{"vulnerability": "CVE-2025-2470", "sightings": [{"uuid": "acf8354e-f8ae-4d7f-af52-0a8ccc0db513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24707", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhc4ud4qaj2k", "content": "", "creation_timestamp": "2025-02-03T18:03:13.446110Z"}, {"uuid": "e374d765-a6aa-4672-a9b7-c2f3ad8db610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24707", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113941357925114498", "content": "", "creation_timestamp": "2025-02-03T18:25:46.790029Z"}, {"uuid": "c80106dc-d274-4756-9800-1fe250a25ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24708", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqad3tl5u2t", "content": "", "creation_timestamp": "2025-01-27T15:17:13.313285Z"}, {"uuid": "0bd8d1a2-15c7-4910-a2f7-4f9d12ec4c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24703", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885467560504155", "content": "", "creation_timestamp": "2025-01-24T21:32:07.554561Z"}, {"uuid": "9d513914-7d4e-4fc9-9b78-a46ff987f7f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24707", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtotuc6l2c", "content": "", "creation_timestamp": "2025-02-03T15:19:04.055782Z"}, {"uuid": "3986824e-8591-4fab-bee4-36abf63cde67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24704", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885526576461511", "content": "", "creation_timestamp": "2025-01-24T21:47:07.863049Z"}, {"uuid": "6c8474c6-cf21-4fe9-bba5-436b2f06ec27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24705", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885526591239017", "content": "", "creation_timestamp": "2025-01-24T21:47:08.390339Z"}, {"uuid": "10de01a3-bc1d-4781-bd7f-aa24495e3464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24706", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885526605800953", "content": "", "creation_timestamp": "2025-01-24T21:47:08.595320Z"}, {"uuid": "2a6161f5-fd13-4f0f-b16b-c192e1f1b321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24709", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885526623072647", "content": "", "creation_timestamp": "2025-01-24T21:47:08.933427Z"}, {"uuid": "7125c1a6-6c2b-42a2-8a49-302cad48669c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24700", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5c3fmc2b24", "content": "", "creation_timestamp": "2025-02-14T13:18:30.604843Z"}, {"uuid": "4cab7390-9be6-4a97-a36f-efb3b8ad5446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24701", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885467530063505", "content": "", "creation_timestamp": "2025-01-24T21:32:06.962874Z"}, {"uuid": "298d3605-6f3a-4661-a4fd-c15bda20b9b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24702", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113885467545923225", "content": "", "creation_timestamp": "2025-01-24T21:32:07.073738Z"}, {"uuid": "b4918fc1-5a20-44ff-b230-bbbda5d80838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24700", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003164230686807", "content": "", "creation_timestamp": "2025-02-14T16:23:56.017297Z"}, {"uuid": "1226b919-2dd2-41e7-aa98-17450cd76ec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24707", "type": "seen", "source": "MISP/f7787455-9994-4047-b6f7-77347597c104", "content": "", "creation_timestamp": "2025-08-26T18:36:19.000000Z"}, {"uuid": "46fc724f-d6e6-4729-a3a5-7b8f85f05e8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2470", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnncroikpk2a", "content": "", "creation_timestamp": "2025-04-25T13:19:33.761401Z"}, {"uuid": "7767e9c9-196b-4883-a8d5-352bd4bcf1ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2470", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114398915491929928", "content": "", "creation_timestamp": "2025-04-25T13:48:43.770601Z"}, {"uuid": "8e65a3dc-da67-49d8-a259-2e9824d774c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24702", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24702\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20.\n\ud83d\udccf Published: 2025-01-24T17:24:51.689Z\n\ud83d\udccf Modified: 2025-01-24T18:56:10.728Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/xagio-seo/vulnerability/wordpress-xagio-seo-plugin-7-0-0-20-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-24T19:05:14.000000Z"}, {"uuid": "66365453-b854-401c-84c0-9686f004fa2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2470", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13406", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2470\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.\n\ud83d\udccf Published: 2025-04-25T11:12:53.066Z\n\ud83d\udccf Modified: 2025-04-25T11:57:50.900Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a1f62cda-262b-46d9-a839-0a573813cfa1?source=cve\n2. https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793", "creation_timestamp": "2025-04-25T12:09:52.000000Z"}, {"uuid": "69d28f22-eaf1-4dad-ac32-8daa24d4d5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24700", "type": "seen", "source": "Telegram/1hyx-xddl553m6ux5CZUmwH84K_oxMVsKo_HZyTHKWq-JqE", "content": "", "creation_timestamp": "2026-01-08T15:03:39.000000Z"}, {"uuid": "751fd818-fd14-44d2-b69e-d152531acd9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24700", "type": "seen", "source": "https://t.me/cvedetector/18088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24700 - Xylus Themes WP Event Aggregator Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-24700 \nPublished : Feb. 14, 2025, 1:15 p.m. | 55\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T15:45:28.000000Z"}, {"uuid": "4c44afb2-9e0c-474d-8dac-d76b787a06b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2470", "type": "seen", "source": "Telegram/b9sXcdXlKjOGiHAhXzuewC2IIl0K5N4xqg-evB3-oWDtUpM", "content": "", "creation_timestamp": "2025-04-25T14:00:14.000000Z"}, {"uuid": "6da91e36-a6e0-4d0b-a2ec-a74945547cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2470", "type": "seen", "source": "https://t.me/cvedetector/23752", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2470 - Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2470 \nPublished : April 25, 2025, 12:15 p.m. | 35\u00a0minutes ago \nDescription : The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T15:00:30.000000Z"}, {"uuid": "cc37972d-c69e-4bac-86be-5618fc7dbd5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24708", "type": "seen", "source": "https://t.me/cvedetector/16476", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24708 - Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-24708 \nPublished : Jan. 27, 2025, 3:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T17:40:34.000000Z"}, {"uuid": "1dfa53f4-6480-4b9f-9167-27f5e05bde38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24707", "type": "seen", "source": "https://t.me/cvedetector/17061", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24707 - GT3 Photo Gallery Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-24707 \nPublished : Feb. 3, 2025, 3:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 Photo Gallery Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T17:48:38.000000Z"}]}