Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39556 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39555 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39552 |
Description: Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39549 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget allows Stored XSS. This issue affects Most And Least Read Posts Widget: from n/a through 2.5.20.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39546 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39545 |
Description: Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39543 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a through 1.3.977.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39540 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock allows DOM-Based XSS. This issue affects WP Flipclock: from n/a through 1.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39538 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3.
CVSS: MEDIUM (6.6) EPSS Score: 0.03%
April 16th, 2025 (3 days ago)
|
|
CVE-2025-39531 |
Description: Missing Authorization vulnerability in slazzercom Slazzer Background Changer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Slazzer Background Changer: from n/a through 3.14.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 16th, 2025 (3 days ago)
|