{"vulnerability": "cve-2025-3108", "sightings": [{"uuid": "cff91612-d40b-485d-a18f-6a8f3c176d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114261604147178391", "content": "", "creation_timestamp": "2025-04-01T07:48:37.829811Z"}, {"uuid": "7fd26a86-d3aa-4431-98a8-7c74b0eb48f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31087", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114261604190069585", "content": "", "creation_timestamp": "2025-04-01T07:48:38.091256Z"}, {"uuid": "89135f20-ee31-4dcd-96f4-0689d99b1f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31087", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114261604190069585", "content": "", "creation_timestamp": "2025-04-01T07:48:38.116152Z"}, {"uuid": "23286537-a1b1-4dc8-bcdc-f7303dc5d97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31087", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqbc36ljr24", "content": "", "creation_timestamp": "2025-04-01T06:40:30.699158Z"}, {"uuid": "16ea4dd3-ad73-49b1-83f1-2ddc9427af49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqbc25k6f2p", "content": "", "creation_timestamp": "2025-04-01T06:40:29.610433Z"}, {"uuid": "ef80ba21-fcae-4de8-a0ac-346d54a6d719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114261604147178391", "content": "", "creation_timestamp": "2025-04-01T07:48:37.827592Z"}, {"uuid": "c4c3195e-c554-4a6f-be50-3d2731879f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3108", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114808813321665384", "content": "", "creation_timestamp": "2025-07-06T23:11:05.502019Z"}, {"uuid": "08c1fd6c-9b60-468d-b69b-e7b2e3e5bf7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31082", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnbkcdcgml2e", "content": "", "creation_timestamp": "2025-04-20T21:02:11.946228Z"}, {"uuid": "ce80fabe-2ee7-4c41-8807-3ae9fb029d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31082", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378978407704", "content": "", "creation_timestamp": "2025-04-01T23:48:36.450633Z"}, {"uuid": "75b997c4-fc6f-44bd-aaf9-5d72cc38dc31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31082", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378978407704", "content": "", "creation_timestamp": "2025-04-01T23:48:36.468348Z"}, {"uuid": "1bc91c7d-edd4-4814-be91-836a46844d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31089", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lls5xhhhhb23", "content": "", "creation_timestamp": "2025-04-02T00:46:12.897349Z"}, {"uuid": "c5d9ccc0-2e91-40ff-8b33-df799bd51ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31089", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265379011567967", "content": "", "creation_timestamp": "2025-04-01T23:48:36.785644Z"}, {"uuid": "db8b8e82-e011-423c-b592-b11c23c6e0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "published-proof-of-concept", "source": "Telegram/KTve-ylqtLiLjqXZhMB9xyx1YNgyBl72T9B20ArtsU9PWWM", "content": "", "creation_timestamp": "2026-04-01T21:29:22.000000Z"}, {"uuid": "31063bd7-4fa4-468f-8779-7777bb627228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3108", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ltdmvkno4g2i", "content": "", "creation_timestamp": "2025-07-07T01:25:12.123450Z"}, {"uuid": "d842ef03-0cc8-4b6a-8475-350863a0b1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31088", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9306", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31088\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3.\n\ud83d\udccf Published: 2025-03-28T09:39:54.682Z\n\ud83d\udccf Modified: 2025-03-28T09:39:54.682Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-14-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T10:28:18.000000Z"}, {"uuid": "cd567361-8f2d-4e56-b57c-d4d19b583b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31086", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31086\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick McReynolds Product Table by WBW allows Reflected XSS. This issue affects Product Table by WBW: from n/a through 2.1.4.\n\ud83d\udccf Published: 2025-04-01T20:58:09.334Z\n\ud83d\udccf Modified: 2025-04-02T14:20:58.752Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woo-product-tables/vulnerability/wordpress-product-table-by-wbw-plugin-2-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T14:34:11.000000Z"}, {"uuid": "8bca6e2a-0a48-4aa2-a804-5084b8470343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31083", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31083\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7.\n\ud83d\udccf Published: 2025-03-28T09:39:55.451Z\n\ud83d\udccf Modified: 2025-03-28T09:39:55.451Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/leaky-paywall/vulnerability/wordpress-leaky-paywall-4-21-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T10:28:17.000000Z"}, {"uuid": "8eba6a06-e72a-4654-b805-95a9b808753f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31085", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10088", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31085\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows Reflected XSS. This issue affects xili-language: from n/a through 2.21.2.\n\ud83d\udccf Published: 2025-04-01T20:58:09.158Z\n\ud83d\udccf Modified: 2025-04-02T14:21:07.383Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/xili-language/vulnerability/wordpress-xili-language-plugin-2-21-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T14:34:08.000000Z"}, {"uuid": "13221064-1b39-467c-b94f-9012c731e79a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31087", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9849", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31087\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5.\n\ud83d\udccf Published: 2025-04-01T05:31:42.090Z\n\ud83d\udccf Modified: 2025-04-01T05:31:42.090Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/different-shipping-and-billing-address-for-woocommerce/vulnerability/wordpress-multiple-shipping-and-billing-address-for-woocommerce-1-5-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:31:58.000000Z"}, {"uuid": "31f1f5ef-024e-44ec-81e9-e3e095d201ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9850", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31084\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.\n\ud83d\udccf Published: 2025-04-01T05:31:41.938Z\n\ud83d\udccf Modified: 2025-04-01T05:31:41.938Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-3-4-10-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:32:02.000000Z"}, {"uuid": "e9bfe9d0-6d6e-46d1-a39e-09b893cf0bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31082", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10087", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31082\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack allows PHP Local File Inclusion. This issue affects News & Blog Designer Pack: from n/a through 4.0.\n\ud83d\udccf Published: 2025-04-01T20:58:08.969Z\n\ud83d\udccf Modified: 2025-04-02T14:21:16.894Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/blog-designer-pack/vulnerability/wordpress-news-blog-designer-pack-plugin-4-0-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T14:34:07.000000Z"}, {"uuid": "f11705b8-3f0c-4fb4-b46b-33ecbf7bca22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31089", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31089\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce allows SQL Injection. This issue affects Order Splitter for WooCommerce: from n/a through 5.3.0.\n\ud83d\udccf Published: 2025-04-01T20:58:09.502Z\n\ud83d\udccf Modified: 2025-04-02T14:20:51.649Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woo-order-splitter/vulnerability/wordpress-order-splitter-for-woocommerce-5-3-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T14:34:11.000000Z"}, {"uuid": "34a04f83-01bf-41f6-82a9-c18846a432df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31088", "type": "seen", "source": "https://t.me/cvedetector/21400", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31088 - Cozmoslabs Paid Member Subscriptions Stored Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31088 \nPublished : March 28, 2025, 10:15 a.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T13:33:56.000000Z"}, {"uuid": "16828f2f-4660-4284-be3c-c315f13c3f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31083", "type": "seen", "source": "https://t.me/cvedetector/21399", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31083 - ZEEN101 Leaky Paywall Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31083 \nPublished : March 28, 2025, 10:15 a.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T13:33:56.000000Z"}, {"uuid": "aaeff4b5-436f-48c7-be9b-25b835c5361c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31087", "type": "seen", "source": "https://t.me/cvedetector/21720", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31087 - Silverplugins217 Woocommerce Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31087 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:37.000000Z"}, {"uuid": "e4ecb15d-fccb-413b-9949-cdd77c734819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31084", "type": "seen", "source": "https://t.me/cvedetector/21719", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31084 - Sunshine Photo Cart Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31084 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:35.000000Z"}]}