Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31403 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-2798 |
Description: The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
CVSS: CRITICAL (9.8) EPSS Score: 0.18%
April 4th, 2025 (15 days ago)
|
|
CVE-2024-51800 |
Description: Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-2780 |
Description: The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.3%
April 4th, 2025 (15 days ago)
|
|
CVE-2024-13645 |
Description: The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
CVSS: CRITICAL (9.8) EPSS Score: 0.36%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-31911 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 3rd, 2025 (16 days ago)
|
|
CVE-2025-2005 |
Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-31612 |
Description: Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31579 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword allows SQL Injection. This issue affects WP AutoKeyword: from n/a through 1.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31553 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through 3.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|