Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-32682	WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. CVSS: CRITICAL (9.9) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32665	WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0. CVSS: CRITICAL (9.3) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32660	WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. CVSS: CRITICAL (10.0) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32658	WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. CVSS: CRITICAL (9.8) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32652	WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. CVSS: CRITICAL (9.9) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32648	WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability Description: Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16. CVSS: CRITICAL (9.8) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32636	WordPress Local Magic Plugin <= 2.6.0 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0. CVSS: CRITICAL (9.3) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32626	WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2. CVSS: CRITICAL (9.3) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32583	WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. CVSS: CRITICAL (9.9) Source: CVE April 17th, 2025 (about 4 hours ago)
CVE-2025-32572	WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2. CVSS: CRITICAL (9.8) Source: CVE April 17th, 2025 (about 4 hours ago)