Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30858 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 3rd, 2025 (18 days ago)
|
|
CVE-2025-30616 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 3rd, 2025 (18 days ago)
|
|
CVE-2025-30611 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 3rd, 2025 (18 days ago)
|
|
CVE-2025-3063 |
Description: The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 2nd, 2025 (19 days ago)
|
|
CVE-2025-31619 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31594 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31580 |
Description: Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31578 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31571 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (20 days ago)
|
|
CVE-2025-31568 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (20 days ago)
|