Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-46451
WordPress Floating Social Bar <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar allows Stored XSS. This issue affects Floating Social Bar: from n/a through 1.1.7.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46447
WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46445
WordPress External Markdown <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46443
WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46438
WordPress GTDB Guitar Tuners <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46436
WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.01%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46261
WordPress Seriously Simple Podcasting plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-46260
WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-39404
WordPress Sassy Social Share plugin <= 3.3.73 - Open Redirection vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)

CVE-2025-39390
WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
April 24th, 2025 (6 days ago)