{"vulnerability": "CVE-2025-4745", "sightings": [{"uuid": "3b08b519-8ac1-46ba-a1b6-da7cb83ddfd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4745", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpbb3tszwf2h", "content": "", "creation_timestamp": "2025-05-16T05:07:52.850303Z"}, {"uuid": "d468e556-81f0-4474-b1a6-af5dcd0e1cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47454", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15356", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47454\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Dynamics CRM allows Phishing. This issue affects WP Gravity Forms Dynamics CRM: from n/a through 1.1.4.\n\ud83d\udccf Published: 2025-05-07T14:19:36.753Z\n\ud83d\udccf Modified: 2025-05-07T16:37:03.498Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gf-dynamics-crm/vulnerability/wordpress-wp-gravity-forms-dynamics-crm-1-1-4-open-redirection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:56.000000Z"}, {"uuid": "69f3e6cd-fc2a-45c4-af17-e2f88fe6f2f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47453", "type": "seen", "source": "Telegram/y0eQAbUKuWo3WgNQ26iaWbPj3ea5ybOv03pwHsLfPooVzvs", "content": "", "creation_timestamp": "2026-01-12T15:02:17.000000Z"}, {"uuid": "18ccf6a5-efbc-4d45-abea-103a240f9e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4745", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16615", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4745\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T04:00:07.155Z\n\ud83d\udccf Modified: 2025-05-16T04:00:07.155Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309045\n2. https://vuldb.com/?ctiid.309045\n3. https://vuldb.com/?submit.570967\n4. https://github.com/872323857/CVE/blob/main/employee-record-system-xss2.pdf\n5. https://code-projects.org/", "creation_timestamp": "2025-05-16T04:33:55.000000Z"}, {"uuid": "99972746-8417-43d8-9aa1-4702b1fe6412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47450", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47450\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13.\n\ud83d\udccf Published: 2025-05-07T14:19:35.682Z\n\ud83d\udccf Modified: 2025-05-07T16:37:13.999Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simple-file-list/vulnerability/wordpress-simple-file-list-6-1-13-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:54.000000Z"}, {"uuid": "e978416b-eaee-44e8-81aa-a8f63b3277b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47457", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15329", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47457\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16.\n\ud83d\udccf Published: 2025-05-07T14:19:38.392Z\n\ud83d\udccf Modified: 2025-05-07T14:38:19.730Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/locateandfilter/vulnerability/wordpress-locateandfilter-1-6-16-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T15:22:48.000000Z"}, {"uuid": "b134b63b-a803-4005-8eca-fb50f2be2a0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47455", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15357", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47455\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.\n\ud83d\udccf Published: 2025-05-07T14:19:37.300Z\n\ud83d\udccf Modified: 2025-05-07T16:36:58.183Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woo-salesforce-plugin-crm-perks/vulnerability/wordpress-integration-for-woocommerce-and-salesforce-1-7-5-open-redirection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:57.000000Z"}, {"uuid": "97f75839-01a6-4279-b9c1-22475911f180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47451", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47451\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.\n\ud83d\udccf Published: 2025-05-07T14:19:36.213Z\n\ud83d\udccf Modified: 2025-05-07T16:37:08.908Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/product-quantity-dropdown-for-woocommerce/vulnerability/wordpress-product-quantity-dropdown-for-woocommerce-plugin-1-2-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:55.000000Z"}]}