Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-28989	WordPress Read More Login <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3. CVSS: MEDIUM (5.9) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-28985	WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-28984	WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-28952	WordPress CubePoints <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-27360	WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-27359	WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-27334	WordPress Simple Google Static Map <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1. CVSS: MEDIUM (6.5) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-26593	WordPress FastBook <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1. CVSS: MEDIUM (4.3) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-24778	WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)
CVE-2025-24776	WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability Description: Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0. CVSS: MEDIUM (5.4) Source: CVE June 6th, 2025 (about 14 hours ago)