Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47491 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery. This issue affects Contact Form Widget: from n/a through 1.4.6.
CVSS: HIGH (7.4) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47490 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail allows SQL Injection. This issue affects Ultimate WP Mail: from n/a through 1.3.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47462 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58.
CVSS: HIGH (8.8) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47460 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce allows SQL Injection. This issue affects TrackShip for WooCommerce: from n/a through 1.9.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47440 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts allows PHP Local File Inclusion. This issue affects WPAdverts: from n/a through 2.2.2.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47439 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor allows PHP Local File Inclusion. This issue affects Download Monitor: from n/a through 5.0.22.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-4335 |
Description: The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-3921 |
Description: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0.
CVSS: HIGH (8.2) EPSS Score: 0.07%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-3852 |
Description: The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: HIGH (8.8) EPSS Score: 0.05%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-0856 |
Description: The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.
CVSS: HIGH (7.3) EPSS Score: 0.09%
May 6th, 2025 (about 1 month ago)
|