{"vulnerability": "cve-2025-4644", "sightings": [{"uuid": "498b13f4-eafd-41d9-a445-db0da851f0cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46447", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13291", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46447\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.\n\ud83d\udccf Published: 2025-04-24T16:09:24.737Z\n\ud83d\udccf Modified: 2025-04-24T16:09:24.737Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fable-extra/vulnerability/wordpress-fable-extra-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:48.000000Z"}, {"uuid": "6ab157b4-2754-4318-b0f7-e81feccab127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46441", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkigoxswr2v", "content": "", "creation_timestamp": "2025-05-19T21:13:10.109840Z"}, {"uuid": "a466c2be-b49a-462a-903d-1a86c905ab2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46440", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17400", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46440\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4.\n\ud83d\udccf Published: 2025-05-23T12:43:48.408Z\n\ud83d\udccf Modified: 2025-05-23T13:42:25.826Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/kstats-reloaded/vulnerability/wordpress-kstats-reloaded-plugin-0-7-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:07.000000Z"}, {"uuid": "56ae75ba-204f-44b6-9af1-93c171130dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46444", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17399", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46444\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects Ads Pro Plugin: from n/a through 4.88.\n\ud83d\udccf Published: 2025-05-23T12:43:47.879Z\n\ud83d\udccf Modified: 2025-05-23T13:42:44.533Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ap-plugin-scripteo/vulnerability/wordpress-ads-pro-plugin-4-88-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:02.000000Z"}, {"uuid": "dcf0f4a0-a74b-48cf-b6a8-c36689c92697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46446", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17398", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46446\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1.\n\ud83d\udccf Published: 2025-05-23T12:43:47.397Z\n\ud83d\udccf Modified: 2025-05-23T13:43:02.121Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/libro-de-reclamaciones/vulnerability/wordpress-libro-de-reclamaciones-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:01.000000Z"}, {"uuid": "2bda6c21-8197-421b-bee6-f93ee03ee511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46448", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17397", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46448\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24.\n\ud83d\udccf Published: 2025-05-23T12:43:46.932Z\n\ud83d\udccf Modified: 2025-05-23T13:43:20.466Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/dms/vulnerability/wordpress-document-management-system-1-24-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:00.000000Z"}]}