{"vulnerability": "cve-2019-25727", "sightings": [{"uuid": "43dd5443-4b22-4f4a-aaf2-21e0a1446582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25727", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnirmjtf7n25", "content": "Unauthenticated attackers can download wp-config.php and other sensitive files from sites running ad manager wd 1.0.11. CVE-2019-25727 rates 9.8/10 (arbitrary file download). No patch yet\u2014disable the plugin immediately. \u2192 pulse-wp.com\n#WordPress #FileUpload #CyberSecurity", "creation_timestamp": "2026-06-04T23:27:58.975758Z"}, {"uuid": "f3f927c6-9d60-49c1-bfac-466f24e5f2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-25727", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnirqyr22a26", "content": "wp-config.php exposed. Database credentials. API keys. Anyone can grab them.\n\nCVE-2019-25727 / CVSS 9.8. ad manager wd 1.0.11 lets unauthenticated attackers download arbitrary files via path manipulation.\n\nNo patch. Disable it now.\n\n\u2192 pulse-wp.com\n#WordPress #FileUpload #CyberSecurity", "creation_timestamp": "2026-06-04T23:30:28.999881Z"}]}