Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47648 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway allows Stored XSS. This issue affects Pays – WooCommerce Payment Gateway: from n/a through 2.6.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47643 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47639 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47636 |
Description: Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47629 |
Description: Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1.
CVSS: HIGH (7.2) EPSS Score: 0.04%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47620 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network allows Reflected XSS. This issue affects Martins Free Monetized Ad Exchange Network: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47587 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows Blind SQL Injection. This issue affects YaySMTP: from n/a through 2.6.4.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47546 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress allows Cross Site Request Forgery. This issue affects WP Compress: from n/a through 6.30.30.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47544 |
WordPress Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 7th, 2025 (4 days ago)
|
|
CVE-2025-47538 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 7th, 2025 (4 days ago)
|