Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31087 |
Description: Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31084 |
Description: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30971 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30911 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
CVSS: CRITICAL (9.9) EPSS Score: 0.22%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30886 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30876 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads allows SQL Injection. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-30622 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash allows SQL Injection. This issue affects PostMash: from n/a through 1.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-2266 |
Description: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
March 29th, 2025 (21 days ago)
|
|
CVE-2025-22526 |
Description: Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
March 28th, 2025 (22 days ago)
|
|
CVE-2025-22523 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
March 28th, 2025 (22 days ago)
|