{"vulnerability": "CVE-2025-4767", "sightings": [{"uuid": "69e629f5-4c40-4d1c-9ec0-8e4833b75bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47672", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lptvpv3e6f2r", "content": "", "creation_timestamp": "2025-05-23T15:04:54.659998Z"}, {"uuid": "2d40a9df-0385-4834-bf3b-07bb27825b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4767", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpc3nxgql424", "content": "", "creation_timestamp": "2025-05-16T13:03:17.530103Z"}, {"uuid": "d3fcb475-9f23-4037-a374-3f38d0f51455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47674", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lolzkdamft2w", "content": "", "creation_timestamp": "2025-05-07T18:26:54.921996Z"}, {"uuid": "1b61ca3f-c536-446e-893e-0afdc0866da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lolzkdkowe2o", "content": "", "creation_timestamp": "2025-05-07T18:26:56.780917Z"}, {"uuid": "7a905458-3b7a-4223-bf8e-0f8a1b8cb62f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47677", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lolzkdo3w624", "content": "", "creation_timestamp": "2025-05-07T18:26:57.399137Z"}, {"uuid": "4dfb3764-1a70-451f-97f6-e72bd4184c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lptwlcri3z2j", "content": "", "creation_timestamp": "2025-05-23T15:20:15.215679Z"}, {"uuid": "d03d3f35-c156-4321-97ea-a20edaecf1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47673", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47673\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.\n\ud83d\udccf Published: 2025-05-23T12:43:20.166Z\n\ud83d\udccf Modified: 2025-05-23T17:10:56.949Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:45:27.000000Z"}, {"uuid": "bbd25985-aa48-48f4-83bd-9ebba62f0ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4767", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4767\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T09:31:26.176Z\n\ud83d\udccf Modified: 2025-05-16T09:31:26.176Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309068\n2. https://vuldb.com/?ctiid.309068\n3. https://vuldb.com/?submit.571363\n4. https://github.com/defog-ai/introspect/issues/496\n5. https://github.com/defog-ai/introspect/issues/496#issue-3036183861", "creation_timestamp": "2025-05-16T09:34:48.000000Z"}, {"uuid": "818c6e82-834b-42e0-aaa8-e961dcdf52fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47677", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15370", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47677\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25.\n\ud83d\udccf Published: 2025-05-07T14:20:53.076Z\n\ud83d\udccf Modified: 2025-05-07T18:08:43.937Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gt3-photo-video-gallery/vulnerability/wordpress-photo-gallery-gt3-image-gallery-gutenberg-block-gallery-2-7-7-25-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T18:22:54.000000Z"}, {"uuid": "3f67c9db-f8f9-42b1-aaa5-bdf2575f9edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47676", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15369", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47676\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History allows Stored XSS. This issue affects User Login History: from n/a through 2.1.6.\n\ud83d\udccf Published: 2025-05-07T14:20:52.511Z\n\ud83d\udccf Modified: 2025-05-07T18:08:55.359Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/user-login-history/vulnerability/wordpress-user-login-history-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T18:22:53.000000Z"}, {"uuid": "a2a8ac76-670e-4fdf-a043-a84537c077b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47675", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15368", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47675\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows DOM-Based XSS. This issue affects Woobox: from n/a through 1.6.\n\ud83d\udccf Published: 2025-05-07T14:20:51.957Z\n\ud83d\udccf Modified: 2025-05-07T18:09:05.639Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woobox/vulnerability/wordpress-woobox-1-6-cross-site-scripting-xss-vulnerability-2?_s_id=cve", "creation_timestamp": "2025-05-07T18:22:52.000000Z"}, {"uuid": "434d44ec-b7d9-4e20-b559-dd415ff5995a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47674", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15367", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47674\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0.\n\ud83d\udccf Published: 2025-05-07T14:20:51.441Z\n\ud83d\udccf Modified: 2025-05-07T18:09:16.882Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/credova-financial/vulnerability/wordpress-credova-financial-2-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T18:22:51.000000Z"}, {"uuid": "b1f3023b-4921-495f-99d0-d57d0946d8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47671", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47671\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.\n\ud83d\udccf Published: 2025-05-23T12:43:21.167Z\n\ud83d\udccf Modified: 2025-05-23T16:44:08.118Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/binary-mlm-plan/vulnerability/wordpress-binary-mlm-plan-3-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:48:48.000000Z"}, {"uuid": "0fa887cb-afbf-4e62-9c5f-17377936ba97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47678", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17440", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47678\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.\n\ud83d\udccf Published: 2025-05-23T12:43:19.709Z\n\ud83d\udccf Modified: 2025-05-23T17:22:59.314Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/funnelcockpit/vulnerability/wordpress-funnelcockpit-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:44:53.000000Z"}, {"uuid": "11c6409d-5b40-4bb5-97b8-83bc3ff6f71d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47672", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17449", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47672\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a through 2.2.2.\n\ud83d\udccf Published: 2025-05-23T12:43:20.654Z\n\ud83d\udccf Modified: 2025-05-23T16:54:57.010Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/miniorange-discord-integration/vulnerability/wordpress-miniorange-discord-integration-2-2-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:48:39.000000Z"}, {"uuid": "b35963de-b564-4853-8ec2-f47b093505ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47679", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15371", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47679\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40.\n\ud83d\udccf Published: 2025-05-07T14:20:53.598Z\n\ud83d\udccf Modified: 2025-05-07T18:08:33.517Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rs-wp-books-showcase/vulnerability/wordpress-rs-wp-book-showcase-6-7-40-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T18:22:55.000000Z"}, {"uuid": "41059769-b26d-452d-a519-10dc7322e434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47675", "type": "seen", "source": "https://t.me/cvedetector/24728", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47675 - Woobox Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-47675 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows DOM-Based XSS. This issue affects Woobox: from n/a through 1.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:53.000000Z"}, {"uuid": "e4e3e316-38ca-4508-8b03-48153a638117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47674", "type": "seen", "source": "https://t.me/cvedetector/24727", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47674 - Credova Financial CSRF\", \n  \"Content\": \"CVE ID : CVE-2025-47674 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:53.000000Z"}, {"uuid": "39efb668-c82c-46e3-aa9d-9a7623b1fe04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47677", "type": "seen", "source": "https://t.me/cvedetector/24730", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47677 - GT3themes Photo Gallery Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-47677 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:58.000000Z"}, {"uuid": "e78896d5-0b6c-4811-8cf5-13e7c24d0546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47679", "type": "seen", "source": "https://t.me/cvedetector/24731", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47679 - RS WP Book Showcase Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-47679 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:59.000000Z"}, {"uuid": "a645ae4d-b884-420d-ac34-9061613f02b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47676", "type": "seen", "source": "https://t.me/cvedetector/24732", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47676 - Faiyaz Alam User Login History Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-47676 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History allows Stored XSS. This issue affects User Login History: from n/a through 2.1.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:59.000000Z"}]}