Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31928 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support allows SQL Injection. This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through 2.6.0.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-31926 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player allows SQL Injection. This issue affects Sticky Radio Player: from n/a through 3.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-31922 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-31641 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider allows SQL Injection. This issue affects UberSlider: from n/a through 2.3.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-31640 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2025-31637 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (22 days ago)
|
|
CVE-2024-9831 |
Description: The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: HIGH (7.2) EPSS Score: 0.03%
May 15th, 2025 (23 days ago)
|
|
CVE-2024-8699 |
Description: The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 15th, 2025 (23 days ago)
|
|
CVE-2024-8009 |
Description: The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 15th, 2025 (23 days ago)
|
|
CVE-2024-7762 |
Description: The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 15th, 2025 (23 days ago)
|