Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31542 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro allows Blind SQL Injection. This issue affects My auctions allegro: from n/a through 3.6.20.
CVSS: HIGH (8.5) EPSS Score: 0.03%
March 31st, 2025 (21 days ago)
|
|
CVE-2025-31526 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
CVSS: HIGH (8.5) EPSS Score: 0.03%
March 31st, 2025 (21 days ago)
|
|
CVE-2025-23995 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (21 days ago)
|
|
CVE-2025-31387 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 31st, 2025 (22 days ago)
|
|
CVE-2025-31016 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 31st, 2025 (22 days ago)
|
|
CVE-2025-30855 |
Description: Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
March 31st, 2025 (22 days ago)
|
|
CVE-2025-30835 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 31st, 2025 (22 days ago)
|
|
CVE-2025-2803 |
Description: The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.2%
March 29th, 2025 (24 days ago)
|
|
CVE-2025-2249 |
Description: The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
March 29th, 2025 (24 days ago)
|
|
CVE-2025-2006 |
Description: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.
CVSS: HIGH (8.8) EPSS Score: 0.13%
March 29th, 2025 (24 days ago)
|