Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39571 |
Description: Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39565 |
Description: Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0.
CVSS: MEDIUM (6.6) EPSS Score: 0.04%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39564 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.02%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39563 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.02%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39560 |
Description: Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39556 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39555 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39552 |
Description: Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39549 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget allows Stored XSS. This issue affects Most And Least Read Posts Widget: from n/a through 2.5.20.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39546 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
April 16th, 2025 (3 days ago)
|