Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32119 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce allows Blind SQL Injection. This issue affects CardGate Payments for WooCommerce: from n/a through 3.2.1.
CVSS: HIGH (8.2) EPSS Score: 0.03%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32116 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32115 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light allows Reflected XSS. This issue affects Popping Content Light: from n/a through 2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32114 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist 5sterrenspecialist allows Reflected XSS. This issue affects 5sterrenspecialist: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-31524 |
Description: Incorrect Privilege Assignment vulnerability in NotFound WP User Profiles allows Privilege Escalation. This issue affects WP User Profiles: from n/a through 2.6.2.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-30582 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM allows PHP Local File Inclusion. This issue affects DyaPress ERP/CRM: from n/a through 18.0.2.0.
CVSS: HIGH (8.1) EPSS Score: 0.06%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-22279 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-3417 |
Description: The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-2809 |
Description: The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.2%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-2805 |
Description: The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.2%
April 10th, 2025 (11 days ago)
|