{"vulnerability": "cve-2025-3223", "sightings": [{"uuid": "86537e5e-ccde-4f3f-8b6b-a4545c86320e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32236", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsm4gde26", "content": "", "creation_timestamp": "2025-04-10T11:32:35.862918Z"}, {"uuid": "23e7c9ef-1635-4699-a406-8a2e0c8813fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32230", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsnbfwe2u", "content": "", "creation_timestamp": "2025-04-10T11:32:42.448593Z"}, {"uuid": "06059b3f-1192-4d3a-acf1-c82123b21a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3223", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpknasvxw5l2", "content": "", "creation_timestamp": "2025-05-19T22:39:27.169562Z"}, {"uuid": "577534af-c02f-47d4-93d7-7285ca607d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32239", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10489", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32239\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin \u2013 GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.io: from n/a through 4.5.\n\ud83d\udccf Published: 2025-04-04T15:59:50.732Z\n\ud83d\udccf Modified: 2025-04-04T15:59:50.732Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-share-buttons-analytics-by-getsocial/vulnerability/wordpress-social-share-buttons-analytics-plugin-plugin-4-5-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T16:36:48.000000Z"}, {"uuid": "7f09c06e-e1c8-4bfe-aee6-a473188fcbab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3223", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114536614573194553", "content": "", "creation_timestamp": "2025-05-19T21:27:22.364232Z"}, {"uuid": "2e9abe9b-1976-4f34-9d5a-85b9f0c3574e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32230", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32230\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.\n\ud83d\udccf Published: 2025-04-10T08:09:46.362Z\n\ud83d\udccf Modified: 2025-04-10T08:09:46.362Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/tutor/vulnerability/wordpress-tutor-lms-plugin-3-4-0-html-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:55.000000Z"}, {"uuid": "7031f4e5-7c7e-4f11-bb72-47986343abac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32236", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11207", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32236\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through 1.9.\n\ud83d\udccf Published: 2025-04-10T08:09:46.527Z\n\ud83d\udccf Modified: 2025-04-10T08:09:46.527Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/vagonic-sortable/vulnerability/wordpress-woocommerce-products-reorder-drag-drop-multiple-sort-plugin-1-9-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T08:48:51.000000Z"}, {"uuid": "a00fcb4b-aa4a-46f2-bb0f-3458b9447090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32236", "type": "seen", "source": "https://t.me/cvedetector/22635", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32236 - Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32236 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through 1.9. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:47.000000Z"}, {"uuid": "b796ae72-8a8c-4c15-8b80-500fbd5a7541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3223", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16976", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3223\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.\n\ud83d\udccf Published: 2025-05-19T21:03:32.078Z\n\ud83d\udccf Modified: 2025-05-20T13:00:02.792Z\n\ud83d\udd17 References:\n1. https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/2024-09-24_EGD_Config_Server_File_Overwrite.pdf", "creation_timestamp": "2025-05-20T13:40:33.000000Z"}, {"uuid": "61dbc04d-9537-465f-b663-3bb82cc4db43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32230", "type": "seen", "source": "https://t.me/cvedetector/22634", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32230 - Themeum Tutor LMS XSS\", \n  \"Content\": \"CVE ID : CVE-2025-32230 \nPublished : April 10, 2025, 8:15 a.m. | 48\u00a0minutes ago \nDescription : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T11:10:46.000000Z"}]}