{"vulnerability": "cve-2025-4951", "sightings": [{"uuid": "51a7aa63-9cb0-4881-a29c-05bc102535f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4951", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lplxfzefnt2j", "content": "", "creation_timestamp": "2025-05-20T11:13:53.384866Z"}, {"uuid": "ba14c278-ed02-4473-a1cf-85914a225b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49510", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49510\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.\n\ud83d\udccf Published: 2025-06-10T12:36:35.258Z\n\ud83d\udccf Modified: 2025-06-10T13:06:54.427Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/product-quantity-for-woocommerce/vulnerability/wordpress-min-max-step-quantity-limits-manager-for-woocommerce-plugin-5-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-10T13:30:09.000000Z"}, {"uuid": "14263e11-34c7-4641-9101-6a7988d6adb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16963", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4951\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Editions of Rapid7 AppSpider Pro before version\u00a07.5.018 is vulnerable to a stored cross-site scripting vulnerability in the \"ScanName\" field.\nDespite the application preventing the inclusion of special characters within the \"ScanName\" field, this could be bypassed by modifying the configuration file directly.\n\nThis is fixed as of version\u00a07.5.018\n\ud83d\udccf Published: 2025-05-20T08:39:38.370Z\n\ud83d\udccf Modified: 2025-05-20T08:39:38.370Z\n\ud83d\udd17 References:\n1. https://docs.rapid7.com/release-notes/appspider/20250516/", "creation_timestamp": "2025-05-20T09:40:00.000000Z"}]}