Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22557
WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publisher Autopilot allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through 2.1.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22556
WordPress Norse Rune Oracle plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Norse Rune Oracle Plugin allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22555
WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoothness Slider Shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through v1.2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22552
WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan Nielsen Affiliate Disclosure Statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through 0.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22548
WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Koenen ldap_login_password_and_role_manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through 1.0.12.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22547
WordPress JK Html To Pdf plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22538
WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22536
WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22533
WordPress WOOEXIM Plugin <= 5.0.0 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WOOEXIM.COM WOOEXIM allows SQL Injection.This issue affects WOOEXIM: from n/a through 5.0.0.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2025-22522
WordPress SingSong plugin <= 1.2 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)