{"vulnerability": "CVE-2025-2266", "sightings": [{"uuid": "572b6fdb-4d15-44c1-aa22-6a78e44f8a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22661", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867527292418123", "content": "", "creation_timestamp": "2025-01-21T17:29:40.572052Z"}, {"uuid": "b9911db6-67d1-4a33-8ab4-f9c0564e2305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22661", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjdlsp22n", "content": "", "creation_timestamp": "2025-01-21T18:16:02.767857Z"}, {"uuid": "9b179986-72db-4b36-8221-525c64116f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22662", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhedytwij52b", "content": "", "creation_timestamp": "2025-02-04T15:16:19.043884Z"}, {"uuid": "16bb861d-765d-4c7e-9812-af510171f794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22664", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhedywq5uj2f", "content": "", "creation_timestamp": "2025-02-04T15:16:21.934586Z"}, {"uuid": "0647c55f-750a-4ba4-8c77-06a10854b446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22663", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii3cn6adv2t", "content": "", "creation_timestamp": "2025-02-18T20:16:34.470163Z"}, {"uuid": "dc57b21b-7e7f-4dbe-950a-2175d08a59fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22663", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114027325751348576", "content": "", "creation_timestamp": "2025-02-18T22:48:31.633944Z"}, {"uuid": "99d9b22c-7e53-4d95-81be-a9e099e3069f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22663", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liihlq5lhi2z", "content": "", "creation_timestamp": "2025-02-18T23:56:26.365126Z"}, {"uuid": "ed30029f-c330-4ce9-bf8e-41b7d1e524aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22663", "type": "seen", "source": "https://t.me/cvedetector/18376", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22663 - Videowhisper Paid Videochat Turnkey Site Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2025-22663 \nPublished : Feb. 18, 2025, 8:15 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal. This issue affects Paid Videochat Turnkey Site: from n/a through 7.2.12. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:37.000000Z"}, {"uuid": "72e73272-e228-45d1-89ad-5f75d61d3c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:57.000000Z"}, {"uuid": "8763b69f-a2eb-4dc9-967f-16e7e3326dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22662", "type": "seen", "source": "https://t.me/cvedetector/17220", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22662 - SendPulse Email Marketing Newsletter Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-22662 \nPublished : Feb. 4, 2025, 3:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T18:54:41.000000Z"}, {"uuid": "e714f2d8-ab4b-49ae-a16d-c067982788a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lliwlmvy752m", "content": "", "creation_timestamp": "2025-03-29T08:40:22.091340Z"}, {"uuid": "642427c8-b5f1-4d2a-868c-12bfd27fdcb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088728731761", "content": "", "creation_timestamp": "2025-03-29T09:48:30.930831Z"}, {"uuid": "43a298f1-4727-4807-834c-d502829f9791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114245088728731761", "content": "", "creation_timestamp": "2025-03-29T09:48:30.946576Z"}, {"uuid": "9e3dba5c-a2c4-41a5-8960-a1b6659489a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114246508459332713", "content": "", "creation_timestamp": "2025-03-29T15:49:34.127588Z"}, {"uuid": "168a138f-c691-4d90-8fd3-eb8844dfdbc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114246508459332713", "content": "", "creation_timestamp": "2025-03-29T15:49:34.137327Z"}, {"uuid": "5821677a-a781-4c7e-bdc4-270c9b05bffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "ca80d657-d0d3-4ccf-96fe-b87fea2abe28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22661", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2461", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22661\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments \u2013 Get Paid with PayPal, Square &amp; Stripe allows Stored XSS. This issue affects Online Payments \u2013 Get Paid with PayPal, Square &amp; Stripe: from n/a through 3.20.0.\n\ud83d\udccf Published: 2025-01-21T17:21:51.098Z\n\ud83d\udccf Modified: 2025-01-21T18:42:40.316Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/paypal-payment-button-by-vcita/vulnerability/wordpress-online-payments-plugin-3-20-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T19:02:03.000000Z"}, {"uuid": "384ee7f8-f18a-422d-b3bb-620ffbefa059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22668", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9087", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22668\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2.\n\ud83d\udccf Published: 2025-03-27T14:23:14.184Z\n\ud83d\udccf Modified: 2025-03-27T14:23:14.184Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/awesome-event-booking/vulnerability/wordpress-awesome-event-booking-plugin-2-7-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T14:27:18.000000Z"}, {"uuid": "67a34cbc-ccf2-401d-a38d-eca73523935d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22669", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22669\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through 2.7.5.\n\ud83d\udccf Published: 2025-03-27T14:22:25.481Z\n\ud83d\udccf Modified: 2025-03-27T14:22:25.481Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/awesome-event-booking/vulnerability/wordpress-awesome-event-booking-plugin-2-7-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T14:27:23.000000Z"}, {"uuid": "3b2565e8-0694-4ef4-8ade-db1a31601664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9538", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2266\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-03-29T07:03:30.915Z\n\ud83d\udccf Modified: 2025-03-29T07:03:30.915Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9834fd5b-8445-4c6f-95f9-f0df785c65f8?source=cve\n2. https://wordpress.org/plugins/checkout-mestres-wp/\n3. https://plugins.trac.wordpress.org/browser/checkout-mestres-wp/trunk/backend/core/base/ajax.php#L31", "creation_timestamp": "2025-03-29T07:28:43.000000Z"}, {"uuid": "2044f305-fd47-4a48-bb7a-e495bd3e4339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22667", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9085", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22667\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer &amp; Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer &amp; Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.\n\ud83d\udccf Published: 2025-03-27T14:24:01.200Z\n\ud83d\udccf Modified: 2025-03-27T14:24:01.200Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpsyncsheets-woocommerce/vulnerability/wordpress-export-order-product-customer-coupon-for-woocommerce-to-google-sheets-plugin-1-8-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T14:27:16.000000Z"}, {"uuid": "378a7075-ec70-41f2-ac8b-1a5098991b64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22661", "type": "seen", "source": "https://t.me/cvedetector/16003", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22661 - VCita Online Payments Stripe PayPal Square Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22661 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments \u2013 Get Paid with PayPal, Square &amp; Stripe allows Stored XSS. This issue affects Online Payments \u2013 Get Paid with PayPal, Square &amp; Stripe: from n/a through 3.20.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:30.000000Z"}, {"uuid": "25e5f08b-1f5a-4ae9-bc1f-5d9c86c945d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "https://t.me/cvedetector/21504", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2266 - WooCommerce Checkout Mestres do WP Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2266 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:28:55.000000Z"}, {"uuid": "a9ad7c06-d801-4685-8a33-aa5e59b50988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22664", "type": "seen", "source": "https://t.me/cvedetector/17215", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22664 - Vulnerability Title: Survey Maker Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-22664 \nPublished : Feb. 4, 2025, 3:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T18:54:34.000000Z"}, {"uuid": "5f253916-0569-4c90-bc73-6d548558fc9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "published-proof-of-concept", "source": "Telegram/S6VJZCEtnsvYjBlLt3__8k7cd1SGolH21EEfYkD1jnOqybU", "content": "", "creation_timestamp": "2025-03-30T13:00:05.000000Z"}, {"uuid": "eb4d67f1-1b3c-4885-b21b-3f3c48f2a477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "published-proof-of-concept", "source": "Telegram/XwMj3S90GEtdkqRuWZV_WB2RJcptNkituBjb1L6ih0r2y1w", "content": "", "creation_timestamp": "2025-03-30T05:00:08.000000Z"}, {"uuid": "24a82d05-0d81-4787-a413-a31612fd97e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2266", "type": "seen", "source": "Telegram/aF4xicIreuyE5yRRD33dmWV9qZXjTlaEQ3JU-sQx2NkHh1A", "content": "", "creation_timestamp": "2025-03-29T09:31:14.000000Z"}]}