{"vulnerability": "cve-2025-2673", "sightings": [{"uuid": "1c9a77c7-e929-4169-8658-d62c7738e029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2673", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll3vwkcfbq2e", "content": "", "creation_timestamp": "2025-03-24T04:23:58.052100Z"}, {"uuid": "b8917d9a-2419-4727-ba07-e9dec2644096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26733", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3llgiwe5hgb2j", "content": "", "creation_timestamp": "2025-03-28T09:30:30.464671Z"}, {"uuid": "a7d23e3b-f900-4a95-8cdb-5bcb73199ec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26732", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26732\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32.\n\ud83d\udccf Published: 2025-03-27T14:00:07.569Z\n\ud83d\udccf Modified: 2025-03-28T17:11:32.675Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/storebiz/vulnerability/wordpress-storebiz-plugin-1-0-32-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T17:28:43.000000Z"}, {"uuid": "e46972fc-b262-4738-b48c-144f9bf2497c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26733\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.\n\ud83d\udccf Published: 2025-03-27T22:01:31.581Z\n\ud83d\udccf Modified: 2025-03-27T22:01:31.581Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:42.000000Z"}, {"uuid": "7f5455f8-eb0f-4300-8f93-fd889fd378aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26734", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9402", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26734\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10.\n\ud83d\udccf Published: 2025-03-27T13:58:36.836Z\n\ud83d\udccf Modified: 2025-03-28T17:11:39.756Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/hester/vulnerability/wordpress-hester-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T17:28:42.000000Z"}, {"uuid": "eec6ecbb-9dc9-4152-a90f-afb79e472dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26731", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9408", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26731\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3.\n\ud83d\udccf Published: 2025-03-27T14:01:48.770Z\n\ud83d\udccf Modified: 2025-03-28T17:00:52.054Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T17:28:50.000000Z"}, {"uuid": "d116a9db-c53e-4159-ae72-b6bb45f485d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26733", "type": "seen", "source": "https://t.me/cvedetector/21352", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26733 - Shinetheme Traveler Missing Authorization\", \n  \"Content\": \"CVE ID : CVE-2025-26733 \nPublished : March 27, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:19.000000Z"}, {"uuid": "7fb9422c-9827-4cff-889b-0b3aff000ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26736", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26736\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2.\n\ud83d\udccf Published: 2025-03-27T13:57:39.508Z\n\ud83d\udccf Modified: 2025-04-03T13:19:32.812Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/morningtime-lite/vulnerability/wordpress-morningtime-lite-theme-1-3-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-03T13:34:56.000000Z"}, {"uuid": "dda0dd59-6266-4659-8899-1d8678b0c918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26738", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26738\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3.\n\ud83d\udccf Published: 2025-03-27T13:54:34.447Z\n\ud83d\udccf Modified: 2025-04-03T13:19:54.454Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/quick-interest-slider/vulnerability/wordpress-quick-interest-slider-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-03T13:34:50.000000Z"}, {"uuid": "35870753-ec96-4af4-97eb-973f37c89230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26737", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10207", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26737\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5.\n\ud83d\udccf Published: 2025-03-27T13:56:36.678Z\n\ud83d\udccf Modified: 2025-04-03T13:19:42.401Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/city-store/vulnerability/wordpress-city-store-theme-1-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-03T13:34:55.000000Z"}, {"uuid": "26f1812b-6cd7-4aca-b453-cf6e2c346486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2673", "type": "seen", "source": "https://t.me/cvedetector/20925", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2673 - Apache Code-projects Payroll Management System Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2673 \nPublished : March 24, 2025, 12:15 a.m. | 23\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T01:40:54.000000Z"}]}