{"vulnerability": "cve-2025-4653", "sightings": [{"uuid": "4c2bb1a0-cf0d-4a31-9968-14cc04da74ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4653", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrbgunogjg2u", "content": "", "creation_timestamp": "2025-06-10T17:41:36.589813Z"}, {"uuid": "854e6151-e3a9-4a88-b0b8-f0431f735938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4653", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvtn53eagd25", "content": "", "creation_timestamp": "2025-08-07T21:02:25.364705Z"}, {"uuid": "31b34a63-d3d1-43b9-a338-347cf9d6f8f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46535", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnmvfyg7zs2b", "content": "", "creation_timestamp": "2025-04-25T09:20:22.039176Z"}, {"uuid": "1fa14897-ccc6-466f-8293-90139e91dedd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46535", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmxlksra4b2", "content": "", "creation_timestamp": "2025-04-25T10:44:57.138003Z"}, {"uuid": "8e697e63-e2ad-478f-879b-5991cd78ed2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4653", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:04.000000Z"}, {"uuid": "34ff9154-a786-4351-9e6a-c312cbd6e7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46535", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13395", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46535\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-04-25T08:05:56.925Z\n\ud83d\udccf Modified: 2025-04-25T08:05:56.925Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ms-registration/vulnerability/wordpress-custom-login-and-registration-plugin-1-0-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-25T09:07:13.000000Z"}, {"uuid": "d7a4bc7e-3f23-4c65-a9b5-e66bbbf10c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4653", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb", "content": "", "creation_timestamp": "2025-08-07T06:46:55.000000Z"}, {"uuid": "d68a536e-ab00-49b8-8233-d40a88ab8dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46531", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13292", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46531\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4.\n\ud83d\udccf Published: 2025-04-24T16:09:24.176Z\n\ud83d\udccf Modified: 2025-04-24T16:09:24.176Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woozap/vulnerability/wordpress-wp-avcl-automation-helper-formerly-wpflyleads-3-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:48.000000Z"}, {"uuid": "fc68b5ee-9ae4-4525-93ca-e430ac55f994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46538", "type": "seen", "source": "https://t.me/cvedetector/23677", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46538 - Webplanetsoft Inline Text Popup Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46538 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:00.000000Z"}, {"uuid": "13f23a21-93ba-46df-8fe3-fe5ec3f7e969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17957", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4653\n\ud83d\udd25 CVSS Score: 7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:U/V:D/RE:M/U:Green)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105.\n\ud83d\udccf Published: 2025-06-10T15:53:22.364Z\n\ud83d\udccf Modified: 2025-06-10T18:11:02.730Z\n\ud83d\udd17 References:\n1. https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "creation_timestamp": "2025-06-10T18:33:09.000000Z"}, {"uuid": "9a97e706-a345-45d1-a9b7-b1018c0db85b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46535", "type": "seen", "source": "https://t.me/cvedetector/23737", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46535 - AlphaEfficiencyTeam Custom Login and Registration Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46535 \nPublished : April 25, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T10:49:31.000000Z"}, {"uuid": "4d7bd014-804d-43a3-9c95-0a6d3ca29449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46530", "type": "seen", "source": "https://t.me/cvedetector/23687", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46530 - HuangYe WuDeng Hacklog Remote Attachment CSRF Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2025-46530 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:14.000000Z"}, {"uuid": "a894e985-1f1c-4953-b0df-6b3d0b050285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46536", "type": "seen", "source": "https://t.me/cvedetector/23685", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46536 - RichardHarrison Carousel-of-post-images Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-46536 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:09.000000Z"}, {"uuid": "2255cd61-c6f7-419a-ba21-33e86dbc87e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46534", "type": "seen", "source": "https://t.me/cvedetector/23684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46534 - DanielRiera Image Style Hover DOM-Based Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46534 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover allows DOM-Based XSS. This issue affects Image Style Hover: from n/a through 1.0.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:08.000000Z"}, {"uuid": "e4105e45-8070-4f80-82b7-fb407a353747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46533", "type": "seen", "source": "https://t.me/cvedetector/23683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46533 - WordPress wpdrift.no Stored Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-46533 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:08.000000Z"}, {"uuid": "649c5b58-b471-46a8-92d4-499d6b5d5324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46532", "type": "seen", "source": "https://t.me/cvedetector/23682", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46532 - Haris Zulfiqar Tooltip Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-46532 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip allows DOM-Based XSS. This issue affects Tooltip: from n/a through 1.0.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:07.000000Z"}, {"uuid": "7d257fe1-4a8b-48a5-9008-fd1a8cc68c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46531", "type": "seen", "source": "https://t.me/cvedetector/23681", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46531 - Ankur Vishwakarma WP AVCL Automation Helper SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46531 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:06.000000Z"}]}