Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-48116
WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-48115
WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-48113
WordPress Broadstreet <= 1.51.8 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-48080
WordPress Uncanny Toolkit for LearnDash <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-48079
WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-47564
WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-47563
WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability
Description: Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-47562
WordPress MapSVG <= 8.5.34 - Content Injection Vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection. This issue affects MapSVG: from n/a through 8.5.34.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-47560
WordPress MapSVG plugin <= 8.5.32 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in RomanCode MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG: from n/a through 8.5.32.

CVSS: MEDIUM (5.0)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (23 days ago)

CVE-2025-47557
WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG allows Stored XSS. This issue affects MapSVG: from n/a through 8.5.31.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (23 days ago)