{"vulnerability": "CVE-2025-3515", "sightings": [{"uuid": "e439118f-3213-4f6f-99e6-cb6063ecf11b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrsdul7yym2u", "content": "", "creation_timestamp": "2025-06-17T11:03:08.372021Z"}, {"uuid": "2961955b-5174-4b03-a99b-3416f2147dff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbxvqpe2g", "content": "", "creation_timestamp": "2025-08-03T21:03:02.620011Z"}, {"uuid": "2b372ac3-26a8-4e15-a172-e4e7dc893270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ly4knrgdgf24", "content": "", "creation_timestamp": "2025-09-05T21:02:25.382956Z"}, {"uuid": "21df2ac9-0c27-41a8-b3b4-848a7c7afe37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-3515.yaml", "content": "", "creation_timestamp": "2025-09-03T07:53:54.000000Z"}, {"uuid": "696c5e22-0167-4c16-9722-06a4679b3ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lxkxfa2ess2o", "content": "", "creation_timestamp": "2025-08-29T21:02:27.446532Z"}, {"uuid": "2ae43c42-28e2-4d32-b224-83cc0de93be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/nfGTp2xTn4QGBhVuPNna78NmZEMmW41bwCC35jvxvcYj_Bw", "content": "", "creation_timestamp": "2025-09-01T21:00:04.000000Z"}, {"uuid": "ab07f6a6-388e-4ecd-8ac6-3f3569582504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/ONimq940-aml_-ziaQNnPitR2a4dvARau7ekaKGXqYn5E4A", "content": "", "creation_timestamp": "2025-06-17T10:01:14.000000Z"}, {"uuid": "2e2271d8-55fd-4f72-b7d1-d79660325d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/NZw_dyKg3sBl_OoVab8mtW04AyfXZ90mr3x5yRa5cUHgMy8", "content": "", "creation_timestamp": "2025-09-05T03:00:06.000000Z"}, {"uuid": "9efcd090-be1b-4e7c-9b8f-160a849283be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/53219", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a\ud83d\udee0\ufe0f Reproduce and validate CVE-2025-3515 by setting up a Dockerized WordPress lab for testing unrestricted file uploads in a vulnerable plugin.\nURL\uff1ahttps://github.com/robertskimengote/lab-cve-2025-3515\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-09-26T22:25:44.000000Z"}, {"uuid": "9ddc7e4c-0b23-4915-87be-efd7f6c6cdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3515\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.\n\ud83d\udccf Published: 2025-06-17T09:21:39.083Z\n\ud83d\udccf Modified: 2025-06-17T09:21:39.083Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e1298242-61d2-495e-bae7-96b5e12bd03d?source=cve\n2. https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.8.8/inc/dnd-upload-cf7.php#L845\n3. https://plugins.trac.wordpress.org/changeset/3310153/", "creation_timestamp": "2025-06-17T09:41:29.000000Z"}, {"uuid": "d5dd6f3d-f6be-41db-a577-7886fc59b19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50100", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-3515 WordPress lab for Drag and Drop Multiple File Upload for CF7: Dockerized PoC &amp; Nuclei testing\nURL\uff1ahttps://github.com/Maitonnx/Anydesk-Exploit-CVE-2025-12654-RCE-Builder\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-03T10:13:07.000000Z"}, {"uuid": "3f5d4aff-480e-4677-9428-7b0d5b62f348", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/ktfF1YjAfTgGnV4T6AQBqxJFytPD6zIUM1POBEH3rhcPUWE", "content": "", "creation_timestamp": "2025-09-03T15:00:07.000000Z"}, {"uuid": "3ceec3ba-ece3-46e6-ab9d-c75b165804fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50097", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2025-3515 WordPress lab for Drag and Drop Multiple File Upload for CF7: Dockerized PoC &amp; Nuclei testing\nURL\uff1ahttps://github.com/ImBIOS/lab-cve-2025-3515\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-09-03T09:44:01.000000Z"}, {"uuid": "049e1352-4e71-40a4-bee4-5aada51b8c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50284", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\ud83d\udee0\ufe0f Reproduce and validate CVE-2025-3515 in a Dockerized WordPress lab to test unrestricted file uploads via the Contact Form 7 plugin.\nURL\uff1ahttps://github.com/MrSoules/lab-cve-2025-3515\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-04T20:55:08.000000Z"}, {"uuid": "caa07e7e-912d-46d7-ba46-0e41bc04b2aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/7FcFWuNWPidnSTqDbK2SI7frFY8bVIrg6sQ2oUz4aEJxH6Y", "content": "", "creation_timestamp": "2025-09-27T03:01:09.000000Z"}, {"uuid": "f5a09484-f4ee-4619-ae60-38e16b3db1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/49885", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aWordPress File Upload RCE Exploit\nURL\uff1ahttps://github.com/blueisbeautiful/CVE-2025-3515\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-01T15:53:55.000000Z"}, {"uuid": "897c8d9d-e562-4233-b314-a183beb0b736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/53558", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\ud83d\udee0\ufe0f Reproduce and validate CVE-2025-3515 by setting up a Dockerized WordPress lab for testing unrestricted file uploads in a vulnerable plugin.\nURL\uff1ahttps://github.com/maestro-ant/Vvveb-CMS-CVE-2025-8518\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-29T16:59:29.000000Z"}, {"uuid": "2feac4eb-ecc7-48f3-9997-5fd04726484d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/54025", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1a\ud83d\udee0\ufe0f Reproduce and validate CVE-2025-3515 by setting up a Dockerized WordPress lab for testing unrestricted file uploads in a vulnerable plugin.\nURL\uff1ahttps://github.com/fa1consec/cve_2025_61622_poc\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-03T12:45:53.000000Z"}, {"uuid": "581eca77-da33-4465-af0a-42d786d0872a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/54180", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a\ud83d\udee0\ufe0f Reproduce and validate CVE-2025-3515 by setting up a Dockerized WordPress lab for testing unrestricted file uploads in a vulnerable plugin.\nURL\uff1ahttps://github.com/ivy2320/CTF-event\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-10-04T19:09:55.000000Z"}, {"uuid": "bee0aa14-5e07-4539-95c7-1a6a53629b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/503", "content": "CVE-2025-3515 - WordPress File Upload RCE\n\nexploit", "creation_timestamp": "2025-09-03T08:08:47.000000Z"}, {"uuid": "b7ad6dee-c0b5-45ea-bdbb-45691ef111c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3515", "type": "published-proof-of-concept", "source": "Telegram/pNTteL-Xx8i8chGncpiIBXbULPUr3pQKBk06IlAIn1UZCI0", "content": "", "creation_timestamp": "2025-06-23T11:00:06.000000Z"}]}