Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2007 |
Description: The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.59%
April 1st, 2025 (about 1 month ago)
|
|
CVE-2025-31625 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31623 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31617 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31616 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31615 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms allows Stored XSS. This issue affects Simple Contact Forms: from n/a through 1.6.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31613 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31585 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n/a through 2.1.8.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31583 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS. This issue affects WP Copy Media URL: from n/a through 2.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|
|
CVE-2025-31570 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (about 1 month ago)
|