Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31924
WordPress Crafts & Arts <= 2.5 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object Injection. This issue affects Crafts & Arts: from n/a through 2.5.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31913
WordPress Ogami <= 1.53 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami allows PHP Local File Inclusion. This issue affects Ogami: from n/a through 1.53.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31912
WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.1.8.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31636
WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31633
WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a through 1.3.3.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31632
WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31064
WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through 1.1.7.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31060
WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-31053
WordPress KBx Pro Ultimate <= 7.9.8 - Arbitrary File Deletion Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (14 days ago)

CVE-2025-1123
Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email
Description: The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
May 23rd, 2025 (14 days ago)