Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23825 |
Description: TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.
CVSS: LOW (3.0) EPSS Score: 0.29% SSVC Exploitation: poc
May 29th, 2025 (4 days ago)
|
|
CVE-2024-10098 |
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Description: The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVSS: LOW (2.7) EPSS Score: 0.03%
May 15th, 2025 (18 days ago)
|
|
CVE-2025-3583 |
Description: The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
May 5th, 2025 (28 days ago)
|
|
CVE-2025-3514 |
Description: The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
May 2nd, 2025 (about 1 month ago)
|
|
CVE-2025-3513 |
Description: The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
May 2nd, 2025 (about 1 month ago)
|
|
CVE-2025-3504 |
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03% SSVC Exploitation: poc
May 1st, 2025 (about 1 month ago)
|
|
CVE-2025-3502 |
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03% SSVC Exploitation: poc
May 1st, 2025 (about 1 month ago)
|
|
CVE-2024-12273 |
Description: The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
April 29th, 2025 (about 1 month ago)
|
|
CVE-2025-1523 |
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2024-11924 |
Description: The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|