Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-13793

Description: The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: HIGH (7.3)

EPSS Score: 0.19%

Source: CVE
May 8th, 2025 (about 1 month ago)

CVE-2024-24796

Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1.

CVSS: HIGH (8.2)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2024-23513

Description: Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.

CVSS: HIGH (8.7)

EPSS Score: 0.31%

SSVC Exploitation: none

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2024-23512

Description: Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.

CVSS: HIGH (8.7)

EPSS Score: 0.22%

SSVC Exploitation: none

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2024-0566

Description: The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

CVSS: HIGH (7.2)

EPSS Score: 1.33%

SSVC Exploitation: poc

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2025-47685

Description: Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2025-47683

Description: Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7.

CVSS: HIGH (7.2)

EPSS Score: 0.06%

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2025-47655

Description: Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2025-47653

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
May 7th, 2025 (about 1 month ago)

CVE-2025-47649

Description: Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
May 7th, 2025 (about 1 month ago)