{"vulnerability": "cve-2025-4746", "sightings": [{"uuid": "4e263bd4-d161-45b4-81b5-7e48ab4a9309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47462", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lomec4lyv72q", "content": "", "creation_timestamp": "2025-05-07T21:39:09.497420Z"}, {"uuid": "d2a7ef2f-6285-49ea-af84-f08d6113aa11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47468", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15553", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47468\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8.\n\ud83d\udccf Published: 2025-05-07T14:19:42.668Z\n\ud83d\udccf Modified: 2025-05-08T16:12:51.504Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hash-form/vulnerability/wordpress-hash-form-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-08T16:23:52.000000Z"}, {"uuid": "9c04cc0c-07da-46fc-8162-2b9d2131dd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47469", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15358", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47469\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0.\n\ud83d\udccf Published: 2025-05-07T14:19:43.203Z\n\ud83d\udccf Modified: 2025-05-07T16:36:52.971Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/media-hygiene/vulnerability/wordpress-media-hygiene-4-0-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T17:22:58.000000Z"}, {"uuid": "c3274648-e984-4dfc-a4c9-f58fc1b233d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4746", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16633", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4746\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T04:31:04.556Z\n\ud83d\udccf Modified: 2025-05-16T04:31:04.556Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309046\n2. https://vuldb.com/?ctiid.309046\n3. https://vuldb.com/?submit.571020\n4. https://github.com/snkercyber/CVE/issues/2\n5. https://www.campcodes.com/", "creation_timestamp": "2025-05-16T05:34:41.000000Z"}]}