Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1093 |
Description: The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8)
April 19th, 2025 (about 9 hours ago)
|
|
CVE-2025-3278 |
Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8)
April 19th, 2025 (about 10 hours ago)
|
|
CVE-2025-39471 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-39596 |
Description: Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39595 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39588 |
Description: Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39587 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39551 |
Description: Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39550 |
Description: Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-39436 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.
CVSS: CRITICAL (9.1) EPSS Score: 0.04% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|