Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32927
WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-32926
WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-47582
WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-47581
WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-47577
WordPress TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload Vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2.

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-39445
WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-26892
WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (17 days ago)

CVE-2025-26872
WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.05%

Source: CVE
May 19th, 2025 (17 days ago)
[auth0/wordpress] Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Description: Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: Applications using the Auth0 WordPress Plugin with version <=5.2.1 Auth0 WordPress Plugin uses the Auth0-PHP SDK with version 8.0.0-BETA1 or higher and below 8.14.0. Session storage configured with CookieStore. Fix Upgrade Auth0/wordpress plugin to v5.3.0. As an additional precautionary measure, we recommend rotating your cookie encryption keys. Note that once updated, any previous session cookies will be rejected. Acknowledgement Okta would like to thank FĂ©lix Charette for discovering this vulnerability. References https://github.com/auth0/wordpress/security/advisories/GHSA-2f4r-34m4-3w8q https://nvd.nist.gov/vuln/detail/CVE-2025-47275 https://github.com/auth0/wordpress/commit/06b64468089472d8b62c881708be7eb3749b35ac https://github.com/auth0/wordpress/releases/tag/5.3.0 https://github.com/advisories/GHSA-2f4r-34m4-3w8q

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: Github Advisory Database (Composer)
May 17th, 2025 (19 days ago)

CVE-2025-4391
Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
Description: The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: CRITICAL (9.8)

EPSS Score: 0.2%

Source: CVE
May 17th, 2025 (20 days ago)