Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30567 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.
CVSS: HIGH (7.5) EPSS Score: 27.88% SSVC Exploitation: none
March 25th, 2025 (28 days ago)
|
|
CVE-2024-30506 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (28 days ago)
|
|
CVE-2024-30439 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9.
CVSS: HIGH (7.1) EPSS Score: 0.11% SSVC Exploitation: none
March 25th, 2025 (28 days ago)
|
|
CVE-2024-25599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.14% SSVC Exploitation: none
March 25th, 2025 (28 days ago)
|
|
CVE-2024-3474 |
Description: The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVSS: HIGH (8.8) EPSS Score: 0.03% SSVC Exploitation: none
March 25th, 2025 (28 days ago)
|
|
CVE-2025-2319 |
Description: The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 25th, 2025 (28 days ago)
|
|
CVE-2024-13690 |
Description: The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.13%
March 25th, 2025 (28 days ago)
|
|
CVE-2025-30621 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (29 days ago)
|
|
CVE-2025-30620 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (29 days ago)
|
|
CVE-2025-30612 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (29 days ago)
|