Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13452
Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action
Description: The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (4 days ago)

CVE-2025-30982
WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-30966
WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability
Description: Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.

CVSS: MEDIUM (5.4)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26998
WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26996
WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26951
WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26950
WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26934
WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26930
WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-26919
WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá allows Stored XSS. This issue affects Tainá: from n/a through 0.2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)