{"vulnerability": "cve-2025-2689", "sightings": [{"uuid": "3ea7b2e4-f67d-41b6-ae46-2eaa518fb1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2689", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114218899374086018", "content": "", "creation_timestamp": "2025-03-24T18:48:16.593102Z"}, {"uuid": "a447c407-1287-47c9-b9cb-27380addc151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2689", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmp6ucp24", "content": "", "creation_timestamp": "2025-03-24T10:34:18.616354Z"}, {"uuid": "a08683c6-a9a8-41a4-8d31-fc581f178e33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26898", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llfelqspvw2v", "content": "", "creation_timestamp": "2025-03-27T22:40:19.558411Z"}, {"uuid": "61cce1db-651e-47b2-8a69-13013605eee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26898", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3llgihld4oy2y", "content": "", "creation_timestamp": "2025-03-28T09:22:14.390207Z"}, {"uuid": "e9401c4a-6e76-4f47-b148-4db9e72ffc28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26894", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tdadfc2u", "content": "", "creation_timestamp": "2025-04-15T12:38:41.837712Z"}, {"uuid": "48e36aaf-9712-4dab-b0dc-5f78ece4d4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26894", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:35.243099Z"}, {"uuid": "34f788e9-0b33-4404-a2ca-0f61213d501e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "published-proof-of-concept", "source": "Telegram/8EUjxo2TKnaloL5sHaUwdkIT6hd-NYIBKLtGdVmZMYPI04s", "content": "", "creation_timestamp": "2025-06-10T15:00:07.000000Z"}, {"uuid": "79aec14d-fcf6-41fe-bac8-08f43646fee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "published-proof-of-concept", "source": "Telegram/QF2qL8FTH9lFpTSo7F-ILTZgkF0xG80ALl6tqjxGUgHwniE", "content": "", "creation_timestamp": "2025-06-10T03:00:05.000000Z"}, {"uuid": "9498957e-902a-431e-bf26-142d23f40495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "seen", "source": "Telegram/P1jr7enV8Aiw9mGUbx7qjfPKUNGQkxO-7ln1L8jbyJEeiA8bIg", "content": "", "creation_timestamp": "2025-09-07T16:15:48.000000Z"}, {"uuid": "9018b8df-09e7-4108-8a18-81aff7644638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "seen", "source": "Telegram/-YX3VPA_NQEQvXb1WmVDINq2VBCnVyKWs0wektg8KHdHQ7Pw", "content": "", "creation_timestamp": "2025-09-07T16:15:48.000000Z"}, {"uuid": "13b25c67-9da5-41ee-8ef2-f4294431f2c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26897", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5349", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26897\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baden List Related Attachments allows DOM-Based XSS. This issue affects List Related Attachments: from n/a through 2.1.6.\n\ud83d\udccf Published: 2025-02-25T14:17:52.854Z\n\ud83d\udccf Modified: 2025-02-25T19:10:31.918Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/list-related-attachments-widget/vulnerability/wordpress-list-related-attachments-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:35.000000Z"}, {"uuid": "7475710e-6402-404f-a102-a4597c0bac2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26899", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7805", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26899\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce allows Cross Site Request Forgery. This issue affects Recapture for WooCommerce: from n/a through 1.0.43.\n\ud83d\udccf Published: 2025-03-15T21:57:02.344Z\n\ud83d\udccf Modified: 2025-03-17T16:10:20.124Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/recapture-for-woocommerce/vulnerability/wordpress-recapture-for-woocommerce-plugin-1-0-43-csrf-to-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-17T16:47:47.000000Z"}, {"uuid": "24d5e9de-9f41-4efe-ae7e-1b00ea2174a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26895", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7804", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26895\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19.\n\ud83d\udccf Published: 2025-03-15T21:57:02.171Z\n\ud83d\udccf Modified: 2025-03-17T16:10:47.042Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-17T16:47:46.000000Z"}, {"uuid": "f5d87b78-d20d-4f38-8663-d73020525349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26898", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9239", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26898\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.\n\ud83d\udccf Published: 2025-03-27T21:51:53.543Z\n\ud83d\udccf Modified: 2025-03-27T21:51:53.543Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:49.000000Z"}, {"uuid": "7de14618-a350-44a0-92fa-0b47b1370694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26890", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9238", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26890\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4.\n\ud83d\udccf Published: 2025-03-27T21:53:49.017Z\n\ud83d\udccf Modified: 2025-03-27T21:53:49.017Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woocommerce-products-filter/vulnerability/wordpress-husky-plugin-1-3-6-4-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T22:36:48.000000Z"}, {"uuid": "c9440154-dd49-4c5f-b55a-164709d3041a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26894", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11798", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26894\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. This issue affects Coming Soon, Maintenance Mode: from n/a through 1.1.1.\n\ud83d\udccf Published: 2025-04-15T11:59:05.829Z\n\ud83d\udccf Modified: 2025-04-15T11:59:05.829Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/site-mode/vulnerability/wordpress-coming-soon-maintenance-mode-plugin-1-1-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-15T12:54:46.000000Z"}, {"uuid": "6bd8c27b-ff1c-4f46-9e66-90a340bb0db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "published-proof-of-concept", "source": "Telegram/-7NL1bzu3gPFP7kRRcfqD7SNyl8Wx0VR-ImR3UVLeO60Co5fXQ", "content": "", "creation_timestamp": "2025-09-07T22:50:58.000000Z"}, {"uuid": "d45026be-7119-4433-83f8-cf9b5de68a15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "seen", "source": "Telegram/NvmwrLZuJtk2OTgQzJD-RYjs9loCJaGTn1Suza32zcukTMWm1w", "content": "", "creation_timestamp": "2025-09-08T14:41:51.000000Z"}, {"uuid": "8c3061c1-8a82-4b6d-b909-cccfdc1a5db1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "seen", "source": "Telegram/eGvPet4rK9ah0N5Ii_iOdGCqzJOnrPCYbzd5svej7k0P8N4B", "content": "", "creation_timestamp": "2025-09-07T16:15:48.000000Z"}, {"uuid": "74c0ffd1-6d30-4e63-b141-32ce5baff602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "seen", "source": "Telegram/9GRVhxIPRzGnzfi9k4RfCDYd03p5LVNo3wj7i1rZBhTNLd-M", "content": "", "creation_timestamp": "2025-09-07T16:16:50.000000Z"}, {"uuid": "3f4fdfe5-e77e-4a7f-a2ef-8cb83c331ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26892", "type": "published-proof-of-concept", "source": "Telegram/f6KtBpbi28AjJnkQD2_H-h8G8IoK-2QasjPMZlVGczHCEVE", "content": "", "creation_timestamp": "2025-06-10T07:00:07.000000Z"}, {"uuid": "1f07ae44-87f5-4b55-827b-33c36cc6e955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26894", "type": "seen", "source": "https://t.me/cvedetector/22947", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26894 - NotFound Coming Soon Maintenance Mode PHP Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26894 \nPublished : April 15, 2025, 12:15 p.m. | 52\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. This issue affects Coming Soon, Maintenance Mode: from n/a through 1.1.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T15:46:21.000000Z"}, {"uuid": "25248832-b00b-49ca-a1e6-e02874dde635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26890", "type": "seen", "source": "https://t.me/cvedetector/21349", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26890 - PluginUs.Net HUSKY Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26890 \nPublished : March 27, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:14.000000Z"}, {"uuid": "2943c626-29d7-4e57-8f3b-0e3dedca0dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26898", "type": "seen", "source": "https://t.me/cvedetector/21350", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26898 - Shinetheme Traveler SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26898 \nPublished : March 27, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T01:01:18.000000Z"}, {"uuid": "d14cb4c8-a164-4760-8e30-28dde37542be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26895", "type": "seen", "source": "https://t.me/cvedetector/20385", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26895 - Maennchen1.de M1.DownloadList DOM-Based Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26895 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:41.000000Z"}, {"uuid": "cbc64cd8-33f9-4de7-8f27-8fae79e10b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26899", "type": "seen", "source": "https://t.me/cvedetector/20380", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26899 - Recapture for WooCommerce CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26899 \nPublished : March 15, 2025, 10:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce allows Cross Site Request Forgery. This issue affects Recapture for WooCommerce: from n/a through 1.0.43. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T02:09:35.000000Z"}, {"uuid": "18a75a27-25e7-426d-8aef-055e69cd5c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2689", "type": "seen", "source": "https://t.me/cvedetector/20946", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2689 - Yii2 Symfony Finder Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2689 \nPublished : March 24, 2025, 7:15 a.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\\finder\\Iterator\\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T10:02:23.000000Z"}]}