{"vulnerability": "cve-2025-3924", "sightings": [{"uuid": "3618696e-b7ae-46ae-a499-3f14301ac67a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3924", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl3i7kg2h", "content": "", "creation_timestamp": "2025-05-07T04:26:16.244311Z"}, {"uuid": "934d3024-3f75-4541-8df4-729a3cfc4052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lxlx5nzeys2g", "content": "", "creation_timestamp": "2025-08-30T06:30:46.088599Z"}, {"uuid": "7a018416-e021-4b4a-ae37-fe1ed33b8de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39240", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lridg2vulw2e", "content": "", "creation_timestamp": "2025-06-13T11:28:24.317047Z"}, {"uuid": "67384179-aac2-4699-9949-93c2d149ae42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lxjgvlgqzq2v", "content": "", "creation_timestamp": "2025-08-29T06:34:35.806367Z"}, {"uuid": "59d98259-3d49-4f29-bcdb-56bff6de1b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39245", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ly24fjkgpn2m", "content": "", "creation_timestamp": "2025-09-04T21:41:55.743970Z"}, {"uuid": "a719437b-225c-4e03-b52c-0eb813805d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39245", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115112203238902781", "content": "", "creation_timestamp": "2025-08-29T13:07:08.767642Z"}, {"uuid": "4d28c1ee-983a-415a-99e1-24abfa0872be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39246", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115112203238902781", "content": "", "creation_timestamp": "2025-08-29T13:07:08.841975Z"}, {"uuid": "93a5c535-ca48-4d7e-a77c-727761899d0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115112203238902781", "content": "", "creation_timestamp": "2025-08-29T13:07:08.905430Z"}, {"uuid": "4c3c4bfe-d9ee-4283-b322-a68c2116dc6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39246", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ly24fjkgpn2m", "content": "", "creation_timestamp": "2025-09-04T21:41:55.823399Z"}, {"uuid": "38c8dd26-a3d2-40f6-b772-1107592b5323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ly24fjkgpn2m", "content": "", "creation_timestamp": "2025-09-04T21:41:55.900166Z"}, {"uuid": "6b34eb89-e39f-4d95-aa8a-564796d74087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39240", "type": "seen", "source": "Telegram/YAQ_JQCmsPiXmqZ7phOl7Olo1teqLC4-3XH11jchkPqYPeM", "content": "", "creation_timestamp": "2025-06-13T09:22:49.000000Z"}, {"uuid": "070b0842-6986-4312-b1e4-7e23c320fc3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ly4s4tuyje24", "content": "", "creation_timestamp": "2025-09-05T23:16:07.809434Z"}, {"uuid": "93a1469a-c75f-4372-9b7b-eb6b01777e27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39240", "type": "seen", "source": "Telegram/sBDh5C1zdFlaWSlBVyrMdS-46U_0ME-q4bAhLyd2EZru7fQ", "content": "", "creation_timestamp": "2025-06-13T07:34:25.000000Z"}, {"uuid": "aacc6001-dff2-4285-9319-b2c23000474a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3924", "type": "seen", "source": "https://t.me/cvedetector/24668", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3924 - PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-3924 \nPublished : May 7, 2025, 3:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T07:12:51.000000Z"}, {"uuid": "b88cc003-7549-4567-8810-f4374d331fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39240", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39240\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.\n\ud83d\udccf Published: 2025-06-13T07:10:39.734Z\n\ud83d\udccf Modified: 2025-06-13T07:10:39.734Z\n\ud83d\udd17 References:\n1. https://www.hikvision.com/en/support/cybersecurity/security-advisory/remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point/", "creation_timestamp": "2025-06-13T07:33:06.000000Z"}, {"uuid": "5fe4a970-1d22-4125-9be6-cbb85f8ddf27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3924", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15245", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3924\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.\n\ud83d\udccf Published: 2025-05-07T01:43:07.782Z\n\ud83d\udccf Modified: 2025-05-07T01:43:07.782Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb36c0f-68b3-492e-9f08-fe6228b0363f?source=cve\n2. https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483\n3. https://wordpress.org/plugins/peprodev-ups/#developers\n4. https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2659\n5. https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2810", "creation_timestamp": "2025-05-07T02:21:38.000000Z"}, {"uuid": "3569eb1b-3a54-497f-9b31-0ededf2061d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "Telegram/fDw4Vf6kwSJ_QsbQNJIzm_DiAG17CwOFTjdetOv1ULjFhQI", "content": "", "creation_timestamp": "2026-05-22T03:00:12.000000Z"}, {"uuid": "a85a9647-436e-4e63-b9b0-3b95e9fc54c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39247", "type": "seen", "source": "Telegram/6gh1HJgE3RFVn7K8UtbcJPp_JwEYzEQXCykvkUTLZjGZEDc", "content": "", "creation_timestamp": "2026-05-21T21:00:05.000000Z"}]}