Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22755 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Bavington WP Headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through 0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22754 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Center for Internet & Society Amber allows Reflected XSS.This issue affects Amber: from n/a through 1.4.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22753 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dueclic turboSMTP allows Reflected XSS.This issue affects turboSMTP: from n/a through 4.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22752 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11.
CVSS: HIGH (7.1) EPSS Score: 0.05%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22751 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Digital Partners allows Reflected XSS.This issue affects Partners: from n/a through 0.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22750 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel Post Carousel & Slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through 1.0.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22736 |
Description: Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2025-22317 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2024-13351 |
Description: The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 16th, 2025 (3 months ago)
|
|
CVE-2024-11848 |
Description: The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 16th, 2025 (3 months ago)
|