https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-01T04:53:08.897392+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/6fe8de02-3a37-493d-ad58-7a0995633d65/export6fe8de02-3a37-493d-ad58-7a0995633d652026-06-01T04:53:09.351804+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "6fe8de02-3a37-493d-ad58-7a0995633d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3890", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14261", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3890\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-05-01T11:11:42.311Z\n\ud83d\udccf Modified: 2025-05-01T11:11:42.311Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/93898bf8-cfed-44bf-9d68-a0167beba86a?source=cve\n2. https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L20\n3. https://www.tipsandtricks-hq.com/ecommerce/simple-wp-shopping-cart-installation-usage-290#step-1-inserting-an-add-to-cart-button\n4. https://plugins.trac.wordpress.org/changeset/3284572/", "creation_timestamp": "2025-05-01T12:14:40.000000Z"}2025-05-01T12:14:40+00:00https://vulnerability.circl.lu/sighting/c4c243d6-b2fc-4dc6-832a-9cbe759f1357/exportc4c243d6-b2fc-4dc6-832a-9cbe759f13572026-06-01T04:53:09.349087+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "c4c243d6-b2fc-4dc6-832a-9cbe759f1357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3890", "type": "seen", "source": "https://t.me/LearnExploit/8001", "content": "curl -s https://cvedb.shodan.io/cves | jq '.cves[] | select(.cve_id==\"CVE-2025-3890\") | .cve_id+\" : \"+.summary' | sed 's/\"//g'", "creation_timestamp": "2025-05-05T23:24:56.000000Z"}2025-05-05T23:24:56+00:00