{"vulnerability": "cve-2025-3938", "sightings": [{"uuid": "1a7894b1-962e-425e-a7b7-5c8e6d2c5a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39383", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13425", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39383\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web Xews Lite allows PHP Local File Inclusion. This issue affects Xews Lite: from n/a through 1.0.9.\n\ud83d\udccf Published: 2025-04-24T16:08:36.801Z\n\ud83d\udccf Modified: 2025-04-25T13:56:07.668Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/xews-lite/vulnerability/wordpress-xews-lite-plugin-1-0-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:18.000000Z"}, {"uuid": "d1613c0b-80ee-436a-b062-f3fcab668f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39380", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzyfduc2s", "content": "", "creation_timestamp": "2025-05-19T20:48:11.666483Z"}, {"uuid": "3efe5b21-f30f-465b-bafb-5d63b2b8e3f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39389", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzzsv5j2p", "content": "", "creation_timestamp": "2025-05-19T20:48:19.362232Z"}, {"uuid": "eba6d2c5-f73d-4af2-920e-240e3c6967f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzzw5fc2p", "content": "", "creation_timestamp": "2025-05-19T20:48:19.878221Z"}, {"uuid": "295aa92d-cac1-4490-9778-6ea600bf3685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39384", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13424", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39384\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce Product Lister for eBay allows PHP Local File Inclusion. This issue affects Product Lister for eBay: from n/a through 2.0.9.\n\ud83d\udccf Published: 2025-04-24T16:08:36.231Z\n\ud83d\udccf Modified: 2025-04-25T13:56:14.930Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/product-lister-ebay/vulnerability/wordpress-product-lister-for-ebay-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:17.000000Z"}, {"uuid": "7699b89e-e13d-4044-9525-8ff9cbd7b5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39381", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39381\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.\n\ud83d\udccf Published: 2025-04-24T16:08:38.048Z\n\ud83d\udccf Modified: 2025-04-25T13:55:52.695Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/kiotvietsync/vulnerability/wordpress-kiotviet-sync-plugin-1-8-4-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:23.000000Z"}, {"uuid": "50e7ce51-ef81-4659-9c71-f0fb882b9b50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39382", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13426", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39382\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1.\n\ud83d\udccf Published: 2025-04-24T16:08:37.380Z\n\ud83d\udccf Modified: 2025-04-25T13:55:59.661Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/acf-google-font-selector-field/vulnerability/wordpress-acf-google-font-selector-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:19.000000Z"}, {"uuid": "ac324764-4748-40f1-9633-5228a799ac17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39385", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39385\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sirat: from n/a through 1.5.1.\n\ud83d\udccf Published: 2025-04-24T16:08:35.631Z\n\ud83d\udccf Modified: 2025-04-25T13:56:21.887Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/sirat/vulnerability/wordpress-sirat-theme-1-5-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:16.000000Z"}, {"uuid": "8a47a132-9bd7-49ea-b68b-f308ac14f76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39387\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Opstore allows PHP Local File Inclusion. This issue affects Opstore: from n/a through 1.4.5.\n\ud83d\udccf Published: 2025-04-24T16:08:35.023Z\n\ud83d\udccf Modified: 2025-04-25T13:56:29.228Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/opstore/vulnerability/wordpress-opstore-theme-1-4-5-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:15.000000Z"}, {"uuid": "8d2fbca8-f517-4cdd-8f1b-6e862bdef8cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39386", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16907", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39386\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).\n\ud83d\udccf Published: 2025-05-19T19:34:11.730Z\n\ud83d\udccf Modified: 2025-05-19T19:34:11.730Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-sql-injection-vulnerability-2?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:55.000000Z"}, {"uuid": "1306252b-0a32-4f9f-9082-1192dcde3824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39389", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16909", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39389\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2.\n\ud83d\udccf Published: 2025-05-19T19:31:20.579Z\n\ud83d\udccf Modified: 2025-05-19T19:31:20.579Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-2-1-2-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:57.000000Z"}]}