{"vulnerability": "cve-2025-3939", "sightings": [{"uuid": "7e6ff2ba-2db8-412b-8d8f-7fe11559ce19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39395", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzzm4yd24", "content": "", "creation_timestamp": "2025-05-19T20:48:18.224178Z"}, {"uuid": "03c20370-fa89-4e5e-9d25-715190316fe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39392", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16910", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39392\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).\n\ud83d\udccf Published: 2025-05-19T19:29:45.931Z\n\ud83d\udccf Modified: 2025-05-19T19:29:45.931Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-17-08-2023-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:58.000000Z"}, {"uuid": "2e553905-26b4-4927-a376-79fe79c343c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13419", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39397\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3.\n\ud83d\udccf Published: 2025-04-24T16:08:33.176Z\n\ud83d\udccf Modified: 2025-04-25T13:56:53.486Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/anything-popup/vulnerability/wordpress-anything-popup-plugin-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:10.000000Z"}, {"uuid": "c5ee505f-4c2a-4291-8238-9f9e758ebfac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39391", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13420", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39391\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce allows PHP Local File Inclusion. This issue affects Checkout Field Visibility for WooCommerce: from n/a through 1.2.3.\n\ud83d\udccf Published: 2025-04-24T16:08:33.921Z\n\ud83d\udccf Modified: 2025-04-25T13:56:45.562Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/checkout-field-visibility-for-woocommerce/vulnerability/wordpress-checkout-field-visibility-for-woocommerce-plugin-1-2-3-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:11.000000Z"}, {"uuid": "0ce6b80a-e261-451f-8ea4-a7d3d5c20c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39390", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13421", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39390\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8.\n\ud83d\udccf Published: 2025-04-24T16:08:34.464Z\n\ud83d\udccf Modified: 2025-04-25T13:56:38.009Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-3-6-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:12.000000Z"}, {"uuid": "a1200dc5-dad7-4ee4-93ad-920bf37cd794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13418", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39399\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashraful Sarkar Naiem License For Envato allows PHP Local File Inclusion. This issue affects License For Envato: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-04-24T16:08:32.610Z\n\ud83d\udccf Modified: 2025-04-25T13:57:00.973Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/license-envato/vulnerability/wordpress-license-for-envato-plugin-1-0-0-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T14:07:09.000000Z"}, {"uuid": "995d2c8f-af0d-48af-b318-1c0c312cb322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39396", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39396\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.\n\ud83d\udccf Published: 2025-05-19T17:15:08.161Z\n\ud83d\udccf Modified: 2025-05-19T17:15:08.161Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-reviews/vulnerability/wordpress-jetreviews-plugin-2-3-6-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:39:05.000000Z"}, {"uuid": "6d503c01-c0f2-43da-95f3-cdea5209fe0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39395", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16913", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39395\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).\n\ud83d\udccf Published: 2025-05-19T19:27:13.848Z\n\ud83d\udccf Modified: 2025-05-19T19:27:13.848Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-44-0-17-08-2023-sql-injection-vulnerability-2?_s_id=cve", "creation_timestamp": "2025-05-19T19:39:04.000000Z"}, {"uuid": "b0719306-d036-4fb4-be29-9ea29fb335fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39398", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16893", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39398\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2.\n\ud83d\udccf Published: 2025-05-19T17:22:42.989Z\n\ud83d\udccf Modified: 2025-05-19T17:22:42.989Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/bellevuex/vulnerability/wordpress-hotel-bed-and-breakfast-booking-calendar-theme-bellevue-theme-4-2-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:39:05.000000Z"}, {"uuid": "7304a5aa-8f62-47ed-887b-4f232cfea63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39393", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39393\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue affects Hospital Management System: from n/a through 47.0 (20-11-2023).\n\ud83d\udccf Published: 2025-05-19T19:28:39.998Z\n\ud83d\udccf Modified: 2025-05-19T19:28:39.998Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:39:00.000000Z"}]}