Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39501
WordPress Goodlayers Hostel Plugin <= 3.1.2 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39500
WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39499
WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39495
WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39489
WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39485
WordPress GrandTour Theme <= 5.5.1 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-39480
WordPress Car Dealer <= 1.6.6 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection. This issue affects Car Dealer: from n/a through 1.6.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-32292
WordPress Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-31927
WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)

CVE-2025-31918
WordPress Simple Business Directory Pro <= 15.4.8 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple Business Directory Pro: from n/a through 15.4.8.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (12 days ago)