{"vulnerability": "CVE-2025-4747", "sightings": [{"uuid": "2ac6ac9e-a997-4ddc-944e-41a413babd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47472", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15361", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47472\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1.\n\ud83d\udccf Published: 2025-05-07T14:19:44.797Z\n\ud83d\udccf Modified: 2025-05-07T16:36:31.916Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/music-player-for-woocommerce/vulnerability/wordpress-music-player-for-woocommerce-1-5-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:23:01.000000Z"}, {"uuid": "f9a7eef5-0be4-4b46-bbb5-a93f80673cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47471", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47471\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9.\n\ud83d\udccf Published: 2025-05-07T14:19:44.249Z\n\ud83d\udccf Modified: 2025-05-07T16:36:39.318Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/envo-extra/vulnerability/wordpress-envo-extra-1-9-9-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:23:01.000000Z"}, {"uuid": "29c82b39-b138-4126-b801-61a592cf7b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47470", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15359", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47470\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.\n\ud83d\udccf Published: 2025-05-07T14:19:43.736Z\n\ud83d\udccf Modified: 2025-05-07T16:36:45.920Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gpt3-ai-content-generator/vulnerability/wordpress-gpt3-ai-content-writer-plugin-1-9-14-cross-site-request-forgery-csrf-to-prompt-generation-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:59.000000Z"}, {"uuid": "ae22d4a5-27a8-42d1-8579-a13e0b7cb16b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4747", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16631", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4747\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T05:00:06.984Z\n\ud83d\udccf Modified: 2025-05-16T05:00:06.984Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309047\n2. https://vuldb.com/?ctiid.309047\n3. https://vuldb.com/?submit.571035\n4. https://github.com/lche511/cve/issues/1", "creation_timestamp": "2025-05-16T05:34:39.000000Z"}]}