Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24636
WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-24587
WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Blind SQL Injection. This issue affects Email Subscription Popup: from n/a through 1.2.23.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-24570
WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-24562
WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-24561
WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-24555
WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-23889
WordPress FooGallery Captions Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-23888
WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: from n/a through 0.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-23427
WordPress Redux Converter plugin <= 1.1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dovy Paukstys Redux Converter allows Reflected XSS. This issue affects Redux Converter: from n/a through 1.1.3.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)

CVE-2025-23422
WordPress Store Locator plugin <= 3.98.10 - Local File Inclusion vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (3 months ago)