{"vulnerability": "CVE-2025-4811", "sightings": [{"uuid": "337aa29a-3929-4ec0-a324-9c384204d2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpd55uegwk2t", "content": "", "creation_timestamp": "2025-05-16T23:02:44.816834Z"}, {"uuid": "5979e23c-e645-43b8-9d20-dc9f74682ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48114", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16701", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48114\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.\n\ud83d\udccf Published: 2025-05-16T15:45:07.460Z\n\ud83d\udccf Modified: 2025-05-16T16:24:08.775Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/shayanweb-admin-fontchanger/vulnerability/wordpress-shayanweb-admin-fontchanger-plugin-1-8-1-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:34:46.000000Z"}, {"uuid": "2bb71e84-491f-40ad-8b7d-cef6eda6bb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48113", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16700", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48113\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.8.\n\ud83d\udccf Published: 2025-05-16T15:45:06.919Z\n\ud83d\udccf Modified: 2025-05-16T16:24:21.503Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/broadstreet/vulnerability/wordpress-broadstreet-1-51-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:34:45.000000Z"}, {"uuid": "c1806df8-d5dd-4b4c-94b6-b449b0d478eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48112", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16699", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48112\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.\n\ud83d\udccf Published: 2025-05-16T15:45:06.405Z\n\ud83d\udccf Modified: 2025-05-16T16:25:37.877Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/dot-htmlphpxml-etc-pages/vulnerability/wordpress-dot-html-php-xml-etc-pages-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:34:44.000000Z"}, {"uuid": "1e710ebd-0fc2-4d2e-bc41-da525df8a704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48115", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48115\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2.\n\ud83d\udccf Published: 2025-05-16T15:45:07.990Z\n\ud83d\udccf Modified: 2025-05-16T16:23:56.393Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/validar-certificados-de-cursos/vulnerability/wordpress-validatecertify-1-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:34:47.000000Z"}, {"uuid": "4682c9ee-fe8a-457a-bcc4-0d94e10dc8b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48116", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16721", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48116\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.\n\ud83d\udccf Published: 2025-05-16T15:45:08.523Z\n\ud83d\udccf Modified: 2025-05-16T16:52:50.039Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-2-4-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T17:34:47.000000Z"}, {"uuid": "27f3e985-38e0-40bb-8ff0-ae11c8c35296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48119", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16723", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48119\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41.\n\ud83d\udccf Published: 2025-05-16T15:45:09.672Z\n\ud83d\udccf Modified: 2025-05-16T16:50:57.760Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rs-wp-books-showcase/vulnerability/wordpress-rs-wp-book-showcase-plugin-6-7-40-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T17:34:49.000000Z"}, {"uuid": "d4997048-dd2f-4c08-9a9e-a3b13e7a1c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-48117", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16722", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-48117\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.\n\ud83d\udccf Published: 2025-05-16T15:45:09.119Z\n\ud83d\udccf Modified: 2025-05-16T16:51:06.765Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woocommerce-pos/vulnerability/wordpress-woocommerce-pos-1-7-8-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T17:34:48.000000Z"}]}