Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39461
WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache allows PHP Local File Inclusion. This issue affects Docket Cache: from n/a through 24.07.02.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39455
WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39452
WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39442
WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39441
WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39440
WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39435
WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39433
WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39432
WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)

CVE-2025-39431
WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (1 day ago)