{"vulnerability": "cve-2025-3159", "sightings": [{"uuid": "701d744d-2be1-4aef-9082-11a4753ea89c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31594", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llrxufs6472k", "content": "", "creation_timestamp": "2025-04-01T22:57:16.141236Z"}, {"uuid": "7bb09619-a494-49fe-b683-5430d9236163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31595", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9682", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31595\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Timeline Event History allows Stored XSS. This issue affects Timeline Event History: from n/a through 3.2.\n\ud83d\udccf Published: 2025-03-31T12:55:30.447Z\n\ud83d\udccf Modified: 2025-03-31T15:00:24.364Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/timeline-event-history/vulnerability/wordpress-timeline-event-history-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:20.000000Z"}, {"uuid": "47b487af-1c08-46d2-88b0-08a318dc2f35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3159", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/115949837621088494", "content": "", "creation_timestamp": "2026-01-24T11:28:34.606662Z"}, {"uuid": "be8732d6-1431-4246-8ee2-b051d649900c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31598", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31598\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce allows Stored XSS. This issue affects Quantity Dynamic Pricing & Bulk Discounts for WooCommerce: from n/a through 4.0.0.\n\ud83d\udccf Published: 2025-03-31T12:55:33.122Z\n\ud83d\udccf Modified: 2025-03-31T14:58:57.774Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wholesale-pricing-woocommerce/vulnerability/wordpress-quantity-dynamic-pricing-bulk-discounts-for-woocommerce-plugin-4-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:27.000000Z"}, {"uuid": "2aec7c2c-1fd0-4378-af5b-2e6f5be519f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31593", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31593\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5.\n\ud83d\udccf Published: 2025-03-31T12:55:29.784Z\n\ud83d\udccf Modified: 2025-03-31T15:00:46.591Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/open-menu/vulnerability/wordpress-openmenu-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:19.000000Z"}, {"uuid": "3225f7ee-a668-4279-b437-496e1d29c6bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31591", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9666", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31591\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promoz73 Exit Popup Free allows Stored XSS. This issue affects Exit Popup Free: from n/a through 1.0.\n\ud83d\udccf Published: 2025-03-31T12:55:28.738Z\n\ud83d\udccf Modified: 2025-03-31T13:56:49.296Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/exit-popup-free/vulnerability/wordpress-exit-popup-free-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:18.000000Z"}, {"uuid": "2357f560-b5d8-4e78-af0a-04166764b97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31590", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9665", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31590\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Denra.com WP Date and Time Shortcode allows Stored XSS. This issue affects WP Date and Time Shortcode: from n/a through 2.6.7.\n\ud83d\udccf Published: 2025-03-31T12:55:28.209Z\n\ud83d\udccf Modified: 2025-03-31T13:57:25.428Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-date-and-time-shortcode/vulnerability/wordpress-wp-date-and-time-shortcode-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T14:32:17.000000Z"}, {"uuid": "dd8ef509-7982-4ec1-a43a-82ed3da26300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31594", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11246", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31594\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.\n\ud83d\udccf Published: 2025-04-01T20:58:14.390Z\n\ud83d\udccf Modified: 2025-04-10T14:38:45.617Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/auto-scroll-for-reading/vulnerability/wordpress-auto-scroll-for-reading-plugin-1-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T14:50:27.000000Z"}, {"uuid": "8db99cb4-52c2-4671-891d-9ac3e21ab306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31597", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9686", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31597\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2.\n\ud83d\udccf Published: 2025-03-31T12:55:32.581Z\n\ud83d\udccf Modified: 2025-03-31T14:59:15.259Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ultimate-live-cricket-lite/vulnerability/wordpress-ultimate-live-cricket-wordpress-lite-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:26.000000Z"}, {"uuid": "39f3aaf2-a3bb-459c-9978-2a7b8a31844d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31596", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9684", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31596\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Chatwee Chat by Chatwee allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chat by Chatwee: from n/a through 2.1.3.\n\ud83d\udccf Published: 2025-03-31T12:55:32.025Z\n\ud83d\udccf Modified: 2025-03-31T15:00:01.338Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/chatwee/vulnerability/wordpress-chat-by-chatwee-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T15:31:25.000000Z"}, {"uuid": "9e0addbf-4746-4fd6-97a4-03673b266ac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31594", "type": "seen", "source": "https://t.me/cvedetector/21810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31594 - WordPress Auto Scroll for Reading Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31594 \nPublished : April 1, 2025, 9:15 p.m. | 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T23:56:07.000000Z"}, {"uuid": "12cb5a67-a175-4511-b81a-f6160afd114c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3159", "type": "seen", "source": "https://t.me/cvedetector/21974", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3159 - Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3159 \nPublished : April 3, 2025, 2:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T17:44:25.000000Z"}]}