{"vulnerability": "cve-2025-3079", "sightings": [{"uuid": "f82836ad-72d5-4283-abe8-41ea1ed598b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30794", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9886", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30794\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Events Calendar Event Tickets allows Reflected XSS. This issue affects Event Tickets: from n/a through 5.20.0.\n\ud83d\udccf Published: 2025-04-01T05:31:36.631Z\n\ud83d\udccf Modified: 2025-04-01T13:18:36.771Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/event-tickets/vulnerability/wordpress-event-tickets-plugin-5-20-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:28.000000Z"}, {"uuid": "694e13e2-d00f-4fc3-930f-007e53302052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30793", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30793\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4.\n\ud83d\udccf Published: 2025-04-01T05:31:36.457Z\n\ud83d\udccf Modified: 2025-04-01T13:19:56.702Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/houzez-property-feed/vulnerability/wordpress-houzez-property-feed-plugin-2-5-4-arbitrary-file-download-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:27.000000Z"}, {"uuid": "a3c6a493-7a80-4776-a7d7-1bc0dd395e6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9889", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30797\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool \u2013 Fix peralinks, accents, auto create menus and more allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greek Multi Tool \u2013 Fix peralinks, accents, auto create menus and more: from n/a through 2.3.1.\n\ud83d\udccf Published: 2025-04-01T05:31:37.040Z\n\ud83d\udccf Modified: 2025-04-01T13:17:14.257Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/greek-multi-tool/vulnerability/wordpress-greek-multi-tool-fix-peralinks-accents-auto-create-menus-and-more-plugin-2-3-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:34.000000Z"}, {"uuid": "2d6a0e25-9423-4fb5-bbf4-710d368fe646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30796", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9888", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30796\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit \u2013 WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit \u2013 WP Extended: from n/a through 3.0.14.\n\ud83d\udccf Published: 2025-04-01T05:31:36.788Z\n\ud83d\udccf Modified: 2025-04-01T13:18:00.194Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpextended/vulnerability/wordpress-the-ultimate-wordpress-toolkit-wp-extended-plugin-3-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:34.000000Z"}, {"uuid": "47c3ee39-459a-4a67-b7da-56d82fb3fc05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3079", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpksd26u73v2", "content": "", "creation_timestamp": "2025-05-20T00:10:11.804625Z"}, {"uuid": "6f8bfcf9-2f6c-44a9-a484-9abf7413067b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3079", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpku6jj7o32j", "content": "", "creation_timestamp": "2025-05-20T00:43:20.794527Z"}]}