{"vulnerability": "cve-2025-3942", "sightings": [{"uuid": "a5027b0a-9f12-4250-9785-a2e489cb2bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3942", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprg3uv7z52a", "content": "", "creation_timestamp": "2025-05-22T15:19:57.834569Z"}, {"uuid": "488a1fae-f23d-4bb8-8cae-3a7902e1249b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39429", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12256", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39429\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in F\u00f6ldesi, Mih\u00e1ly Sz\u00e9chenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Sz\u00e9chenyi 2020 Logo: from n/a through 1.1.\n\ud83d\udccf Published: 2025-04-17T15:17:01.096Z\n\ud83d\udccf Modified: 2025-04-17T15:50:22.559Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/szechenyi-2020-logo/vulnerability/wordpress-szechenyi-2020-logo-1-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T15:57:36.000000Z"}, {"uuid": "86ab6815-91c8-48a7-bea0-9a9081c22578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39422", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39422\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6.\n\ud83d\udccf Published: 2025-04-17T15:17:07.040Z\n\ud83d\udccf Modified: 2025-04-17T16:05:48.459Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-social-bookmarking/vulnerability/wordpress-wp-social-bookmarking-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:37.000000Z"}, {"uuid": "0d82cae9-a141-4a9d-9bfe-c2a3eae3e2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39423", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12276", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39423\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0.\n\ud83d\udccf Published: 2025-04-17T15:17:06.219Z\n\ud83d\udccf Modified: 2025-04-17T16:06:12.063Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/add-to-header/vulnerability/wordpress-add-to-header-plugin-1-0-csrf-to-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:36.000000Z"}, {"uuid": "d057a4a5-f538-484a-92d8-0265b39b7bde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39424", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39424\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.\n\ud83d\udccf Published: 2025-04-17T15:17:05.305Z\n\ud83d\udccf Modified: 2025-04-17T16:06:43.523Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/interactive-maps/vulnerability/wordpress-simple-maps-plugin-0-98-csrf-to-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:35.000000Z"}, {"uuid": "a56c3b7d-eebf-4b00-b2ca-d2206d5a3535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3942", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3942\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\n\ud83d\udccf Published: 2025-05-22T12:40:12.581Z\n\ud83d\udccf Modified: 2025-05-22T13:36:18.427Z\n\ud83d\udd17 References:\n1. https://www.tridium.com/us/en/product-security\n2. https://www.honeywell.com/us/en/product-security#security-notices", "creation_timestamp": "2025-05-22T13:43:14.000000Z"}, {"uuid": "216c9d91-2834-447e-9254-b019998da401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39426", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39426\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in illow illow \u2013 Cookies Consent allows Cross Site Request Forgery. This issue affects illow \u2013 Cookies Consent: from n/a through 0.2.0.\n\ud83d\udccf Published: 2025-04-17T15:17:03.650Z\n\ud83d\udccf Modified: 2025-04-17T16:08:34.339Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/lgpd-compliant-cookie-banner/vulnerability/wordpress-illow-cookies-consent-plugin-0-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:33.000000Z"}, {"uuid": "ac93cfc9-fedd-49ce-9fe3-08672eb24598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39427", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39427\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced allows Stored XSS. This issue affects WP Post to PDF Enhanced: from n/a through 1.1.1.\n\ud83d\udccf Published: 2025-04-17T15:17:02.846Z\n\ud83d\udccf Modified: 2025-04-17T16:08:56.400Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-post-to-pdf-enhanced/vulnerability/wordpress-wp-post-to-pdf-enhanced-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:32.000000Z"}, {"uuid": "22ea413c-dedf-4902-b6be-aaaeeb119283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39425", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39425\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7.\n\ud83d\udccf Published: 2025-04-17T15:17:04.438Z\n\ud83d\udccf Modified: 2025-04-17T16:07:41.304Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/style-manager/vulnerability/wordpress-style-manager-plugin-2-2-7-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:34.000000Z"}, {"uuid": "1f5a2aea-9ce5-4112-a69d-ae94fa184b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39421", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39421\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.\n\ud83d\udccf Published: 2025-04-17T15:17:07.891Z\n\ud83d\udccf Modified: 2025-04-17T16:05:21.925Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-sticky-side-buttons/vulnerability/wordpress-wp-sticky-side-buttons-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T16:58:42.000000Z"}]}