{"vulnerability": "CVE-2025-4750", "sightings": [{"uuid": "598109a2-1696-409d-a44a-c46e0c1d8a29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47506", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15297", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47506\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Contextual Related Posts allows DOM-Based XSS. This issue affects Contextual Related Posts: from n/a through 4.0.2.\n\ud83d\udccf Published: 2025-05-07T14:19:59.589Z\n\ud83d\udccf Modified: 2025-05-07T14:19:59.589Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/contextual-related-posts/vulnerability/wordpress-contextual-related-posts-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:22.000000Z"}, {"uuid": "529c727b-a1aa-4577-a54d-53aeed9663b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4750", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpboai654h24", "content": "", "creation_timestamp": "2025-05-16T09:03:09.119332Z"}, {"uuid": "a737bcc8-5f32-459a-bf1e-5a7ed4ae604c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47501", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15302", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47501\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Atlantic Content Control allows DOM-Based XSS. This issue affects Content Control: from n/a through 2.6.1.\n\ud83d\udccf Published: 2025-05-07T14:19:56.858Z\n\ud83d\udccf Modified: 2025-05-07T14:19:56.858Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/content-control/vulnerability/wordpress-content-control-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:30.000000Z"}, {"uuid": "33b831b1-573d-4e45-a5ee-00bf2a61db4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4750", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16627", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4750\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T05:31:04.590Z\n\ud83d\udccf Modified: 2025-05-16T05:31:04.590Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309053\n2. https://vuldb.com/?ctiid.309053\n3. https://vuldb.com/?submit.571069\n4. https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/get_version.md\n5. https://www.dlink.com/", "creation_timestamp": "2025-05-16T05:34:34.000000Z"}, {"uuid": "05beaf6e-86e5-47e1-9d6b-c181bd3ef2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47507", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15296", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47507\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0.\n\ud83d\udccf Published: 2025-05-07T14:20:00.240Z\n\ud83d\udccf Modified: 2025-05-07T14:20:00.240Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/better-search/vulnerability/wordpress-better-search-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:21.000000Z"}, {"uuid": "e73c3747-d88b-46f2-bdc6-c7f4fec23227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47508", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15295", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47508\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress allows PHP Local File Inclusion. This issue affects GamiPress: from n/a through 7.3.7.\n\ud83d\udccf Published: 2025-05-07T14:20:00.876Z\n\ud83d\udccf Modified: 2025-05-07T14:20:00.876Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gamipress/vulnerability/wordpress-gamipress-7-3-7-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:20.000000Z"}, {"uuid": "cc91762f-4eb3-4610-b1f2-00b689ad8440", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47509", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47509\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.\n\ud83d\udccf Published: 2025-05-07T14:20:01.441Z\n\ud83d\udccf Modified: 2025-05-07T14:20:01.441Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/top-10/vulnerability/wordpress-top-10-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:19.000000Z"}, {"uuid": "dfb03050-6f59-4cf6-a14a-3bd32850ad06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15301", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47502\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Mollie Forms allows Stored XSS. This issue affects Mollie Forms: from n/a through 2.7.12.\n\ud83d\udccf Published: 2025-05-07T14:19:57.397Z\n\ud83d\udccf Modified: 2025-05-07T14:19:57.397Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mollie-forms/vulnerability/wordpress-mollie-forms-2-7-12-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:29.000000Z"}, {"uuid": "3f146920-b2cb-4570-b264-f0c2d021c5b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47503", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15300", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47503\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search allows Stored XSS. This issue affects NGG Smart Image Search: from n/a through 3.3.3.\n\ud83d\udccf Published: 2025-05-07T14:19:57.932Z\n\ud83d\udccf Modified: 2025-05-07T14:19:57.932Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-3-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:28.000000Z"}, {"uuid": "767bc3c5-54a4-48e0-89cc-9fec7171376b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47504", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47504\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce allows Stored XSS. This issue affects Custom Checkout Fields for WooCommerce: from n/a through 1.8.3.\n\ud83d\udccf Published: 2025-05-07T14:19:58.472Z\n\ud83d\udccf Modified: 2025-05-07T14:19:58.472Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/custom-checkout-fields-for-woocommerce/vulnerability/wordpress-custom-checkout-fields-for-woocommerce-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:27.000000Z"}, {"uuid": "5190277f-510c-43c9-9efd-548f0636b979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47505\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.2.\n\ud83d\udccf Published: 2025-05-07T14:19:59.049Z\n\ud83d\udccf Modified: 2025-05-07T14:19:59.049Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/product-countdown-for-woocommerce/vulnerability/wordpress-product-time-countdown-for-woocommerce-1-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:23.000000Z"}]}