Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-39594	WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4. CVSS: HIGH (7.1) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39586	WordPress ProfileGrid <= 5.9.4.8 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8. CVSS: HIGH (8.5) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39583	WordPress BERTHA AI <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability Description: Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2. CVSS: HIGH (7.1) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39569	WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1. CVSS: HIGH (8.5) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39568	WordPress StoreContrl Woocommerce <= 4.1.3 - Arbitrary File Download Vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. CVSS: HIGH (7.5) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39567	WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8. CVSS: HIGH (7.1) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39558	WordPress CRM Perks plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7. CVSS: HIGH (7.1) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39542	WordPress Xelion Webchat <= 9.1.0 - Privilege Escalation Vulnerability Description: Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0. CVSS: HIGH (8.8) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39535	WordPress Vitepos <= 3.1.7 - Broken Authentication Vulnerability Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7. CVSS: HIGH (7.2) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-39533	WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerability Description: Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation. This issue affects Starfish Review Generation & Marketing: from n/a through 3.1.14. CVSS: HIGH (8.8) Source: CVE April 17th, 2025 (about 4 hours ago)