Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49236	WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-49235	WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-31025	WordPress Image Hover Effects Block <= 1.4.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-31000	WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6. CVSS: MEDIUM (5.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30997	WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30994	WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30991	WordPress Premium Packages <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30990	WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30986	WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30981	WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14. CVSS: MEDIUM (6.3) Source: CVE June 6th, 2025 (about 14 hours ago)