{"vulnerability": "cve-2025-3949", "sightings": [{"uuid": "f721f830-86ea-41a5-b500-dc891792b0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3949", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loq2kadzyhk2", "content": "", "creation_timestamp": "2025-05-09T09:32:01.095086Z"}, {"uuid": "4fbca32e-21d2-42a2-bcc5-78b384ff346b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodolbbh2t", "content": "", "creation_timestamp": "2025-05-16T18:37:41.436227Z"}, {"uuid": "64cc9ac0-53e1-47cf-b62e-63be0c6f0d6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3949", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loqgnidvro2p", "content": "", "creation_timestamp": "2025-05-09T12:31:59.081359Z"}, {"uuid": "ab89063f-89df-49b4-a25e-b049c740eed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39498", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq3i3iuvkox2", "content": "", "creation_timestamp": "2025-05-26T15:23:16.946345Z"}, {"uuid": "1f58d02a-24d1-4312-8180-98ecaac53768", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39492", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16715", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39492\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.\n\ud83d\udccf Published: 2025-05-16T15:45:25.612Z\n\ud83d\udccf Modified: 2025-05-16T16:20:22.027Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/whmpress/vulnerability/wordpress-whmpress-plugin-6-2-revision-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:35:03.000000Z"}, {"uuid": "ff221cbd-b0c9-4fdc-bfce-882eccf178ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq3pm5dbvg2w", "content": "", "creation_timestamp": "2025-05-26T17:36:44.619352Z"}, {"uuid": "4a62d095-f929-45b8-8318-487dc29c5317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39497", "type": "published-proof-of-concept", "source": "Telegram/enKzt3bxSKd8zB2DxOAdSs1JHzkbkyRgEfAWm4z9IF02rbM", "content": "", "creation_timestamp": "2026-01-05T18:04:56.000000Z"}, {"uuid": "cee4cc6d-dd49-4896-bd95-7707393f8846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39493", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16714", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39493\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0.\n\ud83d\udccf Published: 2025-05-16T15:45:25.055Z\n\ud83d\udccf Modified: 2025-05-16T16:20:41.156Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/valvepress-rankie/vulnerability/wordpress-rankie-1-8-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:35:02.000000Z"}, {"uuid": "104d6122-680a-4826-bbf0-b66c6134f31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39498", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17566", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39498\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through 1.7.1.\n\ud83d\udccf Published: 2025-05-26T14:05:22.053Z\n\ud83d\udccf Modified: 2025-05-26T14:05:22.053Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/spotlight-social-photo-feeds-premium/vulnerability/wordpress-spotlight-social-media-feeds-premium-plugin-1-7-1-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-26T14:47:14.000000Z"}, {"uuid": "9c5685f5-8933-45f3-ab0c-a82e2369604a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39494", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39494\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilm\u00ebr allows PHP Local File Inclusion. This issue affects Wilm\u00ebr: from n/a through n/a.\n\ud83d\udccf Published: 2025-05-23T12:43:54.021Z\n\ud83d\udccf Modified: 2025-05-23T13:29:05.194Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/wilmer/vulnerability/wordpress-wilmer-theme-3-4-2-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T13:51:44.000000Z"}, {"uuid": "40d10a8a-d840-45de-a129-69b04e0f4d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39499", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17381", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39499\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.\n\ud83d\udccf Published: 2025-05-23T12:43:53.107Z\n\ud83d\udccf Modified: 2025-05-23T13:29:46.559Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/medicare/vulnerability/wordpress-medicare-theme-2-1-0-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T13:47:47.000000Z"}, {"uuid": "428d4d59-c7f9-4c82-89c3-4e5c948b7679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3949", "type": "seen", "source": "https://t.me/cvedetector/24939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3949 - SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3949 \nPublished : May 9, 2025, 9:15 a.m. | 46\u00a0minutes ago \nDescription : The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T12:52:17.000000Z"}]}