Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-30980	WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30978	WordPress Slack Notifications by dorzki <= 2.0.7 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30977	WordPress WP Live Chat + Chatbots Plugin for WordPress – Chaport <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress – Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress – Chaport: from n/a through 1.1.5. CVSS: MEDIUM (5.9) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30976	WordPress Nexa Blocks <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0. CVSS: MEDIUM (4.9) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30974	WordPress Post Grid Master <= 3.4.13 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30968	WordPress Advanced Post List <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30958	WordPress onOffice for WP-Websites <= 5.7 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects onOffice for WP-Websites: from n/a through 5.7. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30957	WordPress Activity Plus Reloaded for BuddyPress <= 1.1.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30956	WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-30954	WordPress WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirection Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0. CVSS: MEDIUM (4.7) Source: CVE June 6th, 2025 (about 14 hours ago)