Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-48277
WordPress Cost Calculator Builder <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48276
WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48272
WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability
Description: Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48270
WordPress SKT Blocks <= 2.2 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks allows DOM-Based XSS. This issue affects SKT Blocks: from n/a through 2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48269
WordPress WPAdverts <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48268
WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bot for Telegram on WooCommerce: from n/a through 1.2.6.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48266
WordPress Active Products Tables for WooCommerce <= 1.0.6.8 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored XSS. This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48265
WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48264
WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce allows Cross Site Request Forgery. This issue affects Product Code for WooCommerce: from n/a through 1.5.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (19 days ago)

CVE-2025-48263
WordPress MultiVendorX <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 19th, 2025 (19 days ago)