Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39401
WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39395
WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39389
WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39386
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39380
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39356
WordPress Foodbakery Sticky Cart plugin <= 3.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through 3.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39354
WordPress Grand Conference theme <= 5.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39349
WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39348
WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-32928
WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)