{"vulnerability": "cve-2025-1970", "sightings": [{"uuid": "2c5fbb45-69f6-4377-938b-c96f91039cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1970", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1970\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-03-22T11:18:41.122Z\n\ud83d\udccf Modified: 2025-03-24T20:01:18.331Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5a4d7d40-8e0e-4251-8e25-3fd4ebd3a93e?source=cve\n2. https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/trunk/admin/modules/import/classes/class-import-ajax.php#L175\n3. https://wordpress.org/plugins/users-customers-import-export-for-wp-woocommerce/#developers\n4. https://plugins.trac.wordpress.org/changeset/3259688/", "creation_timestamp": "2025-03-24T20:23:45.000000Z"}, {"uuid": "50dcc41f-301b-4adf-b355-aadd8f6a1d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1970", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkxtz75knw2j", "content": "", "creation_timestamp": "2025-03-22T13:39:00.655337Z"}, {"uuid": "0e815dee-9ad2-49f3-991a-5ca9cd3a56d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1970", "type": "seen", "source": "https://t.me/cvedetector/20871", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1970 - WordPress Export and Import Users and Customers SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1970 \nPublished : March 22, 2025, 12:15 p.m. | 1\u00a0hour ago \nDescription : The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-22T14:33:25.000000Z"}, {"uuid": "0a230820-57f0-4dc1-9af6-5d77a2f8084d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-1970", "type": "seen", "source": "Telegram/91xkeRuMSbKQZFHzsWMcWaf_cMLYpeFaQxLbDakd-mxm6QM", "content": "", "creation_timestamp": "2025-03-22T13:00:44.000000Z"}]}