Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3063 |
Description: The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 2nd, 2025 (about 1 month ago)
|
|
CVE-2025-31619 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31594 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31580 |
Description: Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31578 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31571 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31568 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31563 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar allows Stored XSS. This issue affects AI Search Bar: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31561 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31560 |
Description: Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.
CVSS: HIGH (7.2) EPSS Score: 0.05%
April 1st, 2025 (about 1 month ago)
|