{"vulnerability": "cve-2025-3945", "sightings": [{"uuid": "57503ca0-086a-404d-9ace-ed26dd158fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3945", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprhwnyjv32y", "content": "", "creation_timestamp": "2025-05-22T15:52:50.369219Z"}, {"uuid": "994276b2-cca8-4b49-95f3-b58ff266c3c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3945", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02", "content": "", "creation_timestamp": "2025-08-07T10:00:00.000000Z"}, {"uuid": "151ed3c2-460a-4226-a15e-82111696090b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39459", "type": "published-proof-of-concept", "source": "Telegram/8LISbnUQFWA86ak3ubyaCZMxs8RQbiaZ8ONexaBDd7tfzQU", "content": "", "creation_timestamp": "2026-03-27T09:00:13.000000Z"}, {"uuid": "f1f906ba-d02c-4523-9d67-cc46c50f479a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39454", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16887", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39454\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.\n\ud83d\udccf Published: 2025-05-19T17:31:37.126Z\n\ud83d\udccf Modified: 2025-05-19T17:31:37.126Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/name-directory/vulnerability/wordpress-name-directory-plugin-1-30-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:38:55.000000Z"}, {"uuid": "94b88afc-b97b-4ca5-b254-f429406c0a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39452", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12304", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39452\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.\n\ud83d\udccf Published: 2025-04-17T15:15:42.576Z\n\ud83d\udccf Modified: 2025-04-17T17:23:57.271Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-cafe/vulnerability/wordpress-wpcafe-plugin-2-2-32-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-17T17:57:39.000000Z"}, {"uuid": "bc841e79-90d4-4f08-87bd-8f57a7e694ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39450", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16886", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39450\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.7.\n\ud83d\udccf Published: 2025-05-19T17:32:19.805Z\n\ud83d\udccf Modified: 2025-05-19T17:32:19.805Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:38:54.000000Z"}, {"uuid": "595c0ee9-1c54-484d-8875-fdebc81b7fe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39451", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16908", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39451\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16.\n\ud83d\udccf Published: 2025-05-19T18:48:48.908Z\n\ud83d\udccf Modified: 2025-05-19T19:33:57.124Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/jet-blocks/vulnerability/wordpress-jetblocks-for-elementor-1-3-16-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:56.000000Z"}, {"uuid": "a7eb845a-07cb-4795-8a56-063967f71e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39458", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16906", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39458\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2.\n\ud83d\udccf Published: 2025-05-19T18:47:55.062Z\n\ud83d\udccf Modified: 2025-05-19T19:34:36.694Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/foton/vulnerability/wordpress-foton-theme-2-5-2-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:52.000000Z"}, {"uuid": "114fbc9d-e4f6-4c57-b966-bcff2e0a2840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39459", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16905", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39459\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2.\n\ud83d\udccf Published: 2025-05-19T18:46:41.609Z\n\ud83d\udccf Modified: 2025-05-19T19:35:03.253Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/realestate-7/vulnerability/wordpress-real-estate-7-theme-3-5-2-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T19:38:50.000000Z"}]}