{"vulnerability": "cve-2025-3089", "sightings": [{"uuid": "9005463a-d1d8-4000-b8b9-0af89b05820f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30897", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30897\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.\n\ud83d\udccf Published: 2025-03-27T10:55:48.251Z\n\ud83d\udccf Modified: 2025-03-27T10:55:48.251Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:39.000000Z"}, {"uuid": "d11dd6a0-9d01-4e49-bcc0-b96e8ecd257f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30892", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378937334824", "content": "", "creation_timestamp": "2025-04-01T23:48:35.292297Z"}, {"uuid": "32f779ac-2062-45aa-9216-a911c6467d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30892", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378937334824", "content": "", "creation_timestamp": "2025-04-01T23:48:35.286719Z"}, {"uuid": "d947a82c-609e-4449-88d1-6b1d1c6ce4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30892", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lls6klk4e22j", "content": "", "creation_timestamp": "2025-04-02T00:56:54.740284Z"}, {"uuid": "e6f26101-7469-4a36-87e9-3aab6efca10b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30898", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30898\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] \u0627\u0641\u0632\u0648\u0646\u0647 \u062d\u0645\u0644 \u0648 \u0646\u0642\u0644 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 (\u067e\u0633\u062a \u067e\u06cc\u0634\u062a\u0627\u0632 \u0648 \u0633\u0641\u0627\u0631\u0634\u06cc\u060c \u067e\u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631\u06cc) allows Stored XSS. This issue affects \u0627\u0641\u0632\u0648\u0646\u0647 \u062d\u0645\u0644 \u0648 \u0646\u0642\u0644 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 (\u067e\u0633\u062a \u067e\u06cc\u0634\u062a\u0627\u0632 \u0648 \u0633\u0641\u0627\u0631\u0634\u06cc\u060c \u067e\u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631\u06cc): from n/a through 4.2.3.\n\ud83d\udccf Published: 2025-03-27T10:55:48.930Z\n\ud83d\udccf Modified: 2025-03-27T10:55:48.930Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/persian-woocommerce-shipping/vulnerability/wordpress-fzonh-hml-o-nkl-oo-mrs-st-sht-z-o-sf-rsh-motor-plugin-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:38.000000Z"}, {"uuid": "a2aad3d4-2406-414e-b914-a9ec294b9c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30899", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30899\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.\n\ud83d\udccf Published: 2025-03-27T10:55:49.603Z\n\ud83d\udccf Modified: 2025-03-27T10:55:49.603Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:34.000000Z"}, {"uuid": "106a7b2c-0454-4e2a-9150-4067e871141a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30894", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9058", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30894\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.79.262.\n\ud83d\udccf Published: 2025-03-27T10:55:46.176Z\n\ud83d\udccf Modified: 2025-03-27T10:55:46.176Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fulltext-search/vulnerability/wordpress-wp-fast-total-search-plugin-1-79-262-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:42.000000Z"}, {"uuid": "f996899a-f9bc-4491-b431-e5b353e8b95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30895", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9057", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30895\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9.\n\ud83d\udccf Published: 2025-03-27T10:55:46.919Z\n\ud83d\udccf Modified: 2025-03-27T10:55:46.919Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:41.000000Z"}, {"uuid": "9de7becc-f7ed-4846-899f-f50e3977e2ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30896", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30896\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4.\n\ud83d\udccf Published: 2025-03-27T10:55:47.584Z\n\ud83d\udccf Modified: 2025-03-27T10:55:47.584Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-13-4-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T11:26:40.000000Z"}, {"uuid": "ce494a01-db24-4ee6-a4ab-95a23a25f111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30899", "type": "seen", "source": "https://t.me/cvedetector/21291", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30899 - Wpeverest Stored Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30899 \nPublished : March 27, 2025, 11:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T14:58:44.000000Z"}]}