Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-46502
WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46499
WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46497
WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46492
WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46481
WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3.

CVSS: HIGH (7.2)

EPSS Score: 0.06%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46478
WordPress Dropdown Content <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content allows Stored XSS. This issue affects Dropdown Content: from n/a through 1.0.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46473
WordPress Social Counter <= 2.0.5 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.

CVSS: HIGH (7.2)

EPSS Score: 0.06%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46466
WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46465
WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS. This issue affects Print Science Designer: from n/a through 1.3.155.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 24th, 2025 (about 1 month ago)

CVE-2025-46457
WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
April 24th, 2025 (about 1 month ago)