"}, {"uuid": "aa447f06-73e8-4ba1-bd4b-ee11deafd7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-38094", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "4e5a9526-3be4-4045-adba-d3be413cc608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-38096", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "337c73e3-015a-41c5-9519-dab6acb6d4ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38091", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "b4275b53-5746-4c28-aaa3-7a7fdb84d58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38092", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "ef8daef3-5723-45b2-ba2a-9f77eca55ce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38096", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "14b7d823-6399-441a-8436-61ab28a491a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38097", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "0c73a830-e406-4b01-b1ec-01d40e229c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38098", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "bd48680f-3c9b-435c-bab5-8189f67c1b1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-38099", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "18ca0158-fad6-499e-98a5-a5a6ef516a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "Telegram/zzVaCcI8H13L6EppQM7gDC4JwhMbW_aJOyorRR1ADu6mf38", "content": "", "creation_timestamp": "2026-04-08T23:30:12.000000Z"}, {"uuid": "849d2931-ba52-49da-b373-212d2c944b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-38090", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19907", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38090\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n   -> cm_chan_msg_send()\n      -> riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn't send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data.  The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.\n\ud83d\udccf Published: 2025-06-30T07:29:45.565Z\n\ud83d\udccf Modified: 2025-06-30T07:29:45.565Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a8b5ea2e302aa5cd00fc7addd8df53c9bde7b5f6\n2. https://git.kernel.org/stable/c/c03ddc183249f03fc7e057e02cae6f89144d0123\n3. https://git.kernel.org/stable/c/58f664614f8c3d6142ab81ae551e466dc6e092e8\n4. https://git.kernel.org/stable/c/ecf5ee280b702270afb02f61b299d3dfe3ec7730\n5. https://git.kernel.org/stable/c/1921781ec4a8824bd0c520bf9363e28a880d14ec\n6. https://git.kernel.org/stable/c/1cce6ac47f4a2ac1766b8a188dc8c8f6d8df2a53\n7. https://git.kernel.org/stable/c/6d5c6711a55c35ce09b90705546050408d9d4b61\n8. https://git.kernel.org/stable/c/50695153d7ddde3b1696dbf0085be0033bf3ddb3", "creation_timestamp": "2025-06-30T07:56:14.000000Z"}, {"uuid": "34838501-1bcd-4705-bbba-08912a689224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-38099", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "da842567-03ef-4de0-aca3-3f2d882b53f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-38095", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "617f2316-f108-4cf7-bc3c-71d1fde594a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3809\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-04-19T05:30:13.857Z\n\ud83d\udccf Modified: 2025-04-19T05:30:13.857Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cbc3210d-224e-4ed2-ada7-dc17deb17584?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3267252%40debug-log-manager&new=3267252%40debug-log-manager&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-19T06:00:14.000000Z"}, {"uuid": "7c4a4139-2e39-405f-81f7-caa1cd96a9fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3809", "type": "seen", "source": "Telegram/25SvoNQFiI6s5CtkHrUzp6U_ApVychDL__GBMOiYdEXsa-8", "content": "", "creation_timestamp": "2025-04-19T08:30:36.000000Z"}]}