Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39377 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-39360 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-39359 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-32921 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5.
CVSS: HIGH (7.5) EPSS Score: 0.11%
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-24932 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-24926 |
Description: Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.
CVSS: HIGH (7.5) EPSS Score: 33.93% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-1217 |
Description: The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
CVSS: HIGH (7.6) EPSS Score: 0.08% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-3776 |
Description: The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo().
CVSS: HIGH (8.3) EPSS Score: 0.15%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-3607 |
Description: The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-3300 |
Description: The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information.
CVSS: HIGH (7.2) EPSS Score: 0.23%
April 24th, 2025 (about 2 months ago)
|