https://vulnerability.circl.lu/sightings/feed 2026-06-25T00:24:04.184933+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/e4abb57e-99f1-41a6-b5e8-da2975cc9bd9/export 2026-06-25T00:24:04.211159+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "e4abb57e-99f1-41a6-b5e8-da2975cc9bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22810", "type": "seen", "source": "https://t.me/cvedetector/14871", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22810 - CBB Team Content Blocks Builder Cross-site Scripting (XSS) Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22810 \nPublished : Jan. 9, 2025, 4:16 p.m. | 28\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T17:46:15.000000Z"} 2025-01-09T17:46:15+00:00 https://vulnerability.circl.lu/sighting/81cdbed0-d8ec-47ab-bf2a-570250e94136/export 2026-06-25T00:24:04.211088+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "81cdbed0-d8ec-47ab-bf2a-570250e94136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22811", "type": "seen", "source": "https://t.me/cvedetector/14872", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22811 - Elementor MT Addons Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22811 \nPublished : Jan. 9, 2025, 4:16 p.m. | 28\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T17:46:16.000000Z"} 2025-01-09T17:46:16+00:00 https://vulnerability.circl.lu/sighting/407c0f47-74e8-46c5-80b5-f2fd9fe01a6d/export 2026-06-25T00:24:04.211018+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "407c0f47-74e8-46c5-80b5-f2fd9fe01a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22819", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1234", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22819\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-01-09T15:39:00.535Z\n\ud83d\udccf Modified: 2025-01-10T20:45:07.851Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/qr-code-and-barcode-scanner-reader/vulnerability/wordpress-qr-code-and-barcode-scanner-reader-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:08.000000Z"} 2025-01-10T21:04:08+00:00 https://vulnerability.circl.lu/sighting/d4b25a3c-a1c6-4b7e-8ae4-39e5d71608ce/export 2026-06-25T00:24:04.210946+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "d4b25a3c-a1c6-4b7e-8ae4-39e5d71608ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22818", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22818\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S3Bubble S3Player \u2013 WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player \u2013 WooCommerce & Elementor Integration: from n/a through 4.2.1.\n\ud83d\udccf Published: 2025-01-09T15:39:01.141Z\n\ud83d\udccf Modified: 2025-01-10T20:44:50.086Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/drm-protected-video-streaming/vulnerability/wordpress-s3player-plugin-4-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:11.000000Z"} 2025-01-10T21:04:11+00:00 https://vulnerability.circl.lu/sighting/c9393c9c-71c8-4ed7-b487-91e828086d19/export 2026-06-25T00:24:04.210874+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "c9393c9c-71c8-4ed7-b487-91e828086d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22817", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22817\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0.\n\ud83d\udccf Published: 2025-01-09T15:39:01.733Z\n\ud83d\udccf Modified: 2025-01-10T20:44:43.181Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bp-profile-shortcodes-extra/vulnerability/wordpress-bp-profile-shortcodes-extra-plugin-2-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:13.000000Z"} 2025-01-10T21:04:13+00:00 https://vulnerability.circl.lu/sighting/42210d17-fbfa-403d-8809-72df61c16640/export 2026-06-25T00:24:04.210803+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "42210d17-fbfa-403d-8809-72df61c16640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22815", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1237", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22815\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6.\n\ud83d\udccf Published: 2025-01-09T15:39:02.754Z\n\ud83d\udccf Modified: 2025-01-10T20:44:35.864Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/button-block/vulnerability/wordpress-button-block-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:15.000000Z"} 2025-01-10T21:04:15+00:00 https://vulnerability.circl.lu/sighting/224cbd07-2bf6-4740-8a38-6e04d7ee95ca/export 2026-06-25T00:24:04.210728+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "224cbd07-2bf6-4740-8a38-6e04d7ee95ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22814", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1238", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22814\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1.\n\ud83d\udccf Published: 2025-01-09T15:39:03.651Z\n\ud83d\udccf Modified: 2025-01-10T20:44:28.484Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/zephyr-modern-admin-theme/vulnerability/wordpress-zephyr-admin-theme-plugin-1-4-1-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:17.000000Z"} 2025-01-10T21:04:17+00:00 https://vulnerability.circl.lu/sighting/181c0ec7-04ed-4293-a915-238f4601e74e/export 2026-06-25T00:24:04.210651+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "181c0ec7-04ed-4293-a915-238f4601e74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22813", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1239", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22813\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2.\n\ud83d\udccf Published: 2025-01-09T15:39:04.226Z\n\ud83d\udccf Modified: 2025-01-10T20:44:16.620Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/conversational-forms/vulnerability/wordpress-chatbot-conversational-forms-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-10T21:04:20.000000Z"} 2025-01-10T21:04:20+00:00 https://vulnerability.circl.lu/sighting/2261d4a9-7757-4ecb-a983-08872705c311/export 2026-06-25T00:24:04.210536+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "2261d4a9-7757-4ecb-a983-08872705c311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22816", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9410", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22816\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5.\n\ud83d\udccf Published: 2025-03-27T14:03:53.906Z\n\ud83d\udccf Modified: 2025-03-28T17:00:38.859Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/power-mag/vulnerability/wordpress-power-mag-theme-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T17:28:51.000000Z"} 2025-03-28T17:28:51+00:00 https://vulnerability.circl.lu/sighting/fd0d6e79-615a-4f1f-8fd4-4a53a2530173/export 2026-06-25T00:24:04.207610+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "fd0d6e79-615a-4f1f-8fd4-4a53a2530173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2281", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lurpsyzgi32f", "content": "", "creation_timestamp": "2025-07-25T09:19:56.004668Z"} 2025-07-25T09:19:56.004668+00:00