Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-47637
WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-47599
WordPress Facturante <= 1.11 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-47568
WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-47539
WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.

CVSS: CRITICAL (9.8)

EPSS Score: 6.01%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-47532
WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce allows Object Injection. This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through 1.0.17.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-47530
WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-46539
WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-46490
WordPress Crossword Compiler Puzzles <= 5.2 - Arbitrary File Upload Vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles: from n/a through 5.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-46468
WordPress Fable Extra <= 1.0.6 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra allows PHP Local File Inclusion. This issue affects Fable Extra: from n/a through 1.0.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (15 days ago)

CVE-2025-46460
WordPress Easy Guide <= 1.0.0 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through 1.0.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (15 days ago)