Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31407 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
April 4th, 2025 (16 days ago)
|
|
CVE-2025-31381 |
Description: Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 4th, 2025 (16 days ago)
|
|
CVE-2025-22285 |
Description: Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 4th, 2025 (16 days ago)
|
|
CVE-2025-22281 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joshix Simplish allows Stored XSS.This issue affects Simplish: from n/a through 2.6.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 4th, 2025 (16 days ago)
|
|
CVE-2025-31421 |
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0.
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
April 4th, 2025 (16 days ago)
|
|
CVE-2025-2797 |
Description: The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approve registration for any user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (5.4) EPSS Score: 0.01%
April 4th, 2025 (17 days ago)
|
|
CVE-2025-2279 |
Description: The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 4th, 2025 (17 days ago)
|
|
CVE-2025-2836 |
Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
April 4th, 2025 (17 days ago)
|
|
CVE-2024-13898 |
Description: The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (4.4) EPSS Score: 0.03%
April 4th, 2025 (17 days ago)
|
|
CVE-2025-31896 |
Description: Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 3rd, 2025 (17 days ago)
|