{"vulnerability": "cve-2025-3100", "sightings": [{"uuid": "8e5ac9fb-91ef-4bd1-b3ff-7127f2b5ac39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3100", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmehvtfbbc2h", "content": "", "creation_timestamp": "2025-04-09T07:32:12.928909Z"}, {"uuid": "367e0df6-2047-4d70-956c-0ac91eb19662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31002", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114309734764929539", "content": "", "creation_timestamp": "2025-04-09T19:48:51.390797Z"}, {"uuid": "a26e25fa-e335-4109-9204-d8bf6c6e1d66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31001", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9844", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31001\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.\n\ud83d\udccf Published: 2025-04-01T05:32:24.584Z\n\ud83d\udccf Modified: 2025-04-01T05:32:24.584Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gtm-kit/vulnerability/wordpress-gtm-kit-plugin-2-3-1-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:31:50.000000Z"}, {"uuid": "f5ec96b5-bf22-4d3f-a511-e1d5a8f8170c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31004", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11111", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31004\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0.\n\ud83d\udccf Published: 2025-04-09T16:10:20.010Z\n\ud83d\udccf Modified: 2025-04-09T16:10:20.010Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rich-table-of-content/vulnerability/wordpress-rich-table-of-contents-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:41.000000Z"}, {"uuid": "4f613f7f-32e5-4d83-9601-4bbe5a3eed98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31003", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11110", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31003\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.\n\ud83d\udccf Published: 2025-04-09T16:10:20.595Z\n\ud83d\udccf Modified: 2025-04-09T16:10:20.595Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/squeeze/vulnerability/wordpress-squeeze-plugin-1-6-full-path-disclosure-fpd-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:40.000000Z"}, {"uuid": "73f2aae3-896b-40ca-a3c1-d407deea1148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31002", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11109", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31002\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.\n\ud83d\udccf Published: 2025-04-09T16:10:21.173Z\n\ud83d\udccf Modified: 2025-04-09T16:10:21.173Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/squeeze/vulnerability/wordpress-squeeze-plugin-1-6-arbitrary-file-upload-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:36.000000Z"}, {"uuid": "0e4948d8-ae30-44f3-a644-a6bbdfa53da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3100", "type": "seen", "source": "https://t.me/cvedetector/22538", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3100 - WordPress WP Project Manager Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3100 \nPublished : April 9, 2025, 5:15 a.m. | 35\u00a0minutes ago \nDescription : The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T08:24:38.000000Z"}, {"uuid": "9701ba4b-437d-485e-9fba-67ae923f1a4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31009", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11114", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31009\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.\n\ud83d\udccf Published: 2025-04-09T16:10:18.184Z\n\ud83d\udccf Modified: 2025-04-09T16:10:18.184Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/indieblocks/vulnerability/wordpress-indieblocks-0-13-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:43.000000Z"}, {"uuid": "4f9754d3-d040-4d7e-968b-a2eafe05d589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31008", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11113", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31008\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YouTube Embed Plugin Support YouTube Embed allows Stored XSS. This issue affects YouTube Embed: from n/a through 5.3.1.\n\ud83d\udccf Published: 2025-04-09T16:10:18.775Z\n\ud83d\udccf Modified: 2025-04-09T16:10:18.775Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/youtube-embed/vulnerability/wordpress-youtube-embed-5-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:42.000000Z"}, {"uuid": "15d82c2c-11ce-4f22-83b5-b3a40c43b807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31005", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11112", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31005\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2.\n\ud83d\udccf Published: 2025-04-09T16:10:19.412Z\n\ud83d\udccf Modified: 2025-04-09T16:10:19.412Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/easyfonts/vulnerability/wordpress-easyfonts-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T16:48:41.000000Z"}, {"uuid": "44d180b8-688e-4c6b-b3e8-4f1eb33fed00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3100", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11022", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3100\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.\n\ud83d\udccf Published: 2025-04-09T04:21:20.345Z\n\ud83d\udccf Modified: 2025-04-09T04:21:20.345Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4d62b087-b0ca-4fa8-921b-5eeb3fa76596?source=cve\n2. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/src/File/Helper/File.php#L56\n3. https://plugins.trac.wordpress.org/changeset/3268509/wedevs-project-manager/trunk/bootstrap/loaders.php", "creation_timestamp": "2025-04-09T04:47:49.000000Z"}, {"uuid": "7745e7ec-b03d-4743-9c41-57473ec157fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31001", "type": "seen", "source": "https://t.me/cvedetector/21725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31001 - TLA Media GTM Kit Debug Information Leak\", \n  \"Content\": \"CVE ID : CVE-2025-31001 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:43.000000Z"}]}