Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31015
WordPress WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.

CVSS: HIGH (7.5)

EPSS Score: 0.11%

Source: CVE
April 11th, 2025 (about 2 months ago)

CVE-2025-31014
WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
April 11th, 2025 (about 2 months ago)
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
🚨 Marked as known exploited on April 11th, 2025 (about 2 months ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

CVSS: HIGH (8.1)

EPSS Score: 0.14%

Source: TheHackerNews
April 11th, 2025 (about 2 months ago)

CVE-2024-29790
WordPress Squirrly SEO plugin <= 12.3.16 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.

CVSS: HIGH (7.1)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (about 2 months ago)

CVE-2024-29759
WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

CVSS: HIGH (7.1)

EPSS Score: 0.11%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (about 2 months ago)

CVE-2024-27994
WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.

CVSS: HIGH (7.1)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (about 2 months ago)

CVE-2024-27195
WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (about 2 months ago)

CVE-2024-1685
The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via...
Description: The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVSS: HIGH (8.8)

EPSS Score: 0.56%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (about 2 months ago)

CVE-2025-27350
WordPress Vice Versa plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 10th, 2025 (2 months ago)

CVE-2025-32687
WordPress Review Stars Count For WooCommerce <= 2.0 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
April 10th, 2025 (2 months ago)