https://vulnerability.circl.lu/sightings/feed 2026-06-09T03:44:28.720666+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3c6aa7cb-d428-4784-9937-f431408961e6/export 2026-06-09T03:44:29.092079+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "3c6aa7cb-d428-4784-9937-f431408961e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3479", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12207", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3479\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.\n\ud83d\udccf Published: 2025-04-17T11:13:06.397Z\n\ud83d\udccf Modified: 2025-04-17T11:13:06.397Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c873c04e-516e-41ee-a295-b8c5235abc1b?source=cve\n2. https://plugins.trac.wordpress.org/browser/forminator/tags/1.41.2/library/modules/custom-forms/front/front-action.php#L964\n3. https://plugins.trac.wordpress.org/changeset/3274844/", "creation_timestamp": "2025-04-17T12:00:54.000000Z"} 2025-04-17T12:00:54+00:00 https://vulnerability.circl.lu/sighting/fc745cfc-d4e2-4a09-b177-c874f22d7674/export 2026-06-09T03:44:29.091949+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "fc745cfc-d4e2-4a09-b177-c874f22d7674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3479", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmze2iybrl2u", "content": "", "creation_timestamp": "2025-04-17T14:49:09.839660Z"} 2025-04-17T14:49:09.839660+00:00 https://vulnerability.circl.lu/sighting/537a8bf2-b455-4fbd-af2f-61f6ae55cf1c/export 2026-06-09T03:44:29.087582+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "537a8bf2-b455-4fbd-af2f-61f6ae55cf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3479", "type": "seen", "source": "https://t.me/cvedetector/23231", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3479 - Forminator Forms - WordPress Stripe Payment Intent Order Replay Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3479 \nPublished : April 17, 2025, 12:15 p.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T17:09:33.000000Z"} 2025-04-17T17:09:33+00:00