Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3812 |
Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.34%
May 17th, 2025 (22 days ago)
|
|
CVE-2025-48146 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48144 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48137 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48136 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48134 |
Description: Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48114 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-48112 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-47693 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-47567 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
May 16th, 2025 (22 days ago)
|