Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39449
WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-39447
WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-39446
WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-27010
WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability
Description: Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.

CVSS: HIGH (8.1)

EPSS Score: 0.06%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-26997
WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-26735
WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-43840
WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-43833
WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-39396
WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-47576
WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5.

CVSS: HIGH (8.8)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
May 19th, 2025 (19 days ago)