Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26954
WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect allows Reflected XSS. This issue affects ZooEffect: from n/a through 1.11.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26944
WordPress JetPopup <= 2.0.11 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in NotFound JetPopup allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetPopup: from n/a through 2.0.11.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26942
WordPress JetTricks <= 1.5.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in NotFound JetTricks allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetTricks: from n/a through 1.5.1.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26894
WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. This issue affects Coming Soon, Maintenance Mode: from n/a through 1.1.1.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26889
WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows PHP Local File Inclusion. This issue affects hockeydata LOS: from n/a through 1.2.4.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26743
WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS. This issue affects Advance WP Query Search Filter: from n/a through 1.0.10.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-26741
WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability
Description: Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (5 days ago)

CVE-2025-32929
WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability
Description: Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-26992
WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.8.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (6 days ago)

CVE-2025-3575
Insecure Direct Object Reference en Deporsite de T-INNOVA
Description: Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (6 days ago)