Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32576 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-32496 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.
CVSS: CRITICAL (9.6) EPSS Score: 0.02%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-31033 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross Site Request Forgery. This issue affects Buddypress Humanity: from n/a through 1.2.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-31002 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 9th, 2025 (10 days ago)
|
|
CVE-2024-30224 |
Description: Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.42% SSVC Exploitation: none
April 8th, 2025 (11 days ago)
|
|
CVE-2024-29100 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVSS: CRITICAL (9.1) EPSS Score: 0.22% SSVC Exploitation: none
April 8th, 2025 (11 days ago)
|
|
CVE-2024-2890 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
CVSS: CRITICAL (9.1) EPSS Score: 0.43% SSVC Exploitation: poc
April 8th, 2025 (11 days ago)
|
|
CVE-2025-2004 |
Description: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: CRITICAL (9.1) EPSS Score: 0.34%
April 8th, 2025 (11 days ago)
|
|
CVE-2025-2941 |
Description: The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
April 5th, 2025 (14 days ago)
|
|
CVE-2025-32118 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (15 days ago)
|