Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31552 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31551 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31534 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper allows SQL Injection. This issue affects Shopper: from n/a through 3.2.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31531 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 allows SQL Injection. This issue affects History Log by click5: from n/a through 1.0.13.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30841 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30807 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a through 3.9.4.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30580 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. This issue affects DigiWidgets Image Editor: from n/a through 1.10.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-2237 |
Description: The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.22%
April 1st, 2025 (18 days ago)
|
|
CVE-2024-13553 |
Description: The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code "1234" and authenticate as any user, including administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31095 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
April 1st, 2025 (18 days ago)
|