Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22652
WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1.

CVSS: HIGH (7.6)

EPSS Score: 0.08%

Source: CVE
March 27th, 2025 (25 days ago)

CVE-2025-22628
WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (25 days ago)

CVE-2024-37472
WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.

CVSS: HIGH (7.1)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (25 days ago)

CVE-2025-25100
WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (25 days ago)

CVE-2025-25086
WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (25 days ago)

CVE-2025-30921
WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (26 days ago)

CVE-2025-30919
WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (26 days ago)

CVE-2025-30895
WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 27th, 2025 (26 days ago)

CVE-2025-30891
WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7.

CVSS: HIGH (8.8)

EPSS Score: 0.13%

Source: CVE
March 27th, 2025 (26 days ago)

CVE-2025-30890
WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
March 27th, 2025 (26 days ago)