Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32491 |
Description: Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 11th, 2025 (8 days ago)
|
|
CVE-2025-31599 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 11th, 2025 (8 days ago)
|
|
CVE-2025-31565 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 11th, 2025 (8 days ago)
|
|
CVE-2025-2636 |
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
April 11th, 2025 (8 days ago)
|
|
CVE-2025-32206 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32202 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32140 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32695 |
Description: Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-32642 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.
CVSS: CRITICAL (10.0) EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-32641 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (10 days ago)
|