Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27268
WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-26988
WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-26970
WordPress Ark Theme Core plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0.

CVSS: CRITICAL (10.0)

EPSS Score: 0.07%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-26535
WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Bitcoin / AltCoin Payment Gateway for WooCommerce allows Blind SQL Injection. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-25150
Directory Listings WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-1875
SQL injection vulnerability in 101news
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-1874
SQL injection vulnerability in 101news
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-1873
SQL injection vulnerability in 101news
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-1872
SQL injection vulnerability in 101news
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)

CVE-2025-1871
SQL injection vulnerability in 101news
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (about 2 months ago)