{"vulnerability": "cve-2025-2821", "sightings": [{"uuid": "d279d1ff-5137-4ac3-99e7-cad7624565c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28219", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12725", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28219\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter \"deviceName\" passed to the binary through a POST request.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T19:00:08.434Z\n\ud83d\udd17 References:\n1. https://github.com/IdaJea/IOT_vuln_1/blob/master/DC112A_V1.0.0.64/sub_69600.pdf", "creation_timestamp": "2025-04-21T19:02:03.000000Z"}, {"uuid": "23a14b3e-2952-42b9-bc09-48607cfb5d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2821", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl454wm2h", "content": "", "creation_timestamp": "2025-05-07T04:26:19.943123Z"}, {"uuid": "b0b9bc49-2586-4ebe-a74c-96afeec43bc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2821", "type": "seen", "source": "https://t.me/cvedetector/24670", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2821 - WordPress Search Exclude Plugin Unauthenticated Data Modification\", \n  \"Content\": \"CVE ID : CVE-2025-2821 \nPublished : May 7, 2025, 3:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T07:12:52.000000Z"}, {"uuid": "f339fd79-c424-451c-abb4-7650abc1fbe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2821", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15248", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2821\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.\n\ud83d\udccf Published: 2025-05-07T01:43:06.640Z\n\ud83d\udccf Modified: 2025-05-07T01:43:06.640Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1f72a309-8ef8-4943-8e64-38bb7909397a?source=cve\n2. https://plugins.trac.wordpress.org/browser/search-exclude/tags/2.4.6/lib/api/entities/settings/class-post.php#L42\n3. https://plugins.trac.wordpress.org/changeset/3284798/", "creation_timestamp": "2025-05-07T02:21:41.000000Z"}]}