Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32205 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30.
CVSS: LOW (2.7) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-31003 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.
CVSS: LOW (2.7) EPSS Score: 0.03%
April 9th, 2025 (10 days ago)
|
|
CVE-2025-30877 |
Description: Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8.
CVSS: LOW (2.7) EPSS Score: 0.03%
March 27th, 2025 (23 days ago)
|
|
CVE-2025-1911 |
Description: The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
CVSS: LOW (2.7) EPSS Score: 0.04%
March 26th, 2025 (24 days ago)
|
|
CVE-2025-1062 |
Description: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (26 days ago)
|
|
CVE-2024-13124 |
Description: The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (26 days ago)
|
|
CVE-2025-1972 |
Description: The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
CVSS: LOW (2.7) EPSS Score: 0.05%
March 22nd, 2025 (28 days ago)
|
|
CVE-2024-13922 |
Description: The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
CVSS: LOW (2.7) EPSS Score: 0.05%
March 20th, 2025 (about 1 month ago)
|
|
CVE-2025-26977 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1.
CVSS: LOW (3.8) EPSS Score: 0.03%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-10545 |
Description: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (3.5) EPSS Score: 0.03%
February 25th, 2025 (about 2 months ago)
|