Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31069 |
Description: Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-31056 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-31049 |
Description: Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 23rd, 2025 (14 days ago)
|
|
CVE-2025-4524 |
Description: The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
May 21st, 2025 (16 days ago)
|
|
CVE-2025-4094 |
Description: The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
CVSS: CRITICAL (9.8) EPSS Score: 0.54%
May 21st, 2025 (16 days ago)
|
|
CVE-2025-4322 |
Description: The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
May 20th, 2025 (17 days ago)
|
|
CVE-2025-48340 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
May 19th, 2025 (17 days ago)
|
|
CVE-2025-39410 |
Description: Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 19th, 2025 (17 days ago)
|
|
CVE-2025-39406 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through 44.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.15%
May 19th, 2025 (17 days ago)
|
|
CVE-2025-39402 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
May 19th, 2025 (17 days ago)
|