Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31065 |
Description: Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-31063 |
Description: Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-31062 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-3516 |
Description: The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-3201 |
Description: The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-4169 |
Description: The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 16th, 2025 (23 days ago)
|
|
CVE-2025-2248 |
Description: The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|
|
CVE-2025-2247 |
Description: The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2025-2203 |
Description: The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: MEDIUM (6.1) EPSS Score: 0.02%
May 15th, 2025 (24 days ago)
|
|
CVE-2025-1454 |
Description: The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 15th, 2025 (24 days ago)
|