Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31460 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31459 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31458 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31449 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter allows Stored XSS. This issue affects The Visitor Counter: from n/a through 1.4.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31444 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow allows Stored XSS. This issue affects ShowTime Slideshow: from n/a through 1.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31443 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It allows Stored XSS. This issue affects KK I Like It: from n/a through 1.7.5.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31440 |
WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use allows Stored XSS. This issue affects Terms of Use: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31435 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster allows Stored XSS. This issue affects Microblog Poster: from n/a through 2.1.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-31432 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop allows PHP Local File Inclusion. This issue affects Pop-Up Chop Chop: from n/a through 2.1.7.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 28th, 2025 (25 days ago)
|
|
CVE-2025-2815 |
Description: The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 28th, 2025 (25 days ago)
|