Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39596
WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability
Description: Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.

CVSS: CRITICAL (9.8)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39595
WordPress Quentn WP <= 1.2.8 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.

CVSS: CRITICAL (9.3)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39588
WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability
Description: Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.

CVSS: CRITICAL (9.8)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39587
WordPress Cost Calculator Builder <= 3.2.65 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.

CVSS: CRITICAL (9.3)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39551
WordPress FluentBoards <= 1.47 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.

CVSS: CRITICAL (9.8)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39550
WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.

CVSS: CRITICAL (9.8)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-39436
WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

CVSS: CRITICAL (9.1)

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-32682
WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34.

CVSS: CRITICAL (9.9)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-32665
WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.

CVSS: CRITICAL (9.3)

Source: CVE
April 17th, 2025 (about 4 hours ago)

CVE-2025-32660
WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.

CVSS: CRITICAL (10.0)

Source: CVE
April 17th, 2025 (about 4 hours ago)