{"vulnerability": "CVE-2025-4105", "sightings": [{"uuid": "d67ebe95-bb2c-4953-9711-8944050de474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4105", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17105", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4105\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.\n\ud83d\udccf Published: 2025-05-21T09:21:50.660Z\n\ud83d\udccf Modified: 2025-05-21T09:21:50.660Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve\n2. https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L765\n3. https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L1927", "creation_timestamp": "2025-05-21T09:52:43.000000Z"}, {"uuid": "f0e02e4a-3760-4ce4-906c-90b2aae34ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41058", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lxzhllu6wf2v", "content": "", "creation_timestamp": "2025-09-04T15:29:30.021348Z"}, {"uuid": "0426d63c-7d00-4115-90a5-1910c9dcdb9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41051", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lxzhukbpsk2e", "content": "", "creation_timestamp": "2025-09-04T15:34:30.572894Z"}]}