Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39569
WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39568
WordPress StoreContrl Woocommerce <= 4.1.3 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39567
WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39558
WordPress CRM Perks plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39542
WordPress Xelion Webchat <= 9.1.0 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39535
WordPress Vitepos <= 3.1.7 - Broken Authentication Vulnerability
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39533
WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation. This issue affects Starfish Review Generation & Marketing: from n/a through 3.1.14.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39532
WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39527
WordPress Rating by BestWebSoft <= 1.7 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39526
WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.

CVSS: HIGH (8.1)

EPSS Score: 0.11%

Source: CVE
April 17th, 2025 (1 day ago)